Free intermediate buffers used by do-codec (CC #2068) #156
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
I think that it would be ideal to have some tests in the test framework for this, could you write some? |
Contributor
Author
|
The trick with writing tests for memory leaks is that if you really want to get to the point of crashing, it will probably have to get pretty far into making your system nearly die from VM exhaustion. Not only does it take time, it makes the machine flaky and unusable. So the better thing to do is to check for memory leaks with Valgrind as part of the automated testing. This is tricky as there are crashing tests which would destroy the evidence of leaks in tests prior to the crash. And one probably doesn't want to start up a new interpreter for each line-item test. What I'd suggest is that the automated tests probably should let you mark a test with a tag indicating it is expected to crash. Then, the higher-level script in charge of the test would be sure to shut down the interpreter before that point, and check to make sure there weren't any leaks. Then it would start back up to run the suspected crashing test. |
Contributor
|
Merged to community. |
carls
added a commit
that referenced
this pull request
Feb 15, 2014
Free intermediate buffers used by do-codec (CC #2068)
|
There is a regression caused by this commit. Following code now crashes R3: This is caused by the fact the @carls I'd suggest to accept commits only covered with proper tests otherwise the master will be soon spoiled by these small but annoying regresssions. It looks from the previous discussion Ladislav smelt something fishy is there. |
Contributor
|
Thanks a lot for the testing and the report, @cyphre. I added a test for the reported regression in rebolsource/rebol-test@10c0160. I think we shouldn't exaggerate this problem. Bugs happen, let's just fix them. And let's keep the test suite growing. |
|
@earl I agree bugs happen but having at least some basic test coverage for specific fix would avoid these kind of regressions. I'm talking this case just as an example, this is nothing personal against Brian at all. IMO it would be usefull policy that every contributor should provide at least basic testing otherwise other people need to spend time dealing with the regressions anyway. |
Contributor
Author
|
@cyphre If you looked and understood what's going on well enough to fix it, then perhaps a pull request would be of more utility than something more enigmatic. Five months later I am working on something else. Further: To write tests, one generally needs a spec. And your example case: What happened here is someone was engaging the official bug database and asking on SO questions and chat about how to forge ahead with a Raspberry pi project. It was a blocking bug for him; and not addressing it can risk someone not using Rebol at all. I looked at it enough to make it work for the case I was told about; without undertaking a total design review of the codec system which (as I mentioned) has not been documented. Without a spec I cannot be reasonably expected, as an unpaid contributor to design a test that would even know that So I'd ask you to shift perspective to see another viewpoint:
I'd summarize by saying my "lessons we should carry away" from the instance is different from yours. If we choose to be more careful, then do we take 50 months instead of 5 to resolve an issue and lose users in that time? @earl is on point that the real answer is more tests, coupled with more forward progress. We need more public concern and engagement from everyone, on a daily basis, which is more significant than the impacts of the regression. Though I would of course welcome a fix if you have one in mind. I'd have to go back and re-acclimate to the issues, and it seems like it's fresher in your mind. |
Contributor
|
I need to throw my two cents to the issue. In general, many PRs are accompanied with tests that are added to the test suite frequently before the issue is being worked on. Therefore, the PRs based on such tests are more reliable than PRs not having any tests associated. It is good that this PR exists, but, by my own fault, it has been merged to Community prematurely (before any test existed and has been ran) and I realize that I should not have done that. I am sorry for the trouble it caused to you, Cyphre, and I promise to be more careful next time. For contrast, consider #153 well tested (equipped with several tests in the test suite) and yet, Carl hesitates to merge it to the master branch as compared to several PRs like this one unequipped with any tests at all. This indicates there is a merging policy issue to improve on. |
Merged
|
@hostilefork I pushed the pull request you asked for here #194 |
Contributor
|
@cyphre: "Nowadays many other dev environments won't even let you use your code/changes without coverage tests" And that is the problem. While it would be a good policy to only merge if the tests pass, it's clearly not our policy here. Our test suite is not in this repo, it's in another repo controlled by someone else. We can't make changes that might require changing tests (such as everything I've been working on lately, we have a backlog), because the tests are not kept in sync with the changes. The way things are now, it's just not a practical policy to enforce, and we have no right to berate others for not doing what we're clearly not doing either. Some steps we can take to fix the problem:
Once we do all that, we will have the right to say that including tests is our policy. And we need to do it soon, because the basic-semantics fixes are coming. |
Contributor
Author
|
Point of clarification: I actually did not understand your request as a desire to add tests which would be able to deduce what this change might disrupt. I thought you were asking for a test that would verify that the prior existing condition of a memory leak did not reappear. That codec tests did not exist at all was not known to me. Thanks for submitting the update, and expanding upon the comments I added to the code. I want to emphasize that my disagreement here is of course not with the need for more testing. I'm rather stating that raising the bar for submitting a pull request--to a point where the submitter must design test suites for previously untested subsystems--simply isn't going to fly on an open source project with contributions from a general user community. If the integrators wish to hold off on pulling in a patch, then that's one thing. But I definitely don't want to discourage the submission of changes such as this one, from others (or myself) who make what looks like a reasonable change that fixes a blocking problem. As I emphasized, it was already something I was doing as a favor to help someone else move along. When it took care of their problem, and passed the test suite that was enough for me...and so it was submitted to be looked at. It's fair to say a pull request will not be reviewed until it passes the existing tests, and CI will help with that (also possibly in testing platforms the user might not have had available). But I maintain the process problem here isn't the pull request being made. It's actually really three other points:
So that's my take on it. Agreement on pretty much all points. I was in fact just going to suggest something like your "pending", due to feeling that the need to diff the logs to tell there weren't any regressions was excessive. While pending should be called out separately from a test where failure is the expected/correct result, the test should still be run... and a pending test that passes should count as an error. If Rebol and Red are to share tests, then the shared tests should probably stay in a separate repository. Submodules can give the effect of it feeling like the directory is part of the master despite the sharing. Even writing just one test that is successfully shared between Rebol and Red, testing that 2 = 1 + 1, would be a step in the direction of beginning to identify common semantics. Note: Automated testing should also look for bootstrap breaks and warn about those. Both the current Rebol and a reasonably older Rebol should be able to do make make and make prep. |
zsx
added a commit
to zsx/r3
that referenced
this pull request
May 13, 2014
It will confuse Expand_Series expects "tail" to be the actual size, and
cause a read beyond the allocated memory, or heap buffer overflow found
by address sanitizer of GCC:
=================================================================
==10856==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62a00000b201 at pc 0x47df61 bp 0x7fffffff2ca0 sp 0x7fffffff2c98
READ of size 1 at 0x62a00000b201 thread T0
#0 0x47df60 in Expand_Series ../src/core/m-series.c:145
#1 0x47e5a7 in Extend_Series ../src/core/m-series.c:187
#2 0x466e0c in Scan_Quote ../src/core/l-scan.c:462
#3 0x46a797 in Scan_Token ../src/core/l-scan.c:918
#4 0x46e263 in Scan_Block ../src/core/l-scan.c:1188
#5 0x46e722 in Scan_Code ../src/core/l-scan.c:1548
#6 0x46e886 in Scan_Source ../src/core/l-scan.c:1568
#7 0x4cb85c in Make_Block_Type ../src/core/t-block.c:306
#8 0x4cd1b8 in T_Block ../src/core/t-block.c:608
#9 0x4d042e in T_Datatype ../src/core/t-datatype.c:92
#10 0x42e080 in Do_Act ../src/core/c-function.c:338
#11 0x42e7e5 in Do_Action ../src/core/c-function.c:396
#12 0x413628 in Do_Next ../src/core/c-do.c:884
#13 0x41309b in Do_Next ../src/core/c-do.c:858
#14 0x414825 in Do_Blk ../src/core/c-do.c:1010
#15 0x482dd2 in N_case ../src/core/n-control.c:349
#16 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#17 0x413628 in Do_Next ../src/core/c-do.c:884
#18 0x414825 in Do_Blk ../src/core/c-do.c:1010
#19 0x42e869 in Do_Function ../src/core/c-function.c:415
#20 0x413628 in Do_Next ../src/core/c-do.c:884
#21 0x41309b in Do_Next ../src/core/c-do.c:858
#22 0x414825 in Do_Blk ../src/core/c-do.c:1010
#23 0x42e869 in Do_Function ../src/core/c-function.c:415
#24 0x413628 in Do_Next ../src/core/c-do.c:884
#25 0x4115f2 in Do_Args ../src/core/c-do.c:669
#26 0x414152 in Do_Next ../src/core/c-do.c:939
#27 0x48201c in N_all ../src/core/n-control.c:261
#28 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#29 0x413628 in Do_Next ../src/core/c-do.c:884
#30 0x414825 in Do_Blk ../src/core/c-do.c:1010
#31 0x491abc in Loop_Each ../src/core/n-loop.c:410
#32 0x492a6c in N_foreach ../src/core/n-loop.c:546
#33 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#34 0x413628 in Do_Next ../src/core/c-do.c:884
#35 0x414825 in Do_Blk ../src/core/c-do.c:1010
#36 0x42e869 in Do_Function ../src/core/c-function.c:415
#37 0x413628 in Do_Next ../src/core/c-do.c:884
#38 0x4115f2 in Do_Args ../src/core/c-do.c:669
#39 0x414152 in Do_Next ../src/core/c-do.c:939
#40 0x414825 in Do_Blk ../src/core/c-do.c:1010
#41 0x48459c in N_if ../src/core/n-control.c:619
#42 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#43 0x413628 in Do_Next ../src/core/c-do.c:884
#44 0x414825 in Do_Blk ../src/core/c-do.c:1010
#45 0x491abc in Loop_Each ../src/core/n-loop.c:410
#46 0x492a6c in N_foreach ../src/core/n-loop.c:546
#47 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#48 0x413628 in Do_Next ../src/core/c-do.c:884
#49 0x414825 in Do_Blk ../src/core/c-do.c:1010
#50 0x42e869 in Do_Function ../src/core/c-function.c:415
#51 0x418fb4 in Apply_Block ../src/core/c-do.c:1474
#52 0x4824fb in N_apply ../src/core/n-control.c:295
#53 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#54 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#55 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#56 0x414152 in Do_Next ../src/core/c-do.c:939
rebol#57 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#58 0x485388 in N_unless ../src/core/n-control.c:763
rebol#59 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#60 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#61 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#62 0x483eff in N_do ../src/core/n-control.c:523
rebol#63 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#64 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#65 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#66 0x414152 in Do_Next ../src/core/c-do.c:939
rebol#67 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#68 0x48459c in N_if ../src/core/n-control.c:619
rebol#69 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#70 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#71 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#72 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130
rebol#73 0x49314d in N_repeat ../src/core/n-loop.c:631
rebol#74 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#75 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#76 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#77 0x42ee10 in Do_Closure ../src/core/c-function.c:459
rebol#78 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#79 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#80 0x485388 in N_unless ../src/core/n-control.c:763
rebol#81 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#82 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#83 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#84 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#85 0x418fb4 in Apply_Block ../src/core/c-do.c:1474
rebol#86 0x4824fb in N_apply ../src/core/n-control.c:295
rebol#87 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#88 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#89 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#90 0x414152 in Do_Next ../src/core/c-do.c:939
rebol#91 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#92 0x485388 in N_unless ../src/core/n-control.c:763
rebol#93 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#94 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#95 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#96 0x483eff in N_do ../src/core/n-control.c:523
rebol#97 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#98 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#99 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#100 0x414152 in Do_Next ../src/core/c-do.c:939
rebol#101 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#102 0x48459c in N_if ../src/core/n-control.c:619
rebol#103 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#104 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#105 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#106 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130
rebol#107 0x49314d in N_repeat ../src/core/n-loop.c:631
rebol#108 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#109 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#110 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#111 0x42ee10 in Do_Closure ../src/core/c-function.c:459
rebol#112 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#113 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#114 0x485388 in N_unless ../src/core/n-control.c:763
rebol#115 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#116 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#117 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#118 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#119 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#120 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#121 0x484cf1 in N_switch ../src/core/n-control.c:716
rebol#122 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#123 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#124 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#125 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#126 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#127 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#128 0x48459c in N_if ../src/core/n-control.c:619
rebol#129 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#130 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#131 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#132 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#133 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#134 0x41309b in Do_Next ../src/core/c-do.c:858
rebol#135 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#136 0x484280 in N_either ../src/core/n-control.c:595
rebol#137 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#138 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#139 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#140 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#141 0x419631 in Apply_Function ../src/core/c-do.c:1518
rebol#142 0x419918 in Apply_Func ../src/core/c-do.c:1545
rebol#143 0x48d102 in N_wake_up ../src/core/n-io.c:415
rebol#144 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#145 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#146 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#147 0x4133c9 in Do_Next ../src/core/c-do.c:877
rebol#148 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#149 0x492b66 in N_loop ../src/core/n-loop.c:590
rebol#150 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#151 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#152 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#153 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#154 0x419631 in Apply_Function ../src/core/c-do.c:1518
rebol#155 0x419918 in Apply_Func ../src/core/c-do.c:1545
rebol#156 0x42fef7 in Awake_System ../src/core/c-port.c:198
rebol#157 0x43012a in Wait_Ports ../src/core/c-port.c:231
rebol#158 0x48cd62 in N_wait ../src/core/n-io.c:374
rebol#159 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#160 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#161 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#162 0x4133c9 in Do_Next ../src/core/c-do.c:877
rebol#163 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#164 0x4133c9 in Do_Next ../src/core/c-do.c:877
rebol#165 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#166 0x4929a7 in N_forever ../src/core/n-loop.c:527
rebol#167 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#168 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#169 0x4152ff in Try_Block ../src/core/c-do.c:1077
rebol#170 0x48507e in N_try ../src/core/n-control.c:740
rebol#171 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#172 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#173 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#174 0x414152 in Do_Next ../src/core/c-do.c:939
rebol#175 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#176 0x4133c9 in Do_Next ../src/core/c-do.c:877
rebol#177 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#178 0x4133c9 in Do_Next ../src/core/c-do.c:877
rebol#179 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#180 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#181 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#182 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#183 0x48459c in N_if ../src/core/n-control.c:619
rebol#184 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#185 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#186 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#187 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#188 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#189 0x41309b in Do_Next ../src/core/c-do.c:858
rebol#190 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#191 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#192 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#193 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#194 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#195 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#196 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#197 0x414152 in Do_Next ../src/core/c-do.c:939
rebol#198 0x48201c in N_all ../src/core/n-control.c:261
rebol#199 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#200 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#201 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#202 0x491abc in Loop_Each ../src/core/n-loop.c:410
rebol#203 0x492a6c in N_foreach ../src/core/n-loop.c:546
rebol#204 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#205 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#206 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#207 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#208 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#209 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#210 0x485388 in N_unless ../src/core/n-control.c:763
rebol#211 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#212 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#213 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#214 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#215 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#216 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#217 0x48459c in N_if ../src/core/n-control.c:619
rebol#218 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#219 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#220 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#221 0x42ee10 in Do_Closure ../src/core/c-function.c:459
rebol#222 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#223 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#224 0x414152 in Do_Next ../src/core/c-do.c:939
rebol#225 0x48201c in N_all ../src/core/n-control.c:261
rebol#226 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#227 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#228 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#229 0x491abc in Loop_Each ../src/core/n-loop.c:410
rebol#230 0x492a6c in N_foreach ../src/core/n-loop.c:546
rebol#231 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#232 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#233 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#234 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#235 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#236 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#237 0x48459c in N_if ../src/core/n-control.c:619
rebol#238 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#239 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#240 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#241 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#242 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#243 0x41309b in Do_Next ../src/core/c-do.c:858
rebol#244 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#245 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#246 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#247 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#248 0x48459c in N_if ../src/core/n-control.c:619
rebol#249 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#250 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#251 0x414825 in Do_Blk ../src/core/c-do.c:1010
0x62a00000b201 is located 1 bytes to the right of 20480-byte region [0x62a000006200,0x62a00000b200)
allocated by thread T0 here:
#0 0x7ffff6f58b1f in malloc (/usr/lib/libasan.so.1+0x54b1f)
#1 0x47924a in Make_Mem ../src/core/m-pools.c:121
#2 0x47a9ff in Make_Series ../src/core/m-pools.c:406
#3 0x4aee84 in Make_Unicode ../src/core/s-make.c:59
#4 0x4bb797 in Init_Mold ../src/core/s-mold.c:1425
#5 0x40da64 in Init_Core ../src/core/b-init.c:940
#6 0x4055e0 in RL_Init ../src/core/a-lib.c:124
#7 0x580aa2 in main ../src/os/host-main.c:154
#8 0x7ffff5719fff in __libc_start_main (/usr/lib/libc.so.6+0x1ffff)
SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/core/m-series.c:145 Expand_Series
Shadow bytes around the buggy address:
0x0c547fff95f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c547fff9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c547fff9610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c547fff9620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c547fff9630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c547fff9640:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal:
zsx
added a commit
to metaeducation/ren-c
that referenced
this pull request
Jun 21, 2015
It will confuse Expand_Series expects "tail" to be the actual size, and
cause a read beyond the allocated memory, or heap buffer overflow found
by address sanitizer of GCC:
=================================================================
==10856==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62a00000b201 at pc 0x47df61 bp 0x7fffffff2ca0 sp 0x7fffffff2c98
READ of size 1 at 0x62a00000b201 thread T0
#0 0x47df60 in Expand_Series ../src/core/m-series.c:145
#1 0x47e5a7 in Extend_Series ../src/core/m-series.c:187
rebolsource#2 0x466e0c in Scan_Quote ../src/core/l-scan.c:462
rebolsource#3 0x46a797 in Scan_Token ../src/core/l-scan.c:918
#4 0x46e263 in Scan_Block ../src/core/l-scan.c:1188
#5 0x46e722 in Scan_Code ../src/core/l-scan.c:1548
rebolsource#6 0x46e886 in Scan_Source ../src/core/l-scan.c:1568
rebol#7 0x4cb85c in Make_Block_Type ../src/core/t-block.c:306
#8 0x4cd1b8 in T_Block ../src/core/t-block.c:608
#9 0x4d042e in T_Datatype ../src/core/t-datatype.c:92
#10 0x42e080 in Do_Act ../src/core/c-function.c:338
#11 0x42e7e5 in Do_Action ../src/core/c-function.c:396
#12 0x413628 in Do_Next ../src/core/c-do.c:884
#13 0x41309b in Do_Next ../src/core/c-do.c:858
#14 0x414825 in Do_Blk ../src/core/c-do.c:1010
#15 0x482dd2 in N_case ../src/core/n-control.c:349
#16 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#17 0x413628 in Do_Next ../src/core/c-do.c:884
#18 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#19 0x42e869 in Do_Function ../src/core/c-function.c:415
#20 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#21 0x41309b in Do_Next ../src/core/c-do.c:858
rebol#22 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#23 0x42e869 in Do_Function ../src/core/c-function.c:415
#24 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#25 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#26 0x414152 in Do_Next ../src/core/c-do.c:939
#27 0x48201c in N_all ../src/core/n-control.c:261
#28 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#29 0x413628 in Do_Next ../src/core/c-do.c:884
#30 0x414825 in Do_Blk ../src/core/c-do.c:1010
#31 0x491abc in Loop_Each ../src/core/n-loop.c:410
#32 0x492a6c in N_foreach ../src/core/n-loop.c:546
rebol#33 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#34 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#35 0x414825 in Do_Blk ../src/core/c-do.c:1010
#36 0x42e869 in Do_Function ../src/core/c-function.c:415
#37 0x413628 in Do_Next ../src/core/c-do.c:884
#38 0x4115f2 in Do_Args ../src/core/c-do.c:669
#39 0x414152 in Do_Next ../src/core/c-do.c:939
rebol#40 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#41 0x48459c in N_if ../src/core/n-control.c:619
#42 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#43 0x413628 in Do_Next ../src/core/c-do.c:884
#44 0x414825 in Do_Blk ../src/core/c-do.c:1010
#45 0x491abc in Loop_Each ../src/core/n-loop.c:410
rebol#46 0x492a6c in N_foreach ../src/core/n-loop.c:546
#47 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#48 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#49 0x414825 in Do_Blk ../src/core/c-do.c:1010
#50 0x42e869 in Do_Function ../src/core/c-function.c:415
#51 0x418fb4 in Apply_Block ../src/core/c-do.c:1474
#52 0x4824fb in N_apply ../src/core/n-control.c:295
rebol#53 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#54 0x413628 in Do_Next ../src/core/c-do.c:884
#55 0x4115f2 in Do_Args ../src/core/c-do.c:669
#56 0x414152 in Do_Next ../src/core/c-do.c:939
#57 0x414825 in Do_Blk ../src/core/c-do.c:1010
#58 0x485388 in N_unless ../src/core/n-control.c:763
#59 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#60 0x413628 in Do_Next ../src/core/c-do.c:884
#61 0x414825 in Do_Blk ../src/core/c-do.c:1010
#62 0x483eff in N_do ../src/core/n-control.c:523
#63 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#64 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#65 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#66 0x414152 in Do_Next ../src/core/c-do.c:939
#67 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#68 0x48459c in N_if ../src/core/n-control.c:619
#69 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#70 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#71 0x414825 in Do_Blk ../src/core/c-do.c:1010
#72 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130
#73 0x49314d in N_repeat ../src/core/n-loop.c:631
#74 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#75 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#76 0x414825 in Do_Blk ../src/core/c-do.c:1010
#77 0x42ee10 in Do_Closure ../src/core/c-function.c:459
#78 0x413628 in Do_Next ../src/core/c-do.c:884
#79 0x414825 in Do_Blk ../src/core/c-do.c:1010
#80 0x485388 in N_unless ../src/core/n-control.c:763
#81 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#82 0x413628 in Do_Next ../src/core/c-do.c:884
#83 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#84 0x42e869 in Do_Function ../src/core/c-function.c:415
#85 0x418fb4 in Apply_Block ../src/core/c-do.c:1474
#86 0x4824fb in N_apply ../src/core/n-control.c:295
#87 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#88 0x413628 in Do_Next ../src/core/c-do.c:884
#89 0x4115f2 in Do_Args ../src/core/c-do.c:669
#90 0x414152 in Do_Next ../src/core/c-do.c:939
#91 0x414825 in Do_Blk ../src/core/c-do.c:1010
#92 0x485388 in N_unless ../src/core/n-control.c:763
rebol#93 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#94 0x413628 in Do_Next ../src/core/c-do.c:884
#95 0x414825 in Do_Blk ../src/core/c-do.c:1010
#96 0x483eff in N_do ../src/core/n-control.c:523
#97 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#98 0x413628 in Do_Next ../src/core/c-do.c:884
#99 0x4115f2 in Do_Args ../src/core/c-do.c:669
#100 0x414152 in Do_Next ../src/core/c-do.c:939
#101 0x414825 in Do_Blk ../src/core/c-do.c:1010
#102 0x48459c in N_if ../src/core/n-control.c:619
rebol#103 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#104 0x413628 in Do_Next ../src/core/c-do.c:884
#105 0x414825 in Do_Blk ../src/core/c-do.c:1010
#106 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130
#107 0x49314d in N_repeat ../src/core/n-loop.c:631
#108 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#109 0x413628 in Do_Next ../src/core/c-do.c:884
#110 0x414825 in Do_Blk ../src/core/c-do.c:1010
#111 0x42ee10 in Do_Closure ../src/core/c-function.c:459
#112 0x413628 in Do_Next ../src/core/c-do.c:884
#113 0x414825 in Do_Blk ../src/core/c-do.c:1010
#114 0x485388 in N_unless ../src/core/n-control.c:763
#115 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#116 0x413628 in Do_Next ../src/core/c-do.c:884
#117 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#118 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#119 0x413628 in Do_Next ../src/core/c-do.c:884
#120 0x414825 in Do_Blk ../src/core/c-do.c:1010
#121 0x484cf1 in N_switch ../src/core/n-control.c:716
#122 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#123 0x413628 in Do_Next ../src/core/c-do.c:884
#124 0x414825 in Do_Blk ../src/core/c-do.c:1010
#125 0x42e869 in Do_Function ../src/core/c-function.c:415
#126 0x413628 in Do_Next ../src/core/c-do.c:884
#127 0x414825 in Do_Blk ../src/core/c-do.c:1010
#128 0x48459c in N_if ../src/core/n-control.c:619
#129 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#130 0x413628 in Do_Next ../src/core/c-do.c:884
#131 0x414825 in Do_Blk ../src/core/c-do.c:1010
#132 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#133 0x413628 in Do_Next ../src/core/c-do.c:884
#134 0x41309b in Do_Next ../src/core/c-do.c:858
#135 0x414825 in Do_Blk ../src/core/c-do.c:1010
#136 0x484280 in N_either ../src/core/n-control.c:595
#137 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#138 0x413628 in Do_Next ../src/core/c-do.c:884
#139 0x414825 in Do_Blk ../src/core/c-do.c:1010
#140 0x42e869 in Do_Function ../src/core/c-function.c:415
#141 0x419631 in Apply_Function ../src/core/c-do.c:1518
#142 0x419918 in Apply_Func ../src/core/c-do.c:1545
#143 0x48d102 in N_wake_up ../src/core/n-io.c:415
#144 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#145 0x413628 in Do_Next ../src/core/c-do.c:884
#146 0x4115f2 in Do_Args ../src/core/c-do.c:669
#147 0x4133c9 in Do_Next ../src/core/c-do.c:877
#148 0x414825 in Do_Blk ../src/core/c-do.c:1010
#149 0x492b66 in N_loop ../src/core/n-loop.c:590
#150 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#151 0x413628 in Do_Next ../src/core/c-do.c:884
#152 0x414825 in Do_Blk ../src/core/c-do.c:1010
#153 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#154 0x419631 in Apply_Function ../src/core/c-do.c:1518
rebol#155 0x419918 in Apply_Func ../src/core/c-do.c:1545
rebol#156 0x42fef7 in Awake_System ../src/core/c-port.c:198
rebol#157 0x43012a in Wait_Ports ../src/core/c-port.c:231
#158 0x48cd62 in N_wait ../src/core/n-io.c:374
rebol#159 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#160 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#161 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#162 0x4133c9 in Do_Next ../src/core/c-do.c:877
rebol#163 0x4115f2 in Do_Args ../src/core/c-do.c:669
#164 0x4133c9 in Do_Next ../src/core/c-do.c:877
rebol#165 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#166 0x4929a7 in N_forever ../src/core/n-loop.c:527
#167 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#168 0x413628 in Do_Next ../src/core/c-do.c:884
#169 0x4152ff in Try_Block ../src/core/c-do.c:1077
#170 0x48507e in N_try ../src/core/n-control.c:740
rebol#171 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#172 0x413628 in Do_Next ../src/core/c-do.c:884
#173 0x4115f2 in Do_Args ../src/core/c-do.c:669
#174 0x414152 in Do_Next ../src/core/c-do.c:939
#175 0x4115f2 in Do_Args ../src/core/c-do.c:669
#176 0x4133c9 in Do_Next ../src/core/c-do.c:877
#177 0x4115f2 in Do_Args ../src/core/c-do.c:669
#178 0x4133c9 in Do_Next ../src/core/c-do.c:877
#179 0x414825 in Do_Blk ../src/core/c-do.c:1010
#180 0x42e869 in Do_Function ../src/core/c-function.c:415
#181 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#182 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#183 0x48459c in N_if ../src/core/n-control.c:619
#184 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#185 0x413628 in Do_Next ../src/core/c-do.c:884
#186 0x414825 in Do_Blk ../src/core/c-do.c:1010
#187 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#188 0x413628 in Do_Next ../src/core/c-do.c:884
#189 0x41309b in Do_Next ../src/core/c-do.c:858
rebol#190 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#191 0x42e869 in Do_Function ../src/core/c-function.c:415
#192 0x413628 in Do_Next ../src/core/c-do.c:884
#193 0x414825 in Do_Blk ../src/core/c-do.c:1010
#194 0x42e869 in Do_Function ../src/core/c-function.c:415
#195 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#196 0x4115f2 in Do_Args ../src/core/c-do.c:669
#197 0x414152 in Do_Next ../src/core/c-do.c:939
#198 0x48201c in N_all ../src/core/n-control.c:261
rebol#199 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#200 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#201 0x414825 in Do_Blk ../src/core/c-do.c:1010
#202 0x491abc in Loop_Each ../src/core/n-loop.c:410
#203 0x492a6c in N_foreach ../src/core/n-loop.c:546
#204 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#205 0x413628 in Do_Next ../src/core/c-do.c:884
#206 0x414825 in Do_Blk ../src/core/c-do.c:1010
#207 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#208 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#209 0x414825 in Do_Blk ../src/core/c-do.c:1010
#210 0x485388 in N_unless ../src/core/n-control.c:763
rebol#211 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#212 0x413628 in Do_Next ../src/core/c-do.c:884
#213 0x414825 in Do_Blk ../src/core/c-do.c:1010
#214 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#215 0x413628 in Do_Next ../src/core/c-do.c:884
#216 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#217 0x48459c in N_if ../src/core/n-control.c:619
rebol#218 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#219 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#220 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#221 0x42ee10 in Do_Closure ../src/core/c-function.c:459
rebol#222 0x413628 in Do_Next ../src/core/c-do.c:884
#223 0x4115f2 in Do_Args ../src/core/c-do.c:669
#224 0x414152 in Do_Next ../src/core/c-do.c:939
rebol#225 0x48201c in N_all ../src/core/n-control.c:261
#226 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#227 0x413628 in Do_Next ../src/core/c-do.c:884
#228 0x414825 in Do_Blk ../src/core/c-do.c:1010
#229 0x491abc in Loop_Each ../src/core/n-loop.c:410
#230 0x492a6c in N_foreach ../src/core/n-loop.c:546
#231 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#232 0x413628 in Do_Next ../src/core/c-do.c:884
#233 0x414825 in Do_Blk ../src/core/c-do.c:1010
#234 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#235 0x413628 in Do_Next ../src/core/c-do.c:884
#236 0x414825 in Do_Blk ../src/core/c-do.c:1010
#237 0x48459c in N_if ../src/core/n-control.c:619
#238 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#239 0x413628 in Do_Next ../src/core/c-do.c:884
#240 0x414825 in Do_Blk ../src/core/c-do.c:1010
#241 0x42e869 in Do_Function ../src/core/c-function.c:415
#242 0x413628 in Do_Next ../src/core/c-do.c:884
#243 0x41309b in Do_Next ../src/core/c-do.c:858
rebol#244 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#245 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#246 0x413628 in Do_Next ../src/core/c-do.c:884
#247 0x414825 in Do_Blk ../src/core/c-do.c:1010
#248 0x48459c in N_if ../src/core/n-control.c:619
rebol#249 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#250 0x413628 in Do_Next ../src/core/c-do.c:884
#251 0x414825 in Do_Blk ../src/core/c-do.c:1010
0x62a00000b201 is located 1 bytes to the right of 20480-byte region [0x62a000006200,0x62a00000b200)
allocated by thread T0 here:
#0 0x7ffff6f58b1f in malloc (/usr/lib/libasan.so.1+0x54b1f)
#1 0x47924a in Make_Mem ../src/core/m-pools.c:121
rebolsource#2 0x47a9ff in Make_Series ../src/core/m-pools.c:406
rebolsource#3 0x4aee84 in Make_Unicode ../src/core/s-make.c:59
#4 0x4bb797 in Init_Mold ../src/core/s-mold.c:1425
#5 0x40da64 in Init_Core ../src/core/b-init.c:940
rebolsource#6 0x4055e0 in RL_Init ../src/core/a-lib.c:124
rebol#7 0x580aa2 in main ../src/os/host-main.c:154
#8 0x7ffff5719fff in __libc_start_main (/usr/lib/libc.so.6+0x1ffff)
SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/core/m-series.c:145 Expand_Series
Shadow bytes around the buggy address:
0x0c547fff95f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c547fff9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c547fff9610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c547fff9620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c547fff9630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c547fff9640:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal:
zsx
added a commit
to metaeducation/ren-c
that referenced
this pull request
Jun 21, 2015
It will confuse Expand_Series expects "tail" to be the actual size, and
cause a read beyond the allocated memory, or heap buffer overflow found
by address sanitizer of GCC:
=================================================================
==10856==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62a00000b201 at pc 0x47df61 bp 0x7fffffff2ca0 sp 0x7fffffff2c98
READ of size 1 at 0x62a00000b201 thread T0
#0 0x47df60 in Expand_Series ../src/core/m-series.c:145
#1 0x47e5a7 in Extend_Series ../src/core/m-series.c:187
rebolsource#2 0x466e0c in Scan_Quote ../src/core/l-scan.c:462
rebolsource#3 0x46a797 in Scan_Token ../src/core/l-scan.c:918
#4 0x46e263 in Scan_Block ../src/core/l-scan.c:1188
#5 0x46e722 in Scan_Code ../src/core/l-scan.c:1548
rebolsource#6 0x46e886 in Scan_Source ../src/core/l-scan.c:1568
rebol#7 0x4cb85c in Make_Block_Type ../src/core/t-block.c:306
#8 0x4cd1b8 in T_Block ../src/core/t-block.c:608
#9 0x4d042e in T_Datatype ../src/core/t-datatype.c:92
#10 0x42e080 in Do_Act ../src/core/c-function.c:338
#11 0x42e7e5 in Do_Action ../src/core/c-function.c:396
#12 0x413628 in Do_Next ../src/core/c-do.c:884
#13 0x41309b in Do_Next ../src/core/c-do.c:858
#14 0x414825 in Do_Blk ../src/core/c-do.c:1010
#15 0x482dd2 in N_case ../src/core/n-control.c:349
#16 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#17 0x413628 in Do_Next ../src/core/c-do.c:884
#18 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#19 0x42e869 in Do_Function ../src/core/c-function.c:415
#20 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#21 0x41309b in Do_Next ../src/core/c-do.c:858
rebol#22 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#23 0x42e869 in Do_Function ../src/core/c-function.c:415
#24 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#25 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#26 0x414152 in Do_Next ../src/core/c-do.c:939
#27 0x48201c in N_all ../src/core/n-control.c:261
#28 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#29 0x413628 in Do_Next ../src/core/c-do.c:884
#30 0x414825 in Do_Blk ../src/core/c-do.c:1010
#31 0x491abc in Loop_Each ../src/core/n-loop.c:410
#32 0x492a6c in N_foreach ../src/core/n-loop.c:546
rebol#33 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#34 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#35 0x414825 in Do_Blk ../src/core/c-do.c:1010
#36 0x42e869 in Do_Function ../src/core/c-function.c:415
#37 0x413628 in Do_Next ../src/core/c-do.c:884
#38 0x4115f2 in Do_Args ../src/core/c-do.c:669
#39 0x414152 in Do_Next ../src/core/c-do.c:939
rebol#40 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#41 0x48459c in N_if ../src/core/n-control.c:619
#42 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#43 0x413628 in Do_Next ../src/core/c-do.c:884
#44 0x414825 in Do_Blk ../src/core/c-do.c:1010
#45 0x491abc in Loop_Each ../src/core/n-loop.c:410
rebol#46 0x492a6c in N_foreach ../src/core/n-loop.c:546
#47 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#48 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#49 0x414825 in Do_Blk ../src/core/c-do.c:1010
#50 0x42e869 in Do_Function ../src/core/c-function.c:415
#51 0x418fb4 in Apply_Block ../src/core/c-do.c:1474
#52 0x4824fb in N_apply ../src/core/n-control.c:295
rebol#53 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#54 0x413628 in Do_Next ../src/core/c-do.c:884
#55 0x4115f2 in Do_Args ../src/core/c-do.c:669
#56 0x414152 in Do_Next ../src/core/c-do.c:939
#57 0x414825 in Do_Blk ../src/core/c-do.c:1010
#58 0x485388 in N_unless ../src/core/n-control.c:763
#59 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#60 0x413628 in Do_Next ../src/core/c-do.c:884
#61 0x414825 in Do_Blk ../src/core/c-do.c:1010
#62 0x483eff in N_do ../src/core/n-control.c:523
#63 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#64 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#65 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#66 0x414152 in Do_Next ../src/core/c-do.c:939
#67 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#68 0x48459c in N_if ../src/core/n-control.c:619
#69 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#70 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#71 0x414825 in Do_Blk ../src/core/c-do.c:1010
#72 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130
#73 0x49314d in N_repeat ../src/core/n-loop.c:631
#74 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#75 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#76 0x414825 in Do_Blk ../src/core/c-do.c:1010
#77 0x42ee10 in Do_Closure ../src/core/c-function.c:459
#78 0x413628 in Do_Next ../src/core/c-do.c:884
#79 0x414825 in Do_Blk ../src/core/c-do.c:1010
#80 0x485388 in N_unless ../src/core/n-control.c:763
#81 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#82 0x413628 in Do_Next ../src/core/c-do.c:884
#83 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#84 0x42e869 in Do_Function ../src/core/c-function.c:415
#85 0x418fb4 in Apply_Block ../src/core/c-do.c:1474
#86 0x4824fb in N_apply ../src/core/n-control.c:295
#87 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#88 0x413628 in Do_Next ../src/core/c-do.c:884
#89 0x4115f2 in Do_Args ../src/core/c-do.c:669
#90 0x414152 in Do_Next ../src/core/c-do.c:939
#91 0x414825 in Do_Blk ../src/core/c-do.c:1010
#92 0x485388 in N_unless ../src/core/n-control.c:763
rebol#93 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#94 0x413628 in Do_Next ../src/core/c-do.c:884
#95 0x414825 in Do_Blk ../src/core/c-do.c:1010
#96 0x483eff in N_do ../src/core/n-control.c:523
#97 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#98 0x413628 in Do_Next ../src/core/c-do.c:884
#99 0x4115f2 in Do_Args ../src/core/c-do.c:669
#100 0x414152 in Do_Next ../src/core/c-do.c:939
#101 0x414825 in Do_Blk ../src/core/c-do.c:1010
#102 0x48459c in N_if ../src/core/n-control.c:619
rebol#103 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#104 0x413628 in Do_Next ../src/core/c-do.c:884
#105 0x414825 in Do_Blk ../src/core/c-do.c:1010
#106 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130
#107 0x49314d in N_repeat ../src/core/n-loop.c:631
#108 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#109 0x413628 in Do_Next ../src/core/c-do.c:884
#110 0x414825 in Do_Blk ../src/core/c-do.c:1010
#111 0x42ee10 in Do_Closure ../src/core/c-function.c:459
#112 0x413628 in Do_Next ../src/core/c-do.c:884
#113 0x414825 in Do_Blk ../src/core/c-do.c:1010
#114 0x485388 in N_unless ../src/core/n-control.c:763
#115 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#116 0x413628 in Do_Next ../src/core/c-do.c:884
#117 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#118 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#119 0x413628 in Do_Next ../src/core/c-do.c:884
#120 0x414825 in Do_Blk ../src/core/c-do.c:1010
#121 0x484cf1 in N_switch ../src/core/n-control.c:716
#122 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#123 0x413628 in Do_Next ../src/core/c-do.c:884
#124 0x414825 in Do_Blk ../src/core/c-do.c:1010
#125 0x42e869 in Do_Function ../src/core/c-function.c:415
#126 0x413628 in Do_Next ../src/core/c-do.c:884
#127 0x414825 in Do_Blk ../src/core/c-do.c:1010
#128 0x48459c in N_if ../src/core/n-control.c:619
#129 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#130 0x413628 in Do_Next ../src/core/c-do.c:884
#131 0x414825 in Do_Blk ../src/core/c-do.c:1010
#132 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#133 0x413628 in Do_Next ../src/core/c-do.c:884
#134 0x41309b in Do_Next ../src/core/c-do.c:858
#135 0x414825 in Do_Blk ../src/core/c-do.c:1010
#136 0x484280 in N_either ../src/core/n-control.c:595
#137 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#138 0x413628 in Do_Next ../src/core/c-do.c:884
#139 0x414825 in Do_Blk ../src/core/c-do.c:1010
#140 0x42e869 in Do_Function ../src/core/c-function.c:415
#141 0x419631 in Apply_Function ../src/core/c-do.c:1518
#142 0x419918 in Apply_Func ../src/core/c-do.c:1545
#143 0x48d102 in N_wake_up ../src/core/n-io.c:415
#144 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#145 0x413628 in Do_Next ../src/core/c-do.c:884
#146 0x4115f2 in Do_Args ../src/core/c-do.c:669
#147 0x4133c9 in Do_Next ../src/core/c-do.c:877
#148 0x414825 in Do_Blk ../src/core/c-do.c:1010
#149 0x492b66 in N_loop ../src/core/n-loop.c:590
#150 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#151 0x413628 in Do_Next ../src/core/c-do.c:884
#152 0x414825 in Do_Blk ../src/core/c-do.c:1010
#153 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#154 0x419631 in Apply_Function ../src/core/c-do.c:1518
rebol#155 0x419918 in Apply_Func ../src/core/c-do.c:1545
rebol#156 0x42fef7 in Awake_System ../src/core/c-port.c:198
rebol#157 0x43012a in Wait_Ports ../src/core/c-port.c:231
#158 0x48cd62 in N_wait ../src/core/n-io.c:374
rebol#159 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#160 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#161 0x4115f2 in Do_Args ../src/core/c-do.c:669
rebol#162 0x4133c9 in Do_Next ../src/core/c-do.c:877
rebol#163 0x4115f2 in Do_Args ../src/core/c-do.c:669
#164 0x4133c9 in Do_Next ../src/core/c-do.c:877
rebol#165 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#166 0x4929a7 in N_forever ../src/core/n-loop.c:527
#167 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#168 0x413628 in Do_Next ../src/core/c-do.c:884
#169 0x4152ff in Try_Block ../src/core/c-do.c:1077
#170 0x48507e in N_try ../src/core/n-control.c:740
rebol#171 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#172 0x413628 in Do_Next ../src/core/c-do.c:884
#173 0x4115f2 in Do_Args ../src/core/c-do.c:669
#174 0x414152 in Do_Next ../src/core/c-do.c:939
#175 0x4115f2 in Do_Args ../src/core/c-do.c:669
#176 0x4133c9 in Do_Next ../src/core/c-do.c:877
#177 0x4115f2 in Do_Args ../src/core/c-do.c:669
#178 0x4133c9 in Do_Next ../src/core/c-do.c:877
#179 0x414825 in Do_Blk ../src/core/c-do.c:1010
#180 0x42e869 in Do_Function ../src/core/c-function.c:415
#181 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#182 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#183 0x48459c in N_if ../src/core/n-control.c:619
#184 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#185 0x413628 in Do_Next ../src/core/c-do.c:884
#186 0x414825 in Do_Blk ../src/core/c-do.c:1010
#187 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#188 0x413628 in Do_Next ../src/core/c-do.c:884
#189 0x41309b in Do_Next ../src/core/c-do.c:858
rebol#190 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#191 0x42e869 in Do_Function ../src/core/c-function.c:415
#192 0x413628 in Do_Next ../src/core/c-do.c:884
#193 0x414825 in Do_Blk ../src/core/c-do.c:1010
#194 0x42e869 in Do_Function ../src/core/c-function.c:415
#195 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#196 0x4115f2 in Do_Args ../src/core/c-do.c:669
#197 0x414152 in Do_Next ../src/core/c-do.c:939
#198 0x48201c in N_all ../src/core/n-control.c:261
rebol#199 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#200 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#201 0x414825 in Do_Blk ../src/core/c-do.c:1010
#202 0x491abc in Loop_Each ../src/core/n-loop.c:410
#203 0x492a6c in N_foreach ../src/core/n-loop.c:546
#204 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#205 0x413628 in Do_Next ../src/core/c-do.c:884
#206 0x414825 in Do_Blk ../src/core/c-do.c:1010
#207 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#208 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#209 0x414825 in Do_Blk ../src/core/c-do.c:1010
#210 0x485388 in N_unless ../src/core/n-control.c:763
rebol#211 0x42dbb7 in Do_Native ../src/core/c-function.c:289
rebol#212 0x413628 in Do_Next ../src/core/c-do.c:884
#213 0x414825 in Do_Blk ../src/core/c-do.c:1010
#214 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#215 0x413628 in Do_Next ../src/core/c-do.c:884
#216 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#217 0x48459c in N_if ../src/core/n-control.c:619
rebol#218 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#219 0x413628 in Do_Next ../src/core/c-do.c:884
rebol#220 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#221 0x42ee10 in Do_Closure ../src/core/c-function.c:459
rebol#222 0x413628 in Do_Next ../src/core/c-do.c:884
#223 0x4115f2 in Do_Args ../src/core/c-do.c:669
#224 0x414152 in Do_Next ../src/core/c-do.c:939
rebol#225 0x48201c in N_all ../src/core/n-control.c:261
#226 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#227 0x413628 in Do_Next ../src/core/c-do.c:884
#228 0x414825 in Do_Blk ../src/core/c-do.c:1010
#229 0x491abc in Loop_Each ../src/core/n-loop.c:410
#230 0x492a6c in N_foreach ../src/core/n-loop.c:546
#231 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#232 0x413628 in Do_Next ../src/core/c-do.c:884
#233 0x414825 in Do_Blk ../src/core/c-do.c:1010
#234 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#235 0x413628 in Do_Next ../src/core/c-do.c:884
#236 0x414825 in Do_Blk ../src/core/c-do.c:1010
#237 0x48459c in N_if ../src/core/n-control.c:619
#238 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#239 0x413628 in Do_Next ../src/core/c-do.c:884
#240 0x414825 in Do_Blk ../src/core/c-do.c:1010
#241 0x42e869 in Do_Function ../src/core/c-function.c:415
#242 0x413628 in Do_Next ../src/core/c-do.c:884
#243 0x41309b in Do_Next ../src/core/c-do.c:858
rebol#244 0x414825 in Do_Blk ../src/core/c-do.c:1010
rebol#245 0x42e869 in Do_Function ../src/core/c-function.c:415
rebol#246 0x413628 in Do_Next ../src/core/c-do.c:884
#247 0x414825 in Do_Blk ../src/core/c-do.c:1010
#248 0x48459c in N_if ../src/core/n-control.c:619
rebol#249 0x42dbb7 in Do_Native ../src/core/c-function.c:289
#250 0x413628 in Do_Next ../src/core/c-do.c:884
#251 0x414825 in Do_Blk ../src/core/c-do.c:1010
0x62a00000b201 is located 1 bytes to the right of 20480-byte region [0x62a000006200,0x62a00000b200)
allocated by thread T0 here:
#0 0x7ffff6f58b1f in malloc (/usr/lib/libasan.so.1+0x54b1f)
#1 0x47924a in Make_Mem ../src/core/m-pools.c:121
rebolsource#2 0x47a9ff in Make_Series ../src/core/m-pools.c:406
rebolsource#3 0x4aee84 in Make_Unicode ../src/core/s-make.c:59
#4 0x4bb797 in Init_Mold ../src/core/s-mold.c:1425
#5 0x40da64 in Init_Core ../src/core/b-init.c:940
rebolsource#6 0x4055e0 in RL_Init ../src/core/a-lib.c:124
rebol#7 0x580aa2 in main ../src/os/host-main.c:154
#8 0x7ffff5719fff in __libc_start_main (/usr/lib/libc.so.6+0x1ffff)
SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/core/m-series.c:145 Expand_Series
Shadow bytes around the buggy address:
0x0c547fff95f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c547fff9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c547fff9610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c547fff9620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c547fff9630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c547fff9640:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal:
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Leak from CC #2068. Found with valgrind but it would have been obvious even without. Valgrind confirms no leaks afterward.
These two calls to Free_Mem seem to resolve the issue for now. But it looks like the codec extensibility model is skeletal and ad-hoc at the moment. See also this question:
http://stackoverflow.com/questions/14365034/how-do-you-write-a-codec-for-rebol-3
A general review of codecs that will work for letting people supply codecs written as Rebol code is needed. That as well as native JPEG and GIF encoding (as opposed to just decoding)...choosing which codecs to include in minimal builds... among many other considerations.