Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Do not increase tail before extension
It will confuse Expand_Series expects "tail" to be the actual size, and cause a read beyond the allocated memory, or heap buffer overflow found by address sanitizer of GCC: ================================================================= ==10856==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62a00000b201 at pc 0x47df61 bp 0x7fffffff2ca0 sp 0x7fffffff2c98 READ of size 1 at 0x62a00000b201 thread T0 #0 0x47df60 in Expand_Series ../src/core/m-series.c:145 #1 0x47e5a7 in Extend_Series ../src/core/m-series.c:187 #2 0x466e0c in Scan_Quote ../src/core/l-scan.c:462 #3 0x46a797 in Scan_Token ../src/core/l-scan.c:918 #4 0x46e263 in Scan_Block ../src/core/l-scan.c:1188 #5 0x46e722 in Scan_Code ../src/core/l-scan.c:1548 #6 0x46e886 in Scan_Source ../src/core/l-scan.c:1568 #7 0x4cb85c in Make_Block_Type ../src/core/t-block.c:306 #8 0x4cd1b8 in T_Block ../src/core/t-block.c:608 #9 0x4d042e in T_Datatype ../src/core/t-datatype.c:92 #10 0x42e080 in Do_Act ../src/core/c-function.c:338 #11 0x42e7e5 in Do_Action ../src/core/c-function.c:396 #12 0x413628 in Do_Next ../src/core/c-do.c:884 #13 0x41309b in Do_Next ../src/core/c-do.c:858 #14 0x414825 in Do_Blk ../src/core/c-do.c:1010 #15 0x482dd2 in N_case ../src/core/n-control.c:349 #16 0x42dbb7 in Do_Native ../src/core/c-function.c:289 #17 0x413628 in Do_Next ../src/core/c-do.c:884 #18 0x414825 in Do_Blk ../src/core/c-do.c:1010 #19 0x42e869 in Do_Function ../src/core/c-function.c:415 #20 0x413628 in Do_Next ../src/core/c-do.c:884 #21 0x41309b in Do_Next ../src/core/c-do.c:858 #22 0x414825 in Do_Blk ../src/core/c-do.c:1010 #23 0x42e869 in Do_Function ../src/core/c-function.c:415 #24 0x413628 in Do_Next ../src/core/c-do.c:884 #25 0x4115f2 in Do_Args ../src/core/c-do.c:669 #26 0x414152 in Do_Next ../src/core/c-do.c:939 #27 0x48201c in N_all ../src/core/n-control.c:261 #28 0x42dbb7 in Do_Native ../src/core/c-function.c:289 #29 0x413628 in Do_Next ../src/core/c-do.c:884 #30 0x414825 in Do_Blk ../src/core/c-do.c:1010 #31 0x491abc in Loop_Each ../src/core/n-loop.c:410 #32 0x492a6c in N_foreach ../src/core/n-loop.c:546 #33 0x42dbb7 in Do_Native ../src/core/c-function.c:289 #34 0x413628 in Do_Next ../src/core/c-do.c:884 #35 0x414825 in Do_Blk ../src/core/c-do.c:1010 #36 0x42e869 in Do_Function ../src/core/c-function.c:415 #37 0x413628 in Do_Next ../src/core/c-do.c:884 #38 0x4115f2 in Do_Args ../src/core/c-do.c:669 #39 0x414152 in Do_Next ../src/core/c-do.c:939 #40 0x414825 in Do_Blk ../src/core/c-do.c:1010 #41 0x48459c in N_if ../src/core/n-control.c:619 #42 0x42dbb7 in Do_Native ../src/core/c-function.c:289 #43 0x413628 in Do_Next ../src/core/c-do.c:884 #44 0x414825 in Do_Blk ../src/core/c-do.c:1010 #45 0x491abc in Loop_Each ../src/core/n-loop.c:410 #46 0x492a6c in N_foreach ../src/core/n-loop.c:546 #47 0x42dbb7 in Do_Native ../src/core/c-function.c:289 #48 0x413628 in Do_Next ../src/core/c-do.c:884 #49 0x414825 in Do_Blk ../src/core/c-do.c:1010 #50 0x42e869 in Do_Function ../src/core/c-function.c:415 #51 0x418fb4 in Apply_Block ../src/core/c-do.c:1474 #52 0x4824fb in N_apply ../src/core/n-control.c:295 rebol#53 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#54 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#55 0x4115f2 in Do_Args ../src/core/c-do.c:669 rebol#56 0x414152 in Do_Next ../src/core/c-do.c:939 rebol#57 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#58 0x485388 in N_unless ../src/core/n-control.c:763 rebol#59 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#60 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#61 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#62 0x483eff in N_do ../src/core/n-control.c:523 rebol#63 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#64 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#65 0x4115f2 in Do_Args ../src/core/c-do.c:669 rebol#66 0x414152 in Do_Next ../src/core/c-do.c:939 rebol#67 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#68 0x48459c in N_if ../src/core/n-control.c:619 rebol#69 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#70 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#71 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#72 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130 rebol#73 0x49314d in N_repeat ../src/core/n-loop.c:631 rebol#74 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#75 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#76 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#77 0x42ee10 in Do_Closure ../src/core/c-function.c:459 rebol#78 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#79 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#80 0x485388 in N_unless ../src/core/n-control.c:763 rebol#81 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#82 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#83 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#84 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#85 0x418fb4 in Apply_Block ../src/core/c-do.c:1474 rebol#86 0x4824fb in N_apply ../src/core/n-control.c:295 rebol#87 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#88 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#89 0x4115f2 in Do_Args ../src/core/c-do.c:669 rebol#90 0x414152 in Do_Next ../src/core/c-do.c:939 rebol#91 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#92 0x485388 in N_unless ../src/core/n-control.c:763 rebol#93 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#94 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#95 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#96 0x483eff in N_do ../src/core/n-control.c:523 rebol#97 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#98 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#99 0x4115f2 in Do_Args ../src/core/c-do.c:669 rebol#100 0x414152 in Do_Next ../src/core/c-do.c:939 rebol#101 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#102 0x48459c in N_if ../src/core/n-control.c:619 rebol#103 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#104 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#105 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#106 0x48f8cc in Loop_Integer ../src/core/n-loop.c:130 rebol#107 0x49314d in N_repeat ../src/core/n-loop.c:631 rebol#108 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#109 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#110 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#111 0x42ee10 in Do_Closure ../src/core/c-function.c:459 rebol#112 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#113 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#114 0x485388 in N_unless ../src/core/n-control.c:763 rebol#115 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#116 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#117 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#118 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#119 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#120 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#121 0x484cf1 in N_switch ../src/core/n-control.c:716 rebol#122 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#123 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#124 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#125 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#126 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#127 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#128 0x48459c in N_if ../src/core/n-control.c:619 rebol#129 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#130 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#131 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#132 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#133 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#134 0x41309b in Do_Next ../src/core/c-do.c:858 rebol#135 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#136 0x484280 in N_either ../src/core/n-control.c:595 rebol#137 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#138 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#139 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#140 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#141 0x419631 in Apply_Function ../src/core/c-do.c:1518 rebol#142 0x419918 in Apply_Func ../src/core/c-do.c:1545 rebol#143 0x48d102 in N_wake_up ../src/core/n-io.c:415 rebol#144 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#145 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#146 0x4115f2 in Do_Args ../src/core/c-do.c:669 rebol#147 0x4133c9 in Do_Next ../src/core/c-do.c:877 rebol#148 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#149 0x492b66 in N_loop ../src/core/n-loop.c:590 rebol#150 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#151 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#152 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#153 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#154 0x419631 in Apply_Function ../src/core/c-do.c:1518 rebol#155 0x419918 in Apply_Func ../src/core/c-do.c:1545 rebol#156 0x42fef7 in Awake_System ../src/core/c-port.c:198 rebol#157 0x43012a in Wait_Ports ../src/core/c-port.c:231 rebol#158 0x48cd62 in N_wait ../src/core/n-io.c:374 rebol#159 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#160 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#161 0x4115f2 in Do_Args ../src/core/c-do.c:669 rebol#162 0x4133c9 in Do_Next ../src/core/c-do.c:877 rebol#163 0x4115f2 in Do_Args ../src/core/c-do.c:669 rebol#164 0x4133c9 in Do_Next ../src/core/c-do.c:877 rebol#165 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#166 0x4929a7 in N_forever ../src/core/n-loop.c:527 rebol#167 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#168 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#169 0x4152ff in Try_Block ../src/core/c-do.c:1077 rebol#170 0x48507e in N_try ../src/core/n-control.c:740 rebol#171 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#172 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#173 0x4115f2 in Do_Args ../src/core/c-do.c:669 rebol#174 0x414152 in Do_Next ../src/core/c-do.c:939 rebol#175 0x4115f2 in Do_Args ../src/core/c-do.c:669 rebol#176 0x4133c9 in Do_Next ../src/core/c-do.c:877 rebol#177 0x4115f2 in Do_Args ../src/core/c-do.c:669 rebol#178 0x4133c9 in Do_Next ../src/core/c-do.c:877 rebol#179 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#180 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#181 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#182 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#183 0x48459c in N_if ../src/core/n-control.c:619 rebol#184 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#185 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#186 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#187 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#188 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#189 0x41309b in Do_Next ../src/core/c-do.c:858 rebol#190 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#191 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#192 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#193 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#194 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#195 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#196 0x4115f2 in Do_Args ../src/core/c-do.c:669 rebol#197 0x414152 in Do_Next ../src/core/c-do.c:939 rebol#198 0x48201c in N_all ../src/core/n-control.c:261 rebol#199 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#200 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#201 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#202 0x491abc in Loop_Each ../src/core/n-loop.c:410 rebol#203 0x492a6c in N_foreach ../src/core/n-loop.c:546 rebol#204 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#205 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#206 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#207 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#208 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#209 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#210 0x485388 in N_unless ../src/core/n-control.c:763 rebol#211 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#212 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#213 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#214 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#215 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#216 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#217 0x48459c in N_if ../src/core/n-control.c:619 rebol#218 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#219 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#220 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#221 0x42ee10 in Do_Closure ../src/core/c-function.c:459 rebol#222 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#223 0x4115f2 in Do_Args ../src/core/c-do.c:669 rebol#224 0x414152 in Do_Next ../src/core/c-do.c:939 rebol#225 0x48201c in N_all ../src/core/n-control.c:261 rebol#226 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#227 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#228 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#229 0x491abc in Loop_Each ../src/core/n-loop.c:410 rebol#230 0x492a6c in N_foreach ../src/core/n-loop.c:546 rebol#231 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#232 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#233 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#234 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#235 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#236 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#237 0x48459c in N_if ../src/core/n-control.c:619 rebol#238 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#239 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#240 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#241 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#242 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#243 0x41309b in Do_Next ../src/core/c-do.c:858 rebol#244 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#245 0x42e869 in Do_Function ../src/core/c-function.c:415 rebol#246 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#247 0x414825 in Do_Blk ../src/core/c-do.c:1010 rebol#248 0x48459c in N_if ../src/core/n-control.c:619 rebol#249 0x42dbb7 in Do_Native ../src/core/c-function.c:289 rebol#250 0x413628 in Do_Next ../src/core/c-do.c:884 rebol#251 0x414825 in Do_Blk ../src/core/c-do.c:1010 0x62a00000b201 is located 1 bytes to the right of 20480-byte region [0x62a000006200,0x62a00000b200) allocated by thread T0 here: #0 0x7ffff6f58b1f in malloc (/usr/lib/libasan.so.1+0x54b1f) #1 0x47924a in Make_Mem ../src/core/m-pools.c:121 #2 0x47a9ff in Make_Series ../src/core/m-pools.c:406 #3 0x4aee84 in Make_Unicode ../src/core/s-make.c:59 #4 0x4bb797 in Init_Mold ../src/core/s-mold.c:1425 #5 0x40da64 in Init_Core ../src/core/b-init.c:940 #6 0x4055e0 in RL_Init ../src/core/a-lib.c:124 #7 0x580aa2 in main ../src/os/host-main.c:154 #8 0x7ffff5719fff in __libc_start_main (/usr/lib/libc.so.6+0x1ffff) SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/core/m-series.c:145 Expand_Series Shadow bytes around the buggy address: 0x0c547fff95f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c547fff9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c547fff9610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c547fff9620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c547fff9630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c547fff9640:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c547fff9650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c547fff9660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c547fff9670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c547fff9680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c547fff9690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal:
- Loading branch information