Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] AddressSanitizer: heap-buffer-overflow in in cpp2::lex_line #1158

Closed
MarekKnapek opened this issue Jul 12, 2024 · 5 comments
Closed

[BUG] AddressSanitizer: heap-buffer-overflow in in cpp2::lex_line #1158

MarekKnapek opened this issue Jul 12, 2024 · 5 comments
Assignees
@hsutter
Labels
bug Something isn't working

Comments

@MarekKnapek
Copy link

Steps To Reproduce

  • Get the latest cppfront source code.
  • Compile cppfront with ASAN enabled.
  • g++ -std=c++20 -fsanitize=address cppfront.cpp -o cppfront
  • Run cppfront on a test file.
  • ./cppfront test.cpp2

Expected behavior

  • Successfully compile the source code or exit with some nice error message saying that the source code is invalid.
  • No crash.

Actual behavior

  • ASAN crash!

Additional context
@MarekKnapek MarekKnapek added the bug Something isn't working label Jul 12, 2024
@hsutter
Copy link
Owner

hsutter commented Jul 13, 2024

Thanks!

I'm not able to reproduce this with the current main. Perhaps this was fixed by a recent commit?

I get the following:

demo.cpp2(1,12): error: string literal "\\\═" is missing its closing "
demo.cpp2(1,12): error: invalid template parameter list (at ']')

@hsutter hsutter self-assigned this Jul 13, 2024
@hsutter hsutter added the question - further information requested Further information is requested label Jul 13, 2024
@MarekKnapek
Copy link
Author

I am able to reproduce this on latest main.

  • mkdir temp
  • cd temp
  • git clone https://github.com/hsutter/cppfront.git
  • cd cppfront/source/
  • g++ -std=c++20 -fsanitize=address cppfront.cpp -o cppfront
  • ./cppfront test.cpp2
=================================================================
==40654==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x503000000531 at pc 0x7b9ac04f95fe bp 0x7ffd8792d450 sp 0x7ffd8792cbf8
READ of size 5 at 0x503000000531 thread T0
    #0 0x7b9ac04f95fd in memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
    #1 0x57e616102ce7 in std::char_traits<char>::copy(char*, char const*, unsigned long) (/home/mk/dev/temp/cppfront/source/cppfront+0xacce7) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #2 0x57e616107a3f in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_S_copy(char*, char const*, unsigned long) (/home/mk/dev/temp/cppfront/source/cppfront+0xb1a3f) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #3 0x57e6161079f1 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_S_copy_chars(char*, char const*, char const*) (/home/mk/dev/temp/cppfront/source/cppfront+0xb19f1) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #4 0x57e61610786f in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) (/home/mk/dev/temp/cppfront/source/cppfront+0xb186f) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #5 0x57e6161d95b7 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, unsigned long, std::allocator<char> const&) (/home/mk/dev/temp/cppfront/source/cppfront+0x1835b7) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #6 0x57e6160a5083 in cpp2::lex_line(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, int, bool&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, cpp2::source_position&, std::vector<cpp2::token, std::allocator<cpp2::token> >&, std::vector<cpp2::comment, std::allocator<cpp2::comment> >&, std::vector<cpp2::error_entry, std::allocator<cpp2::error_entry> >&, std::optional<cpp2::raw_string>&) (/home/mk/dev/temp/cppfront/source/cppfront+0x4f083) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #7 0x57e616118f24 in cpp2::tokens::lex(std::vector<cpp2::source_line, std::allocator<cpp2::source_line> >&, bool) (/home/mk/dev/temp/cppfront/source/cppfront+0xc2f24) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #8 0x57e61618653a in cpp2::cppfront::cppfront(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/home/mk/dev/temp/cppfront/source/cppfront+0x13053a) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #9 0x57e6160e68b4 in main (/home/mk/dev/temp/cppfront/source/cppfront+0x908b4) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #10 0x7b9abfc2a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #11 0x7b9abfc2a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #12 0x57e61608df64 in _start (/home/mk/dev/temp/cppfront/source/cppfront+0x37f64) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)

0x503000000531 is located 0 bytes after 17-byte region [0x503000000520,0x503000000531)
allocated by thread T0 here:
    #0 0x7b9ac04fc698 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x57e6161e0361 in std::__new_allocator<char>::allocate(unsigned long, void const*) (/home/mk/dev/temp/cppfront/source/cppfront+0x18a361) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #2 0x57e61611098b in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_S_allocate(std::allocator<char>&, unsigned long) (/home/mk/dev/temp/cppfront/source/cppfront+0xba98b) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #3 0x57e616110771 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_create(unsigned long&, unsigned long) (/home/mk/dev/temp/cppfront/source/cppfront+0xba771) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #4 0x57e616107749 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) (/home/mk/dev/temp/cppfront/source/cppfront+0xb1749) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #5 0x57e6161d95b7 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, unsigned long, std::allocator<char> const&) (/home/mk/dev/temp/cppfront/source/cppfront+0x1835b7) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #6 0x57e6161dddc1 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::__sv_wrapper, std::allocator<char> const&) (/home/mk/dev/temp/cppfront/source/cppfront+0x187dc1) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #7 0x57e61610a6fd in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string<std::basic_string_view<char, std::char_traits<char> >, void>(std::basic_string_view<char, std::char_traits<char> > const&, std::allocator<char> const&) (/home/mk/dev/temp/cppfront/source/cppfront+0xb46fd) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #8 0x57e616106510 in cpp2::source_line::source_line(std::basic_string_view<char, std::char_traits<char> >, cpp2::source_line::category) (/home/mk/dev/temp/cppfront/source/cppfront+0xb0510) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #9 0x57e616114ba4 in cpp2::source::load(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/home/mk/dev/temp/cppfront/source/cppfront+0xbeba4) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #10 0x57e616186373 in cpp2::cppfront::cppfront(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/home/mk/dev/temp/cppfront/source/cppfront+0x130373) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #11 0x57e6160e68b4 in main (/home/mk/dev/temp/cppfront/source/cppfront+0x908b4) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)
    #12 0x7b9abfc2a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #13 0x7b9abfc2a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #14 0x57e61608df64 in _start (/home/mk/dev/temp/cppfront/source/cppfront+0x37f64) (BuildId: e8810aab51e51ca392123f0d03a4e146b5a623b6)

SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115 in memcpy
Shadow bytes around the buggy address:
  0x503000000280: 00 00 00 03 fa fa 00 00 00 03 fa fa 00 00 04 fa
  0x503000000300: fa fa 00 00 00 00 fa fa 00 00 05 fa fa fa 00 00
  0x503000000380: 00 03 fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa
  0x503000000400: 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00 00 fa
  0x503000000480: fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa fd fd
=>0x503000000500: fd fa fa fa 00 00[01]fa fa fa fd fd fd fd fa fa
  0x503000000580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x503000000600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x503000000680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x503000000700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x503000000780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==40654==ABORTING

This is on virtual Ubuntu computer.

uname -a
Linux wkpc 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
g++ --version
g++ (Ubuntu 13.2.0-23ubuntu4) 13.2.0

I just checked, and there might be a new line character at the end of the file.
test.zip

@MarekKnapek
Copy link
Author

Visual Studio 2022:

03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\dev\mnt\mkdisk\dev\repos\cppfront\build\cppfront\x64\Debug\cppfront.exe'. Symbols loaded.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\ntdll.dll'. Symbols loaded without source information.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\kernel32.dll'. Symbols loaded without source information.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\KernelBase.dll'. Symbols loaded without source information.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\msvcp140d.dll'. Symbols loaded.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\bin\Hostx64\x64\clang_rt.asan_dynamic-x86_64.dll'. Symbols loaded.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\advapi32.dll'. Symbols loaded without source information.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\msvcrt.dll'. Symbols loaded without source information.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\sechost.dll'. Symbols loaded without source information.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\bcrypt.dll'. Symbols loaded without source information.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\rpcrt4.dll'. Symbols loaded without source information.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\ucrtbase.dll'. Symbols loaded without source information.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\vcruntime140d.dll'. Symbols loaded.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\vcruntime140_1d.dll'. Symbols loaded without source information.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\ucrtbased.dll'. Symbols loaded.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\vcruntime140.dll'. Symbols loaded.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\vcruntime140_1.dll'. Symbols loaded without source information.
03:59:15:213	The thread 15196 has exited with code 0 (0x0).
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\dbghelp.dll'. Symbols loaded without source information.
03:59:15:213	'cppfront.exe' (Win32): Loaded 'C:\Windows\System32\bcryptprimitives.dll'. Symbols loaded without source information.
03:59:17:514	=================================================================
03:59:17:514	==11952==ERROR: AddressSanitizer: container-overflow on address 0x116bb50a0771 at pc 0x7ff8889a9334 bp 0x00443b1c5a30 sp 0x00443b1c51c0
03:59:17:514	READ of size 5 at 0x116bb50a0771 thread T0
03:59:17:514	==11952==WARNING: Failed to use and restart external symbolizer!
03:59:17:514	    #0 0x7ff8889a9333 in _asan_wrap_memcpy+0x193 (c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\bin\HostX64\x64\clang_rt.asan_dynamic-x86_64.dll+0x180039333)
03:59:17:514	    #1 0x7ff7da9cae9a in std::_Char_traits<char,int>::copy c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\include\xstring:64
03:59:17:514	    #2 0x7ff7da6b5e9c in std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Construct<1,char const *> c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\include\xstring:2688
03:59:17:514	    #3 0x7ff7da873d1d in std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,std::char_traits<char>,std::allocator<char> > c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\include\xstring:2547
03:59:17:514	    #4 0x7ff7da61c45b in cpp2::lex_line c:\dev\mnt\mkdisk\dev\repos\cppfront\source\lex.h:1735
03:59:17:514	    #5 0x7ff7daa5872c in cpp2::tokens::lex c:\dev\mnt\mkdisk\dev\repos\cppfront\source\lex.h:1981
03:59:17:514	    #6 0x7ff7da89532c in cpp2::cppfront::cppfront c:\dev\mnt\mkdisk\dev\repos\cppfront\source\to_cpp1.h:1195
03:59:17:514	    #7 0x7ff7da66ee52 in main c:\dev\mnt\mkdisk\dev\repos\cppfront\source\cppfront.cpp:74
03:59:17:514	    #8 0x7ff7daae66d8 in invoke_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
03:59:17:514	    #9 0x7ff7daae6621 in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
03:59:17:514	    #10 0x7ff7daae64dd in __scrt_common_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:330
03:59:17:514	    #11 0x7ff7daae674d in mainCRTStartup D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp:16
03:59:17:514	    #12 0x7ff93b3a4caf in BaseThreadInitThunk+0xf (C:\Windows\System32\KERNEL32.DLL+0x180014caf)
03:59:17:514	    #13 0x7ff93bc1ecea in RtlUserThreadStart+0x2a (C:\Windows\SYSTEM32\ntdll.dll+0x18007ecea)
03:59:17:514	
03:59:17:514	0x116bb50a0771 is located 17 bytes inside of 32-byte region [0x116bb50a0760,0x116bb50a0780)
03:59:17:514	allocated by thread T0 here:
03:59:17:514	    #0 0x7ff7daae5285 in operator new D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\asan\asan_win_new_scalar_thunk.cpp:40
03:59:17:514	    #1 0x7ff7da8fa97e in std::_Default_allocate_traits::_Allocate c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\include\xmemory:101
03:59:17:514	    #2 0x7ff7da6aedca in std::_Allocate<16,std::_Default_allocate_traits> c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\include\xmemory:225
03:59:17:514	    #3 0x7ff7da9a760b in std::allocator<char>::allocate c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\include\xmemory:955
03:59:17:514	    #4 0x7ff7da6aee53 in std::_Allocate_at_least_helper<std::allocator<char> > c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\include\xmemory:2186
03:59:17:514	    #5 0x7ff7da6b1e9c in std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Allocate_for_capacity<0> c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\include\xstring:2620
03:59:17:514	    #6 0x7ff7da6b601a in std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Construct<1,char const *> c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\include\xstring:2703
03:59:17:514	    #7 0x7ff7da69380d in std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,std::char_traits<char>,std::allocator<char> ><std::basic_string_view<char,std::char_traits<char> >,0> c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\include\xstring:2944
03:59:17:514	    #8 0x7ff7da89daca in cpp2::source_line::source_line c:\dev\mnt\mkdisk\dev\repos\cppfront\source\common.h:77
03:59:17:514	    #9 0x7ff7daa59efe in cpp2::source::load c:\dev\mnt\mkdisk\dev\repos\cppfront\source\io.h:934
03:59:17:514	    #10 0x7ff7da89515b in cpp2::cppfront::cppfront c:\dev\mnt\mkdisk\dev\repos\cppfront\source\to_cpp1.h:1180
03:59:17:514	    #11 0x7ff7da66ee52 in main c:\dev\mnt\mkdisk\dev\repos\cppfront\source\cppfront.cpp:74
03:59:17:514	    #12 0x7ff7daae66d8 in invoke_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
03:59:17:514	    #13 0x7ff7daae6621 in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
03:59:17:514	    #14 0x7ff7daae64dd in __scrt_common_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:330
03:59:17:514	    #15 0x7ff7daae674d in mainCRTStartup D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp:16
03:59:17:514	    #16 0x7ff93b3a4caf in BaseThreadInitThunk+0xf (C:\Windows\System32\KERNEL32.DLL+0x180014caf)
03:59:17:514	    #17 0x7ff93bc1ecea in RtlUserThreadStart+0x2a (C:\Windows\SYSTEM32\ntdll.dll+0x18007ecea)
03:59:17:514	
03:59:17:514	HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0.
03:59:17:514	If you suspect a false positive see also: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow.
03:59:17:514	SUMMARY: AddressSanitizer: container-overflow (c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\bin\HostX64\x64\clang_rt.asan_dynamic-x86_64.dll+0x180039333) in _asan_wrap_memcpy+0x193
03:59:17:514	Shadow bytes around the buggy address:
03:59:17:514	  0x03932ba94090: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
03:59:17:514	  0x03932ba940a0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
03:59:17:514	  0x03932ba940b0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
03:59:17:514	  0x03932ba940c0: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00
03:59:17:514	  0x03932ba940d0: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
03:59:17:514	=>0x03932ba940e0: 00 00 00 00 fa fa fd fd fd fd fa fa 00 00[01]fc
03:59:17:514	  0x03932ba940f0: fa fa fd fd fd fd fa fa fd fd fd fa fa fa fd fd
03:59:17:514	  0x03932ba94100: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
03:59:17:514	  0x03932ba94110: 00 00 00 00 fa fa 00 00 00 04 fa fa 00 00 00 04
03:59:17:514	  0x03932ba94120: fa fa 00 00 00 04 fa fa 00 00 00 fa fa fa fd fd
03:59:17:514	  0x03932ba94130: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
03:59:17:514	Shadow byte legend (one shadow byte represents 8 application bytes):
03:59:17:514	  Addressable:           00
03:59:17:514	  Partially addressable: 01 02 03 04 05 06 07 
03:59:17:514	  Heap left redzone:       fa
03:59:17:514	  Freed heap region:       fd
03:59:17:514	  Stack left redzone:      f1
03:59:17:514	  Stack mid redzone:       f2
03:59:17:514	  Stack right redzone:     f3
03:59:17:514	  Stack after return:      f5
03:59:17:514	  Stack use after scope:   f8
03:59:17:514	  Global redzone:          f9
03:59:17:514	  Global init order:       f6
03:59:17:514	  Poisoned by user:        f7
03:59:17:514	  Container overflow:      fc
03:59:17:514	  Array cookie:            ac
03:59:17:514	  Intra object redzone:    bb
03:59:17:514	  ASan internal:           fe
03:59:17:514	  Left alloca redzone:     ca
03:59:17:514	  Right alloca redzone:    cb
03:59:17:514	Address Sanitizer Error: Container overflow
03:59:17:514	
03:59:17:514	Full error details can be found in the Debug Output window
03:59:17:514

@hsutter hsutter removed the question - further information requested Further information is requested label Jul 14, 2024
@hsutter
Copy link
Owner

hsutter commented Jul 14, 2024

Oh right, it's not a general "this code crashes," it's an ASAN diagnostic.

Thanks, will look again...

@hsutter
Copy link
Owner

hsutter commented Jul 14, 2024

... found it, and there were four other similar occurrences, now all fixed. Thanks!

@MarekKnapek MarekKnapek mentioned this issue Jul 20, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hsutter hsutter

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hsutter @MarekKnapek