Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wee-hashtable #211

Closed
holomorph opened this Issue Sep 21, 2014 · 0 comments

Comments

Projects
None yet
2 participants
@holomorph
Copy link

commented Sep 21, 2014

Not sure if a real issue, but I figured it wouldn't hurt to bring it up. I thought it would be better for the recipe for #199 to start with a bare config, and in forming the recipe, AddressSanitizer complained.

  1. weechat -a -s -p --dir /tmp/foobar
  2. /plugin load irc
  3. /connect freenode
  4. /join #freenode
Got object file from memory but can't read symbols: File truncated.
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
�[?1002l�[?1000l�[?1005l�[?2004h=================================================================
==10500==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffbd80 at pc 0x45b60e bp 0x7fffffffbb30 sp 0x7fffffffbb20
READ of size 8 at 0x7fffffffbd80 thread T0
    #0 0x45b60d in hashtable_alloc_type /tmp/makepkg/weechat-git/src/weechat/src/core/wee-hashtable.c:288
    #1 0x45bc02 in hashtable_set_with_size /tmp/makepkg/weechat-git/src/weechat/src/core/wee-hashtable.c:417
    #2 0x7ffff0882bb3 in irc_command_join_server /tmp/makepkg/weechat-git/src/weechat/src/plugins/irc/irc-command.c:2285
    #3 0x7ffff0883541 in irc_command_join /tmp/makepkg/weechat-git/src/weechat/src/plugins/irc/irc-command.c:2372
    #4 0x465c4d in hook_command_exec /tmp/makepkg/weechat-git/src/weechat/src/core/wee-hook.c:803
    #5 0x47b115 in input_exec_command /tmp/makepkg/weechat-git/src/weechat/src/core/wee-input.c:101
    #6 0x47baae in input_exec_command /tmp/makepkg/weechat-git/src/weechat/src/core/wee-input.c:74
    #7 0x47baae in input_data /tmp/makepkg/weechat-git/src/weechat/src/core/wee-input.c:255
    #8 0x509df6 in gui_input_return /tmp/makepkg/weechat-git/src/weechat/src/gui/gui-input.c:440
    #9 0x429077 in command_input /tmp/makepkg/weechat-git/src/weechat/src/core/wee-command.c:2925
    #10 0x465c4d in hook_command_exec /tmp/makepkg/weechat-git/src/weechat/src/core/wee-hook.c:803
    #11 0x47b115 in input_exec_command /tmp/makepkg/weechat-git/src/weechat/src/core/wee-input.c:101
    #12 0x47baae in input_exec_command /tmp/makepkg/weechat-git/src/weechat/src/core/wee-input.c:74
    #13 0x47baae in input_data /tmp/makepkg/weechat-git/src/weechat/src/core/wee-input.c:255
    #14 0x5146b1 in gui_key_pressed /tmp/makepkg/weechat-git/src/weechat/src/gui/gui-key.c:1380
    #15 0x4a464d in gui_key_flush /tmp/makepkg/weechat-git/src/weechat/src/gui/curses/gui-curses-key.c:424
    #16 0x4a5102 in gui_key_read_cb /tmp/makepkg/weechat-git/src/weechat/src/gui/curses/gui-curses-key.c:593
    #17 0x46779b in hook_fd_exec /tmp/makepkg/weechat-git/src/weechat/src/core/wee-hook.c:1356
    #18 0x4a6d0d in gui_main_loop /tmp/makepkg/weechat-git/src/weechat/src/gui/curses/gui-curses-main.c:424
    #19 0x420264 in main /tmp/makepkg/weechat-git/src/weechat/src/gui/curses/main.c:41
    #20 0x7ffff599303f in __libc_start_main (/usr/lib/libc.so.6+0x2003f)
    #21 0x420986 (/usr/bin/weechat+0x420986)

Address 0x7fffffffbd80 is located in stack of thread T0 at offset 160 in frame
    #0 0x7ffff088227f in irc_command_join_server /tmp/makepkg/weechat-git/src/weechat/src/plugins/irc/irc-command.c:2201

  This frame has 3 object(s):
    [32, 36) 'num_channels'
    [96, 100) 'num_keys'
    [160, 164) 'time_now' <== Memory access at offset 160 partially overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /tmp/makepkg/weechat-git/src/weechat/src/core/wee-hashtable.c:288 hashtable_alloc_type
Shadow bytes around the buggy address:
  0x10007fff7760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007fff7770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007fff7780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007fff7790: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
  0x10007fff77a0: 04 f4 f4 f4 f2 f2 f2 f2 04 f4 f4 f4 f2 f2 f2 f2
=>0x10007fff77b0:[04]f4 f4 f4 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007fff77c0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4
  0x10007fff77d0: f2 f2 f2 f2 00 f4 f4 f4 00 00 00 00 00 00 00 00
  0x10007fff77e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007fff77f0: 00 00 f1 f1 f1 f1 04 f4 f4 f4 00 00 00 00 00 00
  0x10007fff7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==10500==ABORTING

@flashcode flashcode added the bug label Sep 21, 2014

@flashcode flashcode closed this in f91f57f Sep 22, 2014

flashcode added a commit that referenced this issue Sep 22, 2014

@flashcode flashcode added this to the 1.0.1 milestone Nov 16, 2014

@flashcode flashcode self-assigned this Nov 16, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.