On 12/17/2013 02:22 AM, Jim Meyering wrote: > Hi, > > I built like this using just-built 4.9.0 20131216 > (but it probably would work as well with 4.8.x): > > make check AM_CFLAGS='-ggdb3 -static-libasan -fsanitize=address' > AM_LDFLAGS='-fsanitize=address -static-libasan -lpthread -ldl' > > and then I ran this, > > echo a > a && echo b > b && > ./ptx -g1 -w1 a b 2>&1 | asan_symbolize.py -d > > and include its output below. > That output shows a heap-read overrun bug that arises > because ptx was designed to process only one input file, yet > was later extended to process more than, but without some > important adjustments. > > The underlying problem is that swallow_file_in_memory (called from main) > is setting the contents of the global text_buffer for the first file, > then updating it (clobbering old value) for the second file. > Yet, some pointers to the initial buffer have been squirreled away > and later, one of them (keyafter) is presumed to point into > the new "text_buffer", which it does not. The subsequent > SKIP_WHITE_BACKWARDS use backs up "cursor" until it is goes > out of bounds.
Nice. This is a good illustration how test coverage can be leveraged by (future) run time checks. I see it here too (as the only failure in make check with -fsanitize=address $ rpm -q gcc gcc-4.8.2-1.fc20.x86_64 $ yum install libasan # http://bugzilla.redhat.com/991003 $ rm src/ptx.o $ make check AM_CFLAGS='-fsanitize=address' TESTS=tests/misc/ptx.pl SUBDIRS=. VERBOSE=yes $ failure identified in tests/test-suite.log ... $ src/ptx -g1 -w1 <(echo a) <(echo b) | asan_symbolize.py -d thanks! Pádraig.
