Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash opening debug build #125

Open
fundies opened this issue May 12, 2020 · 1 comment
Open

Crash opening debug build #125

fundies opened this issue May 12, 2020 · 1 comment

Comments

@fundies
Copy link
Contributor

fundies commented May 12, 2020 

==23262==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6140000629f2 at pc 0x7f5fe6ef5ab4 bp 0x7fff5c414790 sp 0x7fff5c413f38
READ of size 404 at 0x6140000629f2 thread T0
    #0 0x7f5fe6ef5ab3 in __interceptor_memcpy /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:790
    #1 0x7f5fe437b68c in QString::QString(QChar const*, int) (/usr/lib/libQt5Core.so.5+0x14a68c)
    #2 0x7f5fe438405a in QStringRef::toString() const (/usr/lib/libQt5Core.so.5+0x15305a)
    #3 0x556d2634dee1 in ResourceReader::process(buffers::Resource const&) /home/greg/RadialGM/Plugins/ServerPlugin.cpp:96
    #4 0x556d2635d477 in AsyncReadWorker<buffers::Resource>::operator()(grpc::Status const&) /home/greg/RadialGM/Plugins/ServerPlugin.cpp:28
    #5 0x556d2633aad4 in CompilerClient::UpdateLoop(void*, bool) /home/greg/RadialGM/Plugins/ServerPlugin.cpp:236
    #6 0x556d2618192d in CompilerClient::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/greg/build/RadialGM-Debug_autogen/SW3NWFZ6YS/moc_ServerPlugin.cpp:230
    #7 0x7f5fe4503ad9 in QObject::event(QEvent*) (/usr/lib/libQt5Core.so.5+0x2d2ad9)
    #8 0x7f5fe512d351 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x15b351)
    #9 0x7f5fe5136828 in QApplication::notify(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x164828)
    #10 0x7f5fe44d64f1 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/libQt5Core.so.5+0x2a54f1)
    #11 0x7f5fe44d8d55 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (/usr/lib/libQt5Core.so.5+0x2a7d55)
    #12 0x7f5fe452f243  (/usr/lib/libQt5Core.so.5+0x2fe243)
    #13 0x7f5fe34fd6bd in g_main_context_dispatch (/usr/lib/libglib-2.0.so.0+0x6b6bd)
    #14 0x7f5fe34ff530  (/usr/lib/libglib-2.0.so.0+0x6d530)
    #15 0x7f5fe34ff570 in g_main_context_iteration (/usr/lib/libglib-2.0.so.0+0x6d570)
    #16 0x7f5fe452e88f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Core.so.5+0x2fd88f)
    #17 0x7f5fe44d505b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Core.so.5+0x2a405b)
    #18 0x7f5fe44dd065 in QCoreApplication::exec() (/usr/lib/libQt5Core.so.5+0x2ac065)
    #19 0x556d2619db53 in main /home/greg/RadialGM/main.cpp:42
    #20 0x7f5fe3ce5022 in __libc_start_main (/usr/lib/libc.so.6+0x27022)
    #21 0x556d261780ed in _start (/home/greg/rgm/RadialGM-Debug+0x19e0ed)

0x6140000629f2 is located 0 bytes to the right of 434-byte region [0x614000062840,0x6140000629f2)
allocated by thread T0 here:
    #0 0x7f5fe6f69b3a in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
    #1 0x7f5fe43060d2 in QArrayData::allocate(unsigned long, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) (/usr/lib/libQt5Core.so.5+0xd50d2)

SUMMARY: AddressSanitizer: heap-buffer-overflow /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:790 in __interceptor_memcpy
Shadow bytes around the buggy address:
  0x0c28800044e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c28800044f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
  0x0c2880004500: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c2880004510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2880004520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2880004530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[02]fa
  0x0c2880004540: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c2880004550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2880004560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2880004570: 00 00 00 00 00 00 00 00 00 00 00 00 00 06 fa fa
  0x0c2880004580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==23262==ABORTING```
@RobertBColton
Copy link
Contributor

RobertBColton commented May 12, 2020
edited

It looks like GRPC is giving a garbage resource?

RadialGM/Plugins/ServerPlugin.cpp

Line 89 in 356b0ed

const QString& name = QString::fromStdString(resource.name().c_str());

Actually, the wrong argument is passed to the QString constructor too. The fromStdString helper accepts std::string so you can pass just resource.name() instead of resource.name().c_str().
https://stackoverflow.com/a/1814194

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fundies @RobertBColton