Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AddressSanitizer(testRunner/tests.json): stack-use-after-scope @pxWayland.cpp:504 in pxWayland::isRotated() #911

Closed
dwrobel opened this issue Feb 21, 2018 · 5 comments
Closed

AddressSanitizer(testRunner/tests.json): stack-use-after-scope @pxWayland.cpp:504 in pxWayland::isRotated() #911

dwrobel opened this issue Feb 21, 2018 · 5 comments
Assignees
@mfiess

Comments

@dwrobel
Copy link
Contributor

dwrobel commented Feb 21, 2018
edited
Loading

Software compiled for wayland_egl backend with address sanitizer: -fsanitize=address
Run as: ./pxscene https://px-apps.sys.comcast.net/pxscene-samples/examples/px-reference/test-run/testRunner.js?tests=file:../../../tests/pxScene2d/testRunner/tests.json

Crashes (100% reproducibility) as following:

READ of size 4 at 0x7ffd7ddc6504 thread T0
    #0 0x613344 in pxWayland::isRotated() pxCore/examples/pxScene2d/src/pxWayland.cpp:504
    #1 0x611752 in pxWayland::onDraw() pxCore/examples/pxScene2d/src/pxWayland.cpp:333
    #2 0x5bebb4 in pxViewContainer::draw() pxCore/examples/pxScene2d/src/pxScene2d.h:983
    #3 0x58ab47 in pxObject::drawInternal(bool) pxCore/examples/pxScene2d/src/pxScene2d.cpp:1362
    #4 0x58ac74 in pxObject::drawInternal(bool) pxCore/examples/pxScene2d/src/pxScene2d.cpp:1374
    #5 0x593b31 in pxScene2d::draw() pxCore/examples/pxScene2d/src/pxScene2d.cpp:2233
    #6 0x59489a in pxScene2d::onDraw() pxCore/examples/pxScene2d/src/pxScene2d.cpp:2384
    #7 0x5c1806 in pxScriptView::onDraw() (pxCore/examples/pxScene2d/src/pxscene+0x5c1806)
    #8 0x5bebb4 in pxViewContainer::draw() pxCore/examples/pxScene2d/src/pxScene2d.h:983
    #9 0x58ab47 in pxObject::drawInternal(bool) pxCore/examples/pxScene2d/src/pxScene2d.cpp:1362
    #10 0x58ac74 in pxObject::drawInternal(bool) pxCore/examples/pxScene2d/src/pxScene2d.cpp:1374
    #11 0x593b31 in pxScene2d::draw() pxCore/examples/pxScene2d/src/pxScene2d.cpp:2233
    #12 0x59489a in pxScene2d::onDraw() pxCore/examples/pxScene2d/src/pxScene2d.cpp:2384
    #13 0x5c1806 in pxScriptView::onDraw() (pxCore/examples/pxScene2d/src/pxscene+0x5c1806)
    #14 0x5bebb4 in pxViewContainer::draw() pxCore/examples/pxScene2d/src/pxScene2d.h:983
    #15 0x58ab47 in pxObject::drawInternal(bool) pxCore/examples/pxScene2d/src/pxScene2d.cpp:1362
    #16 0x58ac74 in pxObject::drawInternal(bool) pxCore/examples/pxScene2d/src/pxScene2d.cpp:1374
    #17 0x593b31 in pxScene2d::draw() pxCore/examples/pxScene2d/src/pxScene2d.cpp:2233
    #18 0x59489a in pxScene2d::onDraw() pxCore/examples/pxScene2d/src/pxScene2d.cpp:2384
    #19 0x5c1806 in pxScriptView::onDraw() (pxCore/examples/pxScene2d/src/pxscene+0x5c1806)
    #20 0x625372 in sceneWindow::onDraw(pxSurfaceNativeDesc*) pxCore/examples/pxScene2d/src/pxScene.cpp:362
    #21 0x634ca3 in pxWindowNative::drawFrame() pxCore/src/wayland_egl/pxWindowNative.cpp:870
    #22 0x63473b in pxWindowNative::animateAndRender() pxCore/src/wayland_egl/pxWindowNative.cpp:831
    #23 0x633558 in pxWindowNative::runEventLoop() pxCore/src/wayland_egl/pxWindowNative.cpp:576
    #24 0x63badf in pxEventLoop::run() pxCore/src/wayland_egl/pxEventLoopNative.cpp:19
    #25 0x623345 in pxMain(int, char**) pxCore/examples/pxScene2d/src/pxScene.cpp:623
    #26 0x63bb5d in main pxCore/src/wayland_egl/pxEventLoopNative.cpp:34
    #27 0x7f5c39f3b009 in __libc_start_main (/lib64/libc.so.6+0x21009)
    #28 0x4eab59 in _start (pxCore/examples/pxScene2d/src/pxscene+0x4eab59)

Address 0x7ffd7ddc6504 is located in stack of thread T0 at offset 36 in frame
    #0 0x6131cb in pxWayland::isRotated() pxCore/examples/pxScene2d/src/pxWayland.cpp:500

  This frame has 1 object(s):
    [32, 96) '<unknown>' <== Memory access at offset 36 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope pxCore/examples/pxScene2d/src/pxWayland.cpp:504 in pxWayland::isRotated()
Shadow bytes around the buggy address:
  0x10002fbb0c50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10002fbb0c60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10002fbb0c70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10002fbb0c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10002fbb0c90: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x10002fbb0ca0:[f8]f8 f8 f8 f8 f8 f8 f8 f3 f3 f3 f3 00 00 00 00
  0x10002fbb0cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
  0x10002fbb0cc0: f1 f1 01 f2 f2 f2 f2 f2 f2 f2 04 f2 ^[mf2 f2 f2 f2
  0x10002fbb0cd0: f2 f2 04 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
  0x10002fbb0ce0: f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
  0x10002fbb0cf0: f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==6790==ABORTING

End of the log:

Main module[https://px-apps.sys.comcast.net/pxscene-samples/examples/px-reference/test-run/../tests/test_pxWayland.js] about to notify
Main module[https://px-apps.sys.comcast.net/pxscene-samples/examples/px-reference/test-run/../tests/test_pxWayland.js] about to notify done
test "test_pxWayland" is ready
test_pxWayland beforeStart()!
got ready for scene 19
runSceneTests
@dwrobel
Copy link
Contributor Author

dwrobel commented Mar 20, 2018
edited
Loading

Also reproducible with testRunner_v5.js.

@dwrobel
Copy link
Contributor Author

dwrobel commented Mar 28, 2018

Retested on 46e2073 and it's still reproducible.

@conniefry
Copy link
Contributor

Is this still reproducible with the latest master or can it be closed?

@dwrobel
Copy link
Contributor Author

dwrobel commented Jun 6, 2018

Last time when I checked it I was always blocked by #1065, so #1065 becomes prerequisite for verifying this one.

@dwrobel
Copy link
Contributor Author

dwrobel commented Jun 20, 2018

Not reproducible.

@dwrobel dwrobel closed this as completed Jun 20, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mfiess mfiess

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dwrobel @mfiess @conniefry