Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

testrunner crashes #1013

Closed
matthiaskrgr opened this issue May 2, 2017 · 1 comment
Closed

testrunner crashes #1013

matthiaskrgr opened this issue May 2, 2017 · 1 comment
Labels
Bug Issues involving unexpected behavior. Unit Tests Issues involving Wesnoth's unit test suite.

Comments

@matthiaskrgr
Copy link
Contributor

wesnoth @ 81eb23c
running asan instrumented testrunner crashes with stack use after free.

Running 154 test cases...
=================================================================
==28136==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fff47f95f60 at pc 0x000002ad290d bp 0x7fff47f85b70 sp 0x7fff47f85b68
READ of size 8 at 0x7fff47f95f60 thread T0
    #0 0x2ad290c in std::vector<map_generator*, std::allocator<map_generator*> >::begin() const /usr/lib/gcc/x86_64-redhat-linux/6.3.1/../../../../include/c++/6.3.1/bits/stl_vector.h:558:45
    #1 0x2ad290c in std::vector<map_generator*, std::allocator<map_generator*> >::empty() const /usr/lib/gcc/x86_64-redhat-linux/6.3.1/../../../../include/c++/6.3.1/bits/stl_vector.h:745
    #2 0x2ad0cc8 in gui2::dialogs::editor_generate_map::pre_show(gui2::window&) /home/matthias/vcs/github/wesnoth/build/../src/gui/dialogs/editor/generate_map.cpp:109:2
    #3 0x2c2f564 in gui2::dialogs::modal_dialog::show(CVideo&, unsigned int) /home/matthias/vcs/github/wesnoth/build/../src/gui/dialogs/modal_dialog.cpp:66:2
    #4 0x19eca38 in void (anonymous namespace)::test_resolutions<gui2::dialogs::editor_generate_map>(std::vector<std::pair<unsigned int, unsigned int>, std::allocator<std::pair<unsigned int, unsigned int> > > const&) /home/matthias/vcs/github/wesnoth/build/../src/tests/gui/test_gui2.cpp:209:10
    #5 0x19eca38 in void (anonymous namespace)::test<gui2::dialogs::editor_generate_map>() /home/matthias/vcs/github/wesnoth/build/../src/tests/gui/test_gui2.cpp:343
    #6 0x19eca38 in test_gui2::test_method() /home/matthias/vcs/github/wesnoth/build/../src/tests/gui/test_gui2.cpp:411
    #7 0x19d8cbf in test_gui2_invoker() /home/matthias/vcs/github/wesnoth/build/../src/tests/gui/test_gui2.cpp:377:1
    #8 0x19bd591 in boost::detail::function::void_function_invoker0<void (*)(), void>::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:118:11
    #9 0x7fc24101c9fd in boost::detail::function::function_obj_invoker0<boost::detail::forward, int>::invoke(boost::detail::function::function_buffer&) (/lib64/libboost_unit_test_framework.so.1.60.0+0x439fd)
    #10 0x1a7a000 in boost::function0<int>::operator()() const /usr/include/boost/function/function_template.hpp:770:14
    #11 0x1a79513 in boost::detail::translator_holder<game::error, void (*)(game::error const&)>::operator()(boost::function<int ()> const&) /usr/include/boost/test/execution_monitor.hpp:419:46
    #12 0x1a7c83f in boost::detail::translator_holder<config::error, void (*)(config::error const&)>::operator()(boost::function<int ()> const&) /usr/include/boost/test/execution_monitor.hpp:419:29
    #13 0x7fc24101c079 in boost::execution_monitor::catch_signals(boost::function<int ()> const&) (/lib64/libboost_unit_test_framework.so.1.60.0+0x43079)
    #14 0x7fc24101c227 in boost::execution_monitor::execute(boost::function<int ()> const&) (/lib64/libboost_unit_test_framework.so.1.60.0+0x43227)
    #15 0x7fc24101c875 in boost::execution_monitor::vexecute(boost::function<void ()> const&) (/lib64/libboost_unit_test_framework.so.1.60.0+0x43875)
    #16 0x7fc24103f29a in boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::function<void ()> const&, unsigned int) (/lib64/libboost_unit_test_framework.so.1.60.0+0x6629a)
    #17 0x7fc241026e55 in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned int) (/lib64/libboost_unit_test_framework.so.1.60.0+0x4de55)
    #18 0x7fc241027590 in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned int) (/lib64/libboost_unit_test_framework.so.1.60.0+0x4e590)
    #19 0x7fc241021330 in boost::unit_test::framework::run(unsigned long, bool) (/lib64/libboost_unit_test_framework.so.1.60.0+0x48330)
    #20 0x7fc24103d23e in boost::unit_test::unit_test_main(bool (*)(), int, char**) (/lib64/libboost_unit_test_framework.so.1.60.0+0x6423e)
    #21 0x1a71a93 in main /usr/include/boost/test/unit_test.hpp:63:12
    #22 0x7fc240610400 in __libc_start_main /usr/src/debug/glibc-2.24-33-ge9e69e4/csu/../csu/libc-start.c:289
    #23 0x18ca699 in _start (/home/matthias/vcs/github/wesnoth/build/test+0x18ca699)

Address 0x7fff47f95f60 is located in stack of thread T0 at offset 64960 in frame
    #0 0x2c2ee9f in gui2::dialogs::modal_dialog::show(CVideo&, unsigned int) /home/matthias/vcs/github/wesnoth/build/../src/gui/dialogs/modal_dialog.cpp:39

  This frame has 11 object(s):
    [32, 160) 'pc' (line 48)
    [192, 224) 'ref.tmp' (line 48)
    [256, 257) 'ref.tmp6' (line 48)
    [272, 304) 'ref.tmp7' (line 49)
    [336, 337) 'ref.tmp8' (line 49)
    [352, 384) 'agg.tmp'
    [416, 448) 'ref.tmp10' (line 50)
    [480, 481) 'ref.tmp11' (line 50)
    [496, 528) 'agg.tmp12'
    [560, 568) 'window' (line 57)
    [592, 600) 'ref.tmp25' (line 68) <== Memory access at offset 64960 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope /usr/lib/gcc/x86_64-redhat-linux/6.3.1/../../../../include/c++/6.3.1/bits/stl_vector.h:558:45 in std::vector<map_generator*, std::allocator<map_generator*> >::begin() const
Shadow bytes around the buggy address:
  0x100068feab90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100068feaba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100068feabb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100068feabc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100068feabd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100068feabe0: 00 00 00 00 00 00 00 00 00 00 00 00[f8]f8 f8 00
  0x100068feabf0: 00 00 00 00 f8 f8 f8 f8 00 00 00 00 f8 00 f8 00
  0x100068feac00: 00 00 f8 00 00 00 f8 f8 f8 f8 00 00 00 00 f8 00
  0x100068feac10: f8 f8 f8 f8 00 00 00 00 f8 00 f8 00 00 00 f8 f8
  0x100068feac20: f8 f8 00 00 00 00 f8 00 f8 00 00 00 f8 f8 f8 00
  0x100068feac30: 00 00 00 00 f8 f8 f8 f8 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==28136==ABORTING
@CelticMinstrel CelticMinstrel added Bug Issues involving unexpected behavior. Unit Tests Issues involving Wesnoth's unit test suite. labels May 3, 2017
@Vultraz
Copy link
Member

Vultraz commented May 4, 2017

Fixed: ce11f48

@Vultraz Vultraz closed this as completed May 4, 2017
@matthiaskrgr matthiaskrgr mentioned this issue May 8, 2017
Closed
@CelticMinstrel CelticMinstrel mentioned this issue May 9, 2017
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Issues involving unexpected behavior. Unit Tests Issues involving Wesnoth's unit test suite.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@matthiaskrgr @CelticMinstrel @Vultraz