New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Native 64-bit builds #209

Open
wants to merge 46 commits into
from

Conversation

Projects
None yet
3 participants
@earl
Contributor

earl commented Mar 10, 2014

This set of changes introduces a working native 64-bit Linux build target (0.4.40).

This is primarily the prior work of Shixin Zeng (@zsx, see #142) and Ladislav Mecir (@ladislav, see #178) but minimally restructured and rebased on top of current master.

zsx and others added some commits Jul 22, 2013

Return uintptr_t from RL_Series
Because it could also return a pointer
Change type of Stack_Limit to uintptr_t
because it can be used as an address
Rearrange for better alignment
i64 needs to be 8-byte aligned
Add a FIXME in comment
if the length is not the multiple of wide, the size will not be
recovered in Free_Series_Data.
Shut off the compiler complain
This also makes it possible to save 64-bit integers as gob data on 64-bit systems
Change all unsigned long to SHA_LONG for 64-bit systems
where SHA_LONG is defined as u32. This fixes the problem that checksum
differs every time.
Pass NULL as the pointer instead of 0
0 is a 32-bit integer, and NULL on x64 should be 64-bit, this leads to a
crash with the following code:

do http://www.rebol.com/speed.r ;this runs fine
do http://www.rebol.com/speed.r ;this crashes the interprator
Fix the size of the REBCNT
it's a 32-bit integer, so it takes 8 hex characters.
Rename Bytes_To_Long to Bytes_To_REBCNT to match the implementation
and Long_To_Bytes to REBCNT_To_Bytes.

REBCNT has a fix size of 32-bit, while Long doesn't.
Correct the type of size
REBCNT could have different size from uLongf, so dereference a REBCNT
pointer with uLongf type could cause a segment fault
Clean the memory of a newly created node
When the node is allocated from the system pool, it's memset to zero,
but not if it's allocated from one of the memory pools
Fix a crash on 64-bit systems
Word hashes are supposed to be an array of 32-bit integers (See
Make_Word in c-word.c). A mismatch between Init_Words and Expand_Hash
makes it crash when it clearing new hashes (trying to clear more space
than it allocates). To make it obvious, change WORD_TABLE_SIZE to 1 at
the beginning of c-word.c
@earl

This comment has been minimized.

Show comment
Hide comment
@earl

earl Mar 11, 2014

Contributor

Test results:

Platform Code Result Binary
OSX x86 2.5 No regressions r3-osx-x86-g22b126b
Win32 x86 3.1 No regressions r3-win32-x86-g22b126b.exe
Linux x86 4.4 No regressions r3-linux-x86-g22b126b
Linux ARMhf 4.20 No regressions r3-linux-armhf-g22b126b
Linux x64 4.40 No regressions (over Linux x86) r3-linux-x64-g22b126b
Haiku x86 5.75 No regressions r3-haiku-x86-g22b126b
Contributor

earl commented Mar 11, 2014

Test results:

Platform Code Result Binary
OSX x86 2.5 No regressions r3-osx-x86-g22b126b
Win32 x86 3.1 No regressions r3-win32-x86-g22b126b.exe
Linux x86 4.4 No regressions r3-linux-x86-g22b126b
Linux ARMhf 4.20 No regressions r3-linux-armhf-g22b126b
Linux x64 4.40 No regressions (over Linux x86) r3-linux-x64-g22b126b
Haiku x86 5.75 No regressions r3-haiku-x86-g22b126b

zsx added a commit to zsx/r3 that referenced this pull request May 13, 2014

Do not increase tail before extension
It will confuse Expand_Series expects "tail" to be the actual size, and
cause a read beyond the allocated memory, or heap buffer overflow found
by address sanitizer of GCC:
=================================================================
==10856==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62a00000b201 at pc 0x47df61 bp 0x7fffffff2ca0 sp 0x7fffffff2c98
READ of size 1 at 0x62a00000b201 thread T0
    #0 0x47df60 in Expand_Series ../src/core/m-series.c:145
    #1 0x47e5a7 in Extend_Series ../src/core/m-series.c:187
    #2 0x466e0c in Scan_Quote ../src/core/l-scan.c:462
    #3 0x46a797 in Scan_Token ../src/core/l-scan.c:918
    #4 0x46e263 in Scan_Block ../src/core/l-scan.c:1188
    #5 0x46e722 in Scan_Code ../src/core/l-scan.c:1548
    #6 0x46e886 in Scan_Source ../src/core/l-scan.c:1568
    #7 0x4cb85c in Make_Block_Type ../src/core/t-block.c:306
    #8 0x4cd1b8 in T_Block ../src/core/t-block.c:608
    #9 0x4d042e in T_Datatype ../src/core/t-datatype.c:92
    #10 0x42e080 in Do_Act ../src/core/c-function.c:338
    #11 0x42e7e5 in Do_Action ../src/core/c-function.c:396
    #12 0x413628 in Do_Next ../src/core/c-do.c:884
    #13 0x41309b in Do_Next ../src/core/c-do.c:858
    #14 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #15 0x482dd2 in N_case ../src/core/n-control.c:349
    #16 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #17 0x413628 in Do_Next ../src/core/c-do.c:884
    #18 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #19 0x42e869 in Do_Function ../src/core/c-function.c:415
    #20 0x413628 in Do_Next ../src/core/c-do.c:884
    #21 0x41309b in Do_Next ../src/core/c-do.c:858
    #22 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #23 0x42e869 in Do_Function ../src/core/c-function.c:415
    #24 0x413628 in Do_Next ../src/core/c-do.c:884
    #25 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #26 0x414152 in Do_Next ../src/core/c-do.c:939
    #27 0x48201c in N_all ../src/core/n-control.c:261
    #28 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #29 0x413628 in Do_Next ../src/core/c-do.c:884
    #30 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #31 0x491abc in Loop_Each ../src/core/n-loop.c:410
    #32 0x492a6c in N_foreach ../src/core/n-loop.c:546
    #33 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #34 0x413628 in Do_Next ../src/core/c-do.c:884
    #35 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #36 0x42e869 in Do_Function ../src/core/c-function.c:415
    #37 0x413628 in Do_Next ../src/core/c-do.c:884
    #38 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #39 0x414152 in Do_Next ../src/core/c-do.c:939
    #40 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #41 0x48459c in N_if ../src/core/n-control.c:619
    #42 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #43 0x413628 in Do_Next ../src/core/c-do.c:884
    #44 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #45 0x491abc in Loop_Each ../src/core/n-loop.c:410
    #46 0x492a6c in N_foreach ../src/core/n-loop.c:546
    #47 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #48 0x413628 in Do_Next ../src/core/c-do.c:884
    #49 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #50 0x42e869 in Do_Function ../src/core/c-function.c:415
    #51 0x418fb4 in Apply_Block ../src/core/c-do.c:1474
    #52 0x4824fb in N_apply ../src/core/n-control.c:295
    #53 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #54 0x413628 in Do_Next ../src/core/c-do.c:884
    #55 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #56 0x414152 in Do_Next ../src/core/c-do.c:939
    #57 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #58 0x485388 in N_unless ../src/core/n-control.c:763
    #59 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #60 0x413628 in Do_Next ../src/core/c-do.c:884
    #61 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #62 0x483eff in N_do ../src/core/n-control.c:523
    #63 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #64 0x413628 in Do_Next ../src/core/c-do.c:884
    #65 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #66 0x414152 in Do_Next ../src/core/c-do.c:939
    #67 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #68 0x48459c in N_if ../src/core/n-control.c:619
    #69 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #70 0x413628 in Do_Next ../src/core/c-do.c:884
    #71 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #72 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130
    #73 0x49314d in N_repeat ../src/core/n-loop.c:631
    #74 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #75 0x413628 in Do_Next ../src/core/c-do.c:884
    #76 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #77 0x42ee10 in Do_Closure ../src/core/c-function.c:459
    #78 0x413628 in Do_Next ../src/core/c-do.c:884
    #79 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #80 0x485388 in N_unless ../src/core/n-control.c:763
    #81 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #82 0x413628 in Do_Next ../src/core/c-do.c:884
    #83 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #84 0x42e869 in Do_Function ../src/core/c-function.c:415
    #85 0x418fb4 in Apply_Block ../src/core/c-do.c:1474
    #86 0x4824fb in N_apply ../src/core/n-control.c:295
    #87 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #88 0x413628 in Do_Next ../src/core/c-do.c:884
    #89 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #90 0x414152 in Do_Next ../src/core/c-do.c:939
    #91 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #92 0x485388 in N_unless ../src/core/n-control.c:763
    #93 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #94 0x413628 in Do_Next ../src/core/c-do.c:884
    #95 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #96 0x483eff in N_do ../src/core/n-control.c:523
    #97 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #98 0x413628 in Do_Next ../src/core/c-do.c:884
    #99 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #100 0x414152 in Do_Next ../src/core/c-do.c:939
    #101 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #102 0x48459c in N_if ../src/core/n-control.c:619
    #103 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #104 0x413628 in Do_Next ../src/core/c-do.c:884
    #105 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #106 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130
    #107 0x49314d in N_repeat ../src/core/n-loop.c:631
    #108 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #109 0x413628 in Do_Next ../src/core/c-do.c:884
    #110 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #111 0x42ee10 in Do_Closure ../src/core/c-function.c:459
    #112 0x413628 in Do_Next ../src/core/c-do.c:884
    #113 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #114 0x485388 in N_unless ../src/core/n-control.c:763
    #115 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #116 0x413628 in Do_Next ../src/core/c-do.c:884
    #117 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #118 0x42e869 in Do_Function ../src/core/c-function.c:415
    #119 0x413628 in Do_Next ../src/core/c-do.c:884
    #120 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #121 0x484cf1 in N_switch ../src/core/n-control.c:716
    #122 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #123 0x413628 in Do_Next ../src/core/c-do.c:884
    #124 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #125 0x42e869 in Do_Function ../src/core/c-function.c:415
    #126 0x413628 in Do_Next ../src/core/c-do.c:884
    #127 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #128 0x48459c in N_if ../src/core/n-control.c:619
    #129 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #130 0x413628 in Do_Next ../src/core/c-do.c:884
    #131 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #132 0x42e869 in Do_Function ../src/core/c-function.c:415
    #133 0x413628 in Do_Next ../src/core/c-do.c:884
    #134 0x41309b in Do_Next ../src/core/c-do.c:858
    #135 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #136 0x484280 in N_either ../src/core/n-control.c:595
    #137 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #138 0x413628 in Do_Next ../src/core/c-do.c:884
    #139 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #140 0x42e869 in Do_Function ../src/core/c-function.c:415
    #141 0x419631 in Apply_Function ../src/core/c-do.c:1518
    #142 0x419918 in Apply_Func ../src/core/c-do.c:1545
    #143 0x48d102 in N_wake_up ../src/core/n-io.c:415
    #144 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #145 0x413628 in Do_Next ../src/core/c-do.c:884
    #146 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #147 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #148 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #149 0x492b66 in N_loop ../src/core/n-loop.c:590
    #150 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #151 0x413628 in Do_Next ../src/core/c-do.c:884
    #152 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #153 0x42e869 in Do_Function ../src/core/c-function.c:415
    #154 0x419631 in Apply_Function ../src/core/c-do.c:1518
    #155 0x419918 in Apply_Func ../src/core/c-do.c:1545
    #156 0x42fef7 in Awake_System ../src/core/c-port.c:198
    #157 0x43012a in Wait_Ports ../src/core/c-port.c:231
    #158 0x48cd62 in N_wait ../src/core/n-io.c:374
    #159 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #160 0x413628 in Do_Next ../src/core/c-do.c:884
    #161 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #162 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #163 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #164 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #165 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #166 0x4929a7 in N_forever ../src/core/n-loop.c:527
    #167 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #168 0x413628 in Do_Next ../src/core/c-do.c:884
    #169 0x4152ff in Try_Block ../src/core/c-do.c:1077
    #170 0x48507e in N_try ../src/core/n-control.c:740
    #171 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #172 0x413628 in Do_Next ../src/core/c-do.c:884
    #173 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #174 0x414152 in Do_Next ../src/core/c-do.c:939
    #175 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #176 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #177 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #178 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #179 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #180 0x42e869 in Do_Function ../src/core/c-function.c:415
    #181 0x413628 in Do_Next ../src/core/c-do.c:884
    #182 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #183 0x48459c in N_if ../src/core/n-control.c:619
    #184 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #185 0x413628 in Do_Next ../src/core/c-do.c:884
    #186 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #187 0x42e869 in Do_Function ../src/core/c-function.c:415
    #188 0x413628 in Do_Next ../src/core/c-do.c:884
    #189 0x41309b in Do_Next ../src/core/c-do.c:858
    #190 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #191 0x42e869 in Do_Function ../src/core/c-function.c:415
    #192 0x413628 in Do_Next ../src/core/c-do.c:884
    #193 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #194 0x42e869 in Do_Function ../src/core/c-function.c:415
    #195 0x413628 in Do_Next ../src/core/c-do.c:884
    #196 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #197 0x414152 in Do_Next ../src/core/c-do.c:939
    #198 0x48201c in N_all ../src/core/n-control.c:261
    #199 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #200 0x413628 in Do_Next ../src/core/c-do.c:884
    #201 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #202 0x491abc in Loop_Each ../src/core/n-loop.c:410
    #203 0x492a6c in N_foreach ../src/core/n-loop.c:546
    #204 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #205 0x413628 in Do_Next ../src/core/c-do.c:884
    #206 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #207 0x42e869 in Do_Function ../src/core/c-function.c:415
    #208 0x413628 in Do_Next ../src/core/c-do.c:884
    #209 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #210 0x485388 in N_unless ../src/core/n-control.c:763
    #211 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #212 0x413628 in Do_Next ../src/core/c-do.c:884
    #213 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #214 0x42e869 in Do_Function ../src/core/c-function.c:415
    #215 0x413628 in Do_Next ../src/core/c-do.c:884
    #216 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #217 0x48459c in N_if ../src/core/n-control.c:619
    #218 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #219 0x413628 in Do_Next ../src/core/c-do.c:884
    #220 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #221 0x42ee10 in Do_Closure ../src/core/c-function.c:459
    #222 0x413628 in Do_Next ../src/core/c-do.c:884
    #223 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #224 0x414152 in Do_Next ../src/core/c-do.c:939
    #225 0x48201c in N_all ../src/core/n-control.c:261
    #226 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #227 0x413628 in Do_Next ../src/core/c-do.c:884
    #228 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #229 0x491abc in Loop_Each ../src/core/n-loop.c:410
    #230 0x492a6c in N_foreach ../src/core/n-loop.c:546
    #231 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #232 0x413628 in Do_Next ../src/core/c-do.c:884
    #233 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #234 0x42e869 in Do_Function ../src/core/c-function.c:415
    #235 0x413628 in Do_Next ../src/core/c-do.c:884
    #236 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #237 0x48459c in N_if ../src/core/n-control.c:619
    #238 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #239 0x413628 in Do_Next ../src/core/c-do.c:884
    #240 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #241 0x42e869 in Do_Function ../src/core/c-function.c:415
    #242 0x413628 in Do_Next ../src/core/c-do.c:884
    #243 0x41309b in Do_Next ../src/core/c-do.c:858
    #244 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #245 0x42e869 in Do_Function ../src/core/c-function.c:415
    #246 0x413628 in Do_Next ../src/core/c-do.c:884
    #247 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #248 0x48459c in N_if ../src/core/n-control.c:619
    #249 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #250 0x413628 in Do_Next ../src/core/c-do.c:884
    #251 0x414825 in Do_Blk ../src/core/c-do.c:1010

0x62a00000b201 is located 1 bytes to the right of 20480-byte region [0x62a000006200,0x62a00000b200)
allocated by thread T0 here:
    #0 0x7ffff6f58b1f in malloc (/usr/lib/libasan.so.1+0x54b1f)
    #1 0x47924a in Make_Mem ../src/core/m-pools.c:121
    #2 0x47a9ff in Make_Series ../src/core/m-pools.c:406
    #3 0x4aee84 in Make_Unicode ../src/core/s-make.c:59
    #4 0x4bb797 in Init_Mold ../src/core/s-mold.c:1425
    #5 0x40da64 in Init_Core ../src/core/b-init.c:940
    #6 0x4055e0 in RL_Init ../src/core/a-lib.c:124
    #7 0x580aa2 in main ../src/os/host-main.c:154
    #8 0x7ffff5719fff in __libc_start_main (/usr/lib/libc.so.6+0x1ffff)

SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/core/m-series.c:145 Expand_Series
Shadow bytes around the buggy address:
  0x0c547fff95f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fff9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fff9610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fff9620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fff9630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c547fff9640:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:
@earl

This comment has been minimized.

Show comment
Hide comment
@earl

earl Nov 7, 2014

Contributor

Updated builds & test results:

Platform Code Result Binary
OSX x64 2.5 No regressions (over OSX x86) r3-osx-x64-gbf237fc
Linux x64 4.40 No regressions (over Linux x86) r3-linux-x64-gbf237fc
FreeBSD x64 7.40 No regressions (over FreeBSD x86) r3-freebsd-x64-gbf237fc
Contributor

earl commented Nov 7, 2014

Updated builds & test results:

Platform Code Result Binary
OSX x64 2.5 No regressions (over OSX x86) r3-osx-x64-gbf237fc
Linux x64 4.40 No regressions (over Linux x86) r3-linux-x64-gbf237fc
FreeBSD x64 7.40 No regressions (over FreeBSD x86) r3-freebsd-x64-gbf237fc
@zsx

This comment has been minimized.

Show comment
Hide comment
@zsx

zsx Dec 10, 2014

This one is also needed for 64-bit: zsx@11a9478

zsx commented Dec 10, 2014

This one is also needed for 64-bit: zsx@11a9478

@zsx

This comment has been minimized.

Show comment
Hide comment
@zsx

zsx Dec 10, 2014

and this one: zsx@c26cc2b

zsx commented Dec 10, 2014

and this one: zsx@c26cc2b

earl added a commit to rebolsource/r3 that referenced this pull request Jan 14, 2015

Merge pull request rebol/rebol#209 (earl/64b-for-mainline) into commu…
…nity

* earl/64b-for-mainline: (43 commits)
  Add platform 0.7.40: FreeBSD 64-bit x86-64
  Fix 32-bit type used in MD5
  Add platform 0.2.40: OSX 64-bit x86-64
  Fix 32-bit type used in JPEG lib
  Fix a crash on 64-bit systems
  Amend RGB conversion
  Simplify conversion from REBYTE* to REBCNT
  Adjust gob pointer handling for Win64
  Adjust for LLP64 systems such as 64-bit Windows
  Reserve platform code 0.3.3 for win32-x64
  Do not assume REBVAL to be 16 bytes long
  Adjust padding
  Amend sizeof asserts
  Use REBIPT/REBUPT: remove custom [u]intptr_t definitions
  Use REBIPT/REBUPT: use REBUPT instead of intptr_t
  Use REBIPT/REBUPT: use REBUPT instead of REBU64
  Use REBIPT/REBUPT: use REBCNT & REBUPT
  Use REBIPT/REBUPT: use REBIPT
  Use REBIPT/REBUPT: use REBUPT instead of unsigned long
  Use REBIPT/REBUPT: use REBUPT instead of uintptr_t
  ...

Conflicts:
	src/boot/platforms.r
	src/core/f-math.c

earl and others added some commits Jan 19, 2015

Fix vector! for 64-bit systems
>> a: make vector! [integer! 32 10]

only half of it gets initialized.

There should be a way to show memory overlapping problem, but I just
failed to find one
@earl

This comment has been minimized.

Show comment
Hide comment
@earl

earl Jan 25, 2015

Contributor

Incorporated the second fix mentioned by Shixin (the vector! fix) and an alignment improvement (which also satisfies valgrind on a "Hello, World!" example).

The first fix mentioned by Shixing is not strictly 64-bit related (though it shows on some 64-bit builds), so I think we'll better leave that to a separate pull.

Contributor

earl commented Jan 25, 2015

Incorporated the second fix mentioned by Shixin (the vector! fix) and an alignment improvement (which also satisfies valgrind on a "Hello, World!" example).

The first fix mentioned by Shixing is not strictly 64-bit related (though it shows on some 64-bit builds), so I think we'll better leave that to a separate pull.

earl added a commit to rebolsource/r3 that referenced this pull request Jan 25, 2015

Merge pull request rebol/rebol#209 (earl/64b-for-mainline) into commu…
…nity

* earl/64b-for-mainline:
  Fix vector! for 64-bit systems
  Naturally align Reb_Series fields
@zsx

This comment has been minimized.

Show comment
Hide comment
@zsx

zsx Jan 26, 2015

Can we just reorder the field? Reb_Series_Ref might need the same fixe.

zsx commented on ab569d9 Jan 26, 2015

Can we just reorder the field? Reb_Series_Ref might need the same fixe.

zsx referenced this pull request in metaeducation/ren-c Jun 21, 2015

Do not increase tail before extension
It will confuse Expand_Series expects "tail" to be the actual size, and
cause a read beyond the allocated memory, or heap buffer overflow found
by address sanitizer of GCC:
=================================================================
==10856==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62a00000b201 at pc 0x47df61 bp 0x7fffffff2ca0 sp 0x7fffffff2c98
READ of size 1 at 0x62a00000b201 thread T0
    #0 0x47df60 in Expand_Series ../src/core/m-series.c:145
    #1 0x47e5a7 in Extend_Series ../src/core/m-series.c:187
    #2 0x466e0c in Scan_Quote ../src/core/l-scan.c:462
    #3 0x46a797 in Scan_Token ../src/core/l-scan.c:918
    #4 0x46e263 in Scan_Block ../src/core/l-scan.c:1188
    #5 0x46e722 in Scan_Code ../src/core/l-scan.c:1548
    #6 0x46e886 in Scan_Source ../src/core/l-scan.c:1568
    #7 0x4cb85c in Make_Block_Type ../src/core/t-block.c:306
    #8 0x4cd1b8 in T_Block ../src/core/t-block.c:608
    #9 0x4d042e in T_Datatype ../src/core/t-datatype.c:92
    #10 0x42e080 in Do_Act ../src/core/c-function.c:338
    #11 0x42e7e5 in Do_Action ../src/core/c-function.c:396
    #12 0x413628 in Do_Next ../src/core/c-do.c:884
    #13 0x41309b in Do_Next ../src/core/c-do.c:858
    #14 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #15 0x482dd2 in N_case ../src/core/n-control.c:349
    #16 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #17 0x413628 in Do_Next ../src/core/c-do.c:884
    #18 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #19 0x42e869 in Do_Function ../src/core/c-function.c:415
    #20 0x413628 in Do_Next ../src/core/c-do.c:884
    #21 0x41309b in Do_Next ../src/core/c-do.c:858
    #22 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #23 0x42e869 in Do_Function ../src/core/c-function.c:415
    #24 0x413628 in Do_Next ../src/core/c-do.c:884
    #25 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #26 0x414152 in Do_Next ../src/core/c-do.c:939
    #27 0x48201c in N_all ../src/core/n-control.c:261
    #28 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #29 0x413628 in Do_Next ../src/core/c-do.c:884
    #30 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #31 0x491abc in Loop_Each ../src/core/n-loop.c:410
    #32 0x492a6c in N_foreach ../src/core/n-loop.c:546
    #33 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #34 0x413628 in Do_Next ../src/core/c-do.c:884
    #35 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #36 0x42e869 in Do_Function ../src/core/c-function.c:415
    #37 0x413628 in Do_Next ../src/core/c-do.c:884
    #38 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #39 0x414152 in Do_Next ../src/core/c-do.c:939
    #40 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #41 0x48459c in N_if ../src/core/n-control.c:619
    #42 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #43 0x413628 in Do_Next ../src/core/c-do.c:884
    #44 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #45 0x491abc in Loop_Each ../src/core/n-loop.c:410
    #46 0x492a6c in N_foreach ../src/core/n-loop.c:546
    #47 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #48 0x413628 in Do_Next ../src/core/c-do.c:884
    #49 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #50 0x42e869 in Do_Function ../src/core/c-function.c:415
    #51 0x418fb4 in Apply_Block ../src/core/c-do.c:1474
    #52 0x4824fb in N_apply ../src/core/n-control.c:295
    #53 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #54 0x413628 in Do_Next ../src/core/c-do.c:884
    #55 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #56 0x414152 in Do_Next ../src/core/c-do.c:939
    #57 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #58 0x485388 in N_unless ../src/core/n-control.c:763
    #59 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #60 0x413628 in Do_Next ../src/core/c-do.c:884
    #61 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #62 0x483eff in N_do ../src/core/n-control.c:523
    #63 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #64 0x413628 in Do_Next ../src/core/c-do.c:884
    #65 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #66 0x414152 in Do_Next ../src/core/c-do.c:939
    #67 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #68 0x48459c in N_if ../src/core/n-control.c:619
    #69 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #70 0x413628 in Do_Next ../src/core/c-do.c:884
    #71 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #72 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130
    #73 0x49314d in N_repeat ../src/core/n-loop.c:631
    #74 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #75 0x413628 in Do_Next ../src/core/c-do.c:884
    #76 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #77 0x42ee10 in Do_Closure ../src/core/c-function.c:459
    #78 0x413628 in Do_Next ../src/core/c-do.c:884
    #79 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #80 0x485388 in N_unless ../src/core/n-control.c:763
    #81 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #82 0x413628 in Do_Next ../src/core/c-do.c:884
    #83 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #84 0x42e869 in Do_Function ../src/core/c-function.c:415
    #85 0x418fb4 in Apply_Block ../src/core/c-do.c:1474
    #86 0x4824fb in N_apply ../src/core/n-control.c:295
    #87 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #88 0x413628 in Do_Next ../src/core/c-do.c:884
    #89 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #90 0x414152 in Do_Next ../src/core/c-do.c:939
    #91 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #92 0x485388 in N_unless ../src/core/n-control.c:763
    #93 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #94 0x413628 in Do_Next ../src/core/c-do.c:884
    #95 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #96 0x483eff in N_do ../src/core/n-control.c:523
    #97 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #98 0x413628 in Do_Next ../src/core/c-do.c:884
    #99 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #100 0x414152 in Do_Next ../src/core/c-do.c:939
    #101 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #102 0x48459c in N_if ../src/core/n-control.c:619
    #103 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #104 0x413628 in Do_Next ../src/core/c-do.c:884
    #105 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #106 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130
    #107 0x49314d in N_repeat ../src/core/n-loop.c:631
    #108 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #109 0x413628 in Do_Next ../src/core/c-do.c:884
    #110 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #111 0x42ee10 in Do_Closure ../src/core/c-function.c:459
    #112 0x413628 in Do_Next ../src/core/c-do.c:884
    #113 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #114 0x485388 in N_unless ../src/core/n-control.c:763
    #115 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #116 0x413628 in Do_Next ../src/core/c-do.c:884
    #117 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #118 0x42e869 in Do_Function ../src/core/c-function.c:415
    #119 0x413628 in Do_Next ../src/core/c-do.c:884
    #120 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #121 0x484cf1 in N_switch ../src/core/n-control.c:716
    #122 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #123 0x413628 in Do_Next ../src/core/c-do.c:884
    #124 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #125 0x42e869 in Do_Function ../src/core/c-function.c:415
    #126 0x413628 in Do_Next ../src/core/c-do.c:884
    #127 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #128 0x48459c in N_if ../src/core/n-control.c:619
    #129 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #130 0x413628 in Do_Next ../src/core/c-do.c:884
    #131 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #132 0x42e869 in Do_Function ../src/core/c-function.c:415
    #133 0x413628 in Do_Next ../src/core/c-do.c:884
    #134 0x41309b in Do_Next ../src/core/c-do.c:858
    #135 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #136 0x484280 in N_either ../src/core/n-control.c:595
    #137 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #138 0x413628 in Do_Next ../src/core/c-do.c:884
    #139 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #140 0x42e869 in Do_Function ../src/core/c-function.c:415
    #141 0x419631 in Apply_Function ../src/core/c-do.c:1518
    #142 0x419918 in Apply_Func ../src/core/c-do.c:1545
    #143 0x48d102 in N_wake_up ../src/core/n-io.c:415
    #144 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #145 0x413628 in Do_Next ../src/core/c-do.c:884
    #146 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #147 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #148 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #149 0x492b66 in N_loop ../src/core/n-loop.c:590
    #150 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #151 0x413628 in Do_Next ../src/core/c-do.c:884
    #152 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #153 0x42e869 in Do_Function ../src/core/c-function.c:415
    #154 0x419631 in Apply_Function ../src/core/c-do.c:1518
    #155 0x419918 in Apply_Func ../src/core/c-do.c:1545
    #156 0x42fef7 in Awake_System ../src/core/c-port.c:198
    #157 0x43012a in Wait_Ports ../src/core/c-port.c:231
    #158 0x48cd62 in N_wait ../src/core/n-io.c:374
    #159 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #160 0x413628 in Do_Next ../src/core/c-do.c:884
    #161 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #162 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #163 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #164 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #165 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #166 0x4929a7 in N_forever ../src/core/n-loop.c:527
    #167 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #168 0x413628 in Do_Next ../src/core/c-do.c:884
    #169 0x4152ff in Try_Block ../src/core/c-do.c:1077
    #170 0x48507e in N_try ../src/core/n-control.c:740
    #171 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #172 0x413628 in Do_Next ../src/core/c-do.c:884
    #173 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #174 0x414152 in Do_Next ../src/core/c-do.c:939
    #175 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #176 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #177 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #178 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #179 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #180 0x42e869 in Do_Function ../src/core/c-function.c:415
    #181 0x413628 in Do_Next ../src/core/c-do.c:884
    #182 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #183 0x48459c in N_if ../src/core/n-control.c:619
    #184 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #185 0x413628 in Do_Next ../src/core/c-do.c:884
    #186 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #187 0x42e869 in Do_Function ../src/core/c-function.c:415
    #188 0x413628 in Do_Next ../src/core/c-do.c:884
    #189 0x41309b in Do_Next ../src/core/c-do.c:858
    #190 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #191 0x42e869 in Do_Function ../src/core/c-function.c:415
    #192 0x413628 in Do_Next ../src/core/c-do.c:884
    #193 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #194 0x42e869 in Do_Function ../src/core/c-function.c:415
    #195 0x413628 in Do_Next ../src/core/c-do.c:884
    #196 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #197 0x414152 in Do_Next ../src/core/c-do.c:939
    #198 0x48201c in N_all ../src/core/n-control.c:261
    #199 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #200 0x413628 in Do_Next ../src/core/c-do.c:884
    #201 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #202 0x491abc in Loop_Each ../src/core/n-loop.c:410
    #203 0x492a6c in N_foreach ../src/core/n-loop.c:546
    #204 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #205 0x413628 in Do_Next ../src/core/c-do.c:884
    #206 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #207 0x42e869 in Do_Function ../src/core/c-function.c:415
    #208 0x413628 in Do_Next ../src/core/c-do.c:884
    #209 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #210 0x485388 in N_unless ../src/core/n-control.c:763
    #211 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #212 0x413628 in Do_Next ../src/core/c-do.c:884
    #213 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #214 0x42e869 in Do_Function ../src/core/c-function.c:415
    #215 0x413628 in Do_Next ../src/core/c-do.c:884
    #216 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #217 0x48459c in N_if ../src/core/n-control.c:619
    #218 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #219 0x413628 in Do_Next ../src/core/c-do.c:884
    #220 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #221 0x42ee10 in Do_Closure ../src/core/c-function.c:459
    #222 0x413628 in Do_Next ../src/core/c-do.c:884
    #223 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #224 0x414152 in Do_Next ../src/core/c-do.c:939
    #225 0x48201c in N_all ../src/core/n-control.c:261
    #226 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #227 0x413628 in Do_Next ../src/core/c-do.c:884
    #228 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #229 0x491abc in Loop_Each ../src/core/n-loop.c:410
    #230 0x492a6c in N_foreach ../src/core/n-loop.c:546
    #231 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #232 0x413628 in Do_Next ../src/core/c-do.c:884
    #233 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #234 0x42e869 in Do_Function ../src/core/c-function.c:415
    #235 0x413628 in Do_Next ../src/core/c-do.c:884
    #236 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #237 0x48459c in N_if ../src/core/n-control.c:619
    #238 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #239 0x413628 in Do_Next ../src/core/c-do.c:884
    #240 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #241 0x42e869 in Do_Function ../src/core/c-function.c:415
    #242 0x413628 in Do_Next ../src/core/c-do.c:884
    #243 0x41309b in Do_Next ../src/core/c-do.c:858
    #244 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #245 0x42e869 in Do_Function ../src/core/c-function.c:415
    #246 0x413628 in Do_Next ../src/core/c-do.c:884
    #247 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #248 0x48459c in N_if ../src/core/n-control.c:619
    #249 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #250 0x413628 in Do_Next ../src/core/c-do.c:884
    #251 0x414825 in Do_Blk ../src/core/c-do.c:1010

0x62a00000b201 is located 1 bytes to the right of 20480-byte region [0x62a000006200,0x62a00000b200)
allocated by thread T0 here:
    #0 0x7ffff6f58b1f in malloc (/usr/lib/libasan.so.1+0x54b1f)
    #1 0x47924a in Make_Mem ../src/core/m-pools.c:121
    #2 0x47a9ff in Make_Series ../src/core/m-pools.c:406
    #3 0x4aee84 in Make_Unicode ../src/core/s-make.c:59
    #4 0x4bb797 in Init_Mold ../src/core/s-mold.c:1425
    #5 0x40da64 in Init_Core ../src/core/b-init.c:940
    #6 0x4055e0 in RL_Init ../src/core/a-lib.c:124
    #7 0x580aa2 in main ../src/os/host-main.c:154
    #8 0x7ffff5719fff in __libc_start_main (/usr/lib/libc.so.6+0x1ffff)

SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/core/m-series.c:145 Expand_Series
Shadow bytes around the buggy address:
  0x0c547fff95f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fff9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fff9610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fff9620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fff9630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c547fff9640:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:

zsx referenced this pull request in metaeducation/ren-c Jun 21, 2015

Do not increase tail before extension
It will confuse Expand_Series expects "tail" to be the actual size, and
cause a read beyond the allocated memory, or heap buffer overflow found
by address sanitizer of GCC:
=================================================================
==10856==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62a00000b201 at pc 0x47df61 bp 0x7fffffff2ca0 sp 0x7fffffff2c98
READ of size 1 at 0x62a00000b201 thread T0
    #0 0x47df60 in Expand_Series ../src/core/m-series.c:145
    #1 0x47e5a7 in Extend_Series ../src/core/m-series.c:187
    #2 0x466e0c in Scan_Quote ../src/core/l-scan.c:462
    #3 0x46a797 in Scan_Token ../src/core/l-scan.c:918
    #4 0x46e263 in Scan_Block ../src/core/l-scan.c:1188
    #5 0x46e722 in Scan_Code ../src/core/l-scan.c:1548
    #6 0x46e886 in Scan_Source ../src/core/l-scan.c:1568
    #7 0x4cb85c in Make_Block_Type ../src/core/t-block.c:306
    #8 0x4cd1b8 in T_Block ../src/core/t-block.c:608
    #9 0x4d042e in T_Datatype ../src/core/t-datatype.c:92
    #10 0x42e080 in Do_Act ../src/core/c-function.c:338
    #11 0x42e7e5 in Do_Action ../src/core/c-function.c:396
    #12 0x413628 in Do_Next ../src/core/c-do.c:884
    #13 0x41309b in Do_Next ../src/core/c-do.c:858
    #14 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #15 0x482dd2 in N_case ../src/core/n-control.c:349
    #16 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #17 0x413628 in Do_Next ../src/core/c-do.c:884
    #18 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #19 0x42e869 in Do_Function ../src/core/c-function.c:415
    #20 0x413628 in Do_Next ../src/core/c-do.c:884
    #21 0x41309b in Do_Next ../src/core/c-do.c:858
    #22 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #23 0x42e869 in Do_Function ../src/core/c-function.c:415
    #24 0x413628 in Do_Next ../src/core/c-do.c:884
    #25 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #26 0x414152 in Do_Next ../src/core/c-do.c:939
    #27 0x48201c in N_all ../src/core/n-control.c:261
    #28 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #29 0x413628 in Do_Next ../src/core/c-do.c:884
    #30 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #31 0x491abc in Loop_Each ../src/core/n-loop.c:410
    #32 0x492a6c in N_foreach ../src/core/n-loop.c:546
    #33 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #34 0x413628 in Do_Next ../src/core/c-do.c:884
    #35 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #36 0x42e869 in Do_Function ../src/core/c-function.c:415
    #37 0x413628 in Do_Next ../src/core/c-do.c:884
    #38 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #39 0x414152 in Do_Next ../src/core/c-do.c:939
    #40 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #41 0x48459c in N_if ../src/core/n-control.c:619
    #42 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #43 0x413628 in Do_Next ../src/core/c-do.c:884
    #44 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #45 0x491abc in Loop_Each ../src/core/n-loop.c:410
    #46 0x492a6c in N_foreach ../src/core/n-loop.c:546
    #47 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #48 0x413628 in Do_Next ../src/core/c-do.c:884
    #49 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #50 0x42e869 in Do_Function ../src/core/c-function.c:415
    #51 0x418fb4 in Apply_Block ../src/core/c-do.c:1474
    #52 0x4824fb in N_apply ../src/core/n-control.c:295
    #53 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #54 0x413628 in Do_Next ../src/core/c-do.c:884
    #55 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #56 0x414152 in Do_Next ../src/core/c-do.c:939
    #57 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #58 0x485388 in N_unless ../src/core/n-control.c:763
    #59 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #60 0x413628 in Do_Next ../src/core/c-do.c:884
    #61 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #62 0x483eff in N_do ../src/core/n-control.c:523
    #63 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #64 0x413628 in Do_Next ../src/core/c-do.c:884
    #65 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #66 0x414152 in Do_Next ../src/core/c-do.c:939
    #67 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #68 0x48459c in N_if ../src/core/n-control.c:619
    #69 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #70 0x413628 in Do_Next ../src/core/c-do.c:884
    #71 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #72 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130
    #73 0x49314d in N_repeat ../src/core/n-loop.c:631
    #74 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #75 0x413628 in Do_Next ../src/core/c-do.c:884
    #76 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #77 0x42ee10 in Do_Closure ../src/core/c-function.c:459
    #78 0x413628 in Do_Next ../src/core/c-do.c:884
    #79 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #80 0x485388 in N_unless ../src/core/n-control.c:763
    #81 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #82 0x413628 in Do_Next ../src/core/c-do.c:884
    #83 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #84 0x42e869 in Do_Function ../src/core/c-function.c:415
    #85 0x418fb4 in Apply_Block ../src/core/c-do.c:1474
    #86 0x4824fb in N_apply ../src/core/n-control.c:295
    #87 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #88 0x413628 in Do_Next ../src/core/c-do.c:884
    #89 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #90 0x414152 in Do_Next ../src/core/c-do.c:939
    #91 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #92 0x485388 in N_unless ../src/core/n-control.c:763
    #93 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #94 0x413628 in Do_Next ../src/core/c-do.c:884
    #95 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #96 0x483eff in N_do ../src/core/n-control.c:523
    #97 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #98 0x413628 in Do_Next ../src/core/c-do.c:884
    #99 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #100 0x414152 in Do_Next ../src/core/c-do.c:939
    #101 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #102 0x48459c in N_if ../src/core/n-control.c:619
    #103 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #104 0x413628 in Do_Next ../src/core/c-do.c:884
    #105 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #106 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130
    #107 0x49314d in N_repeat ../src/core/n-loop.c:631
    #108 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #109 0x413628 in Do_Next ../src/core/c-do.c:884
    #110 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #111 0x42ee10 in Do_Closure ../src/core/c-function.c:459
    #112 0x413628 in Do_Next ../src/core/c-do.c:884
    #113 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #114 0x485388 in N_unless ../src/core/n-control.c:763
    #115 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #116 0x413628 in Do_Next ../src/core/c-do.c:884
    #117 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #118 0x42e869 in Do_Function ../src/core/c-function.c:415
    #119 0x413628 in Do_Next ../src/core/c-do.c:884
    #120 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #121 0x484cf1 in N_switch ../src/core/n-control.c:716
    #122 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #123 0x413628 in Do_Next ../src/core/c-do.c:884
    #124 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #125 0x42e869 in Do_Function ../src/core/c-function.c:415
    #126 0x413628 in Do_Next ../src/core/c-do.c:884
    #127 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #128 0x48459c in N_if ../src/core/n-control.c:619
    #129 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #130 0x413628 in Do_Next ../src/core/c-do.c:884
    #131 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #132 0x42e869 in Do_Function ../src/core/c-function.c:415
    #133 0x413628 in Do_Next ../src/core/c-do.c:884
    #134 0x41309b in Do_Next ../src/core/c-do.c:858
    #135 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #136 0x484280 in N_either ../src/core/n-control.c:595
    #137 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #138 0x413628 in Do_Next ../src/core/c-do.c:884
    #139 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #140 0x42e869 in Do_Function ../src/core/c-function.c:415
    #141 0x419631 in Apply_Function ../src/core/c-do.c:1518
    #142 0x419918 in Apply_Func ../src/core/c-do.c:1545
    #143 0x48d102 in N_wake_up ../src/core/n-io.c:415
    #144 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #145 0x413628 in Do_Next ../src/core/c-do.c:884
    #146 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #147 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #148 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #149 0x492b66 in N_loop ../src/core/n-loop.c:590
    #150 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #151 0x413628 in Do_Next ../src/core/c-do.c:884
    #152 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #153 0x42e869 in Do_Function ../src/core/c-function.c:415
    #154 0x419631 in Apply_Function ../src/core/c-do.c:1518
    #155 0x419918 in Apply_Func ../src/core/c-do.c:1545
    #156 0x42fef7 in Awake_System ../src/core/c-port.c:198
    #157 0x43012a in Wait_Ports ../src/core/c-port.c:231
    #158 0x48cd62 in N_wait ../src/core/n-io.c:374
    #159 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #160 0x413628 in Do_Next ../src/core/c-do.c:884
    #161 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #162 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #163 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #164 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #165 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #166 0x4929a7 in N_forever ../src/core/n-loop.c:527
    #167 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #168 0x413628 in Do_Next ../src/core/c-do.c:884
    #169 0x4152ff in Try_Block ../src/core/c-do.c:1077
    #170 0x48507e in N_try ../src/core/n-control.c:740
    #171 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #172 0x413628 in Do_Next ../src/core/c-do.c:884
    #173 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #174 0x414152 in Do_Next ../src/core/c-do.c:939
    #175 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #176 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #177 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #178 0x4133c9 in Do_Next ../src/core/c-do.c:877
    #179 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #180 0x42e869 in Do_Function ../src/core/c-function.c:415
    #181 0x413628 in Do_Next ../src/core/c-do.c:884
    #182 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #183 0x48459c in N_if ../src/core/n-control.c:619
    #184 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #185 0x413628 in Do_Next ../src/core/c-do.c:884
    #186 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #187 0x42e869 in Do_Function ../src/core/c-function.c:415
    #188 0x413628 in Do_Next ../src/core/c-do.c:884
    #189 0x41309b in Do_Next ../src/core/c-do.c:858
    #190 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #191 0x42e869 in Do_Function ../src/core/c-function.c:415
    #192 0x413628 in Do_Next ../src/core/c-do.c:884
    #193 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #194 0x42e869 in Do_Function ../src/core/c-function.c:415
    #195 0x413628 in Do_Next ../src/core/c-do.c:884
    #196 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #197 0x414152 in Do_Next ../src/core/c-do.c:939
    #198 0x48201c in N_all ../src/core/n-control.c:261
    #199 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #200 0x413628 in Do_Next ../src/core/c-do.c:884
    #201 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #202 0x491abc in Loop_Each ../src/core/n-loop.c:410
    #203 0x492a6c in N_foreach ../src/core/n-loop.c:546
    #204 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #205 0x413628 in Do_Next ../src/core/c-do.c:884
    #206 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #207 0x42e869 in Do_Function ../src/core/c-function.c:415
    #208 0x413628 in Do_Next ../src/core/c-do.c:884
    #209 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #210 0x485388 in N_unless ../src/core/n-control.c:763
    #211 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #212 0x413628 in Do_Next ../src/core/c-do.c:884
    #213 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #214 0x42e869 in Do_Function ../src/core/c-function.c:415
    #215 0x413628 in Do_Next ../src/core/c-do.c:884
    #216 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #217 0x48459c in N_if ../src/core/n-control.c:619
    #218 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #219 0x413628 in Do_Next ../src/core/c-do.c:884
    #220 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #221 0x42ee10 in Do_Closure ../src/core/c-function.c:459
    #222 0x413628 in Do_Next ../src/core/c-do.c:884
    #223 0x4115f2 in Do_Args ../src/core/c-do.c:669
    #224 0x414152 in Do_Next ../src/core/c-do.c:939
    #225 0x48201c in N_all ../src/core/n-control.c:261
    #226 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #227 0x413628 in Do_Next ../src/core/c-do.c:884
    #228 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #229 0x491abc in Loop_Each ../src/core/n-loop.c:410
    #230 0x492a6c in N_foreach ../src/core/n-loop.c:546
    #231 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #232 0x413628 in Do_Next ../src/core/c-do.c:884
    #233 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #234 0x42e869 in Do_Function ../src/core/c-function.c:415
    #235 0x413628 in Do_Next ../src/core/c-do.c:884
    #236 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #237 0x48459c in N_if ../src/core/n-control.c:619
    #238 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #239 0x413628 in Do_Next ../src/core/c-do.c:884
    #240 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #241 0x42e869 in Do_Function ../src/core/c-function.c:415
    #242 0x413628 in Do_Next ../src/core/c-do.c:884
    #243 0x41309b in Do_Next ../src/core/c-do.c:858
    #244 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #245 0x42e869 in Do_Function ../src/core/c-function.c:415
    #246 0x413628 in Do_Next ../src/core/c-do.c:884
    #247 0x414825 in Do_Blk ../src/core/c-do.c:1010
    #248 0x48459c in N_if ../src/core/n-control.c:619
    #249 0x42dbb7 in Do_Native ../src/core/c-function.c:289
    #250 0x413628 in Do_Next ../src/core/c-do.c:884
    #251 0x414825 in Do_Blk ../src/core/c-do.c:1010

0x62a00000b201 is located 1 bytes to the right of 20480-byte region [0x62a000006200,0x62a00000b200)
allocated by thread T0 here:
    #0 0x7ffff6f58b1f in malloc (/usr/lib/libasan.so.1+0x54b1f)
    #1 0x47924a in Make_Mem ../src/core/m-pools.c:121
    #2 0x47a9ff in Make_Series ../src/core/m-pools.c:406
    #3 0x4aee84 in Make_Unicode ../src/core/s-make.c:59
    #4 0x4bb797 in Init_Mold ../src/core/s-mold.c:1425
    #5 0x40da64 in Init_Core ../src/core/b-init.c:940
    #6 0x4055e0 in RL_Init ../src/core/a-lib.c:124
    #7 0x580aa2 in main ../src/os/host-main.c:154
    #8 0x7ffff5719fff in __libc_start_main (/usr/lib/libc.so.6+0x1ffff)

SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/core/m-series.c:145 Expand_Series
Shadow bytes around the buggy address:
  0x0c547fff95f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fff9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fff9610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fff9620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fff9630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c547fff9640:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fff9690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:
Switch target id of Windows/x64 to 0.3.40
In concert with Atronix, Rebolsource, and the pending pull against
mainline.

earl added a commit to rebolsource/r3 that referenced this pull request Jul 24, 2015

Merge pull request rebol/rebol#209 (earl/64b-for-mainline) into commu…
…nity

* earl/64b-for-mainline:
  Switch target id of Windows/x64 to 0.3.40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment