Hello, tried to reproduce this, but unfortunately it fails to build against gcc-8, for which #897707 is already open.
Therefore tried to reproduce it with gcc-7. I think this is what happens: - test Asssign_LinearAssignGenSeq_Test::TestBody allocates a buffer - buffer gets deleted - the same buffer gets deleted again - therefore in the linked list we have now an entry that points to itself. - test allocates again and receives the twice deleted buffer and writes a value to it - therefore the first entry in the linked list is our already allocated buffer and the next pointer points to the value the test has written before. - next allocation crashes because the next pointer contains no valid address. (gdb) bt #0 0xb6abce2a in tcache_put (tc_idx=5, chunk=0x5fd798) at malloc.c:2932 #1 _int_free (av=0xb6c1b7a0 <main_arena>, p=0x5fd798, have_lock=0) at malloc.c:4173 #2 0xb6cd1668 in operator delete (ptr=0x5fd7a0) at ../../../../src/libstdc++-v3/libsupc++/del_op.cc:49 #3 0xb6e65477 in cpu::destroyArray<float> (A=0x5fd7a0) at ./src/backend/cpu/Array.cpp:223 #4 0xb77f7a6e in releaseHandle<float> (arr=0x5fd7a0) at ./src/api/c/handle.hpp:109 #5 af_release_array (arr=0x5fd7a0) at ./src/api/c/array.cpp:189 #6 0xb78625d5 in af_assign_seq (out=0xbffff328, lhs=0x5faea0, ndims=<optimized out>, index=0x5fd800, rhs=<optimized out>) at ./src/api/c/assign.cpp:135 #7 0xb7865bd7 in af_assign_gen (out=0xbffff328, lhs=0x5faea0, ndims=1, indexs=0xbffff35c, rhs_=0x5fae20) at ./src/api/c/assign.cpp:223 #8 0x00429b7c in Asssign_LinearAssignGenSeq_Test::TestBody (this=0x5faf90) at ./test/assign.cpp:926 #9 0x00563605 in testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void> (location=0x574590 "the test body", method=&virtual testing::Test::TestBody(), object=0x5faf90) at /usr/src/gtest/src/gtest.cc:2402 #10 testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void> (object=0x5faf90, method=&virtual testing::Test::TestBody(), location=0x574590 "the test body") at /usr/src/gtest/src/gtest.cc:2438 #11 0x00557c0e in testing::Test::Run (this=this@entry=0x5faf90) at /usr/src/gtest/src/gtest.cc:2474 #12 0x00557ed4 in testing::Test::Run (this=0x5faf90) at /usr/src/gtest/src/gtest.cc:2466 #13 testing::TestInfo::Run (this=0x5f9410) at /usr/src/gtest/src/gtest.cc:2656 #14 0x00558087 in testing::TestInfo::Run (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:2631 #15 testing::TestCase::Run (this=0x5f9230) at /usr/src/gtest/src/gtest.cc:2776 #16 0x00558695 in testing::TestCase::Run (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:2762 #17 testing::internal::UnitTestImpl::RunAllTests (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:4651 #18 0x0055889d in testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (location=0x573adc "auxiliary test code (environments or event listeners)", method=<optimized out>, object=0x5ddc60) at /usr/src/gtest/src/gtest.cc:2402 #19 testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (location=0x573adc "auxiliary test code (environments or event listeners)", method=(bool (testing::internal::UnitTestImpl::*)(testing::internal::UnitTestImpl * const)) 0x5581f0 <testing::internal::UnitTestImpl::RunAllTests()>, object=0x5ddc60) at /usr/src/gtest/src/gtest.cc:2438 #20 testing::UnitTest::Run (this=0x5c91e0 <testing::UnitTest::GetInstance()::instance>) at /usr/src/gtest/src/gtest.cc:4259 #21 0x00423f1a in RUN_ALL_TESTS () at /usr/src/gtest/include/gtest/gtest.h:2233 #22 main (argc=<optimized out>, argv=0xbffff654) at /usr/src/gtest/src/gtest_main.cc:37 > Whatever broke it was not yet in unstable on 2017-12-31, > but likely entered buster before 2018-01-31: Was that probably the time as buster switched to libstdc++6 from gcc-8 ? (But did still have gcc-7 as default compile?) Built the package with "DEB_BUILD_MAINT_OPTIONS = hardening=+all sanitize=+address" But then Test_assign_cpu succeeded, but tests 43 and 78 failed. Nevertheless, because gcc-8 is default in buster this report should probably be marked as blocked by #897707 ? Kind regards, Bernhard
# with MEMORY="-m 14G", SMP="-smp 16" apt update apt install devscripts dpkg-dev mc htop gcc-7 g++-7 gdb valgrind libstdc++6-8-dbg apt install cmake libboost-dev libblas-dev libclblas-dev libclfft-dev libfftw3-dev libfreeimage-dev libgtest-dev liblapack-dev liblapacke-dev ocl-icd-opencl-dev pkg-config doxygen mkdir -p glibc/orig; cd glibc/orig apt source libc6 cd ../.. mkdir -p gcc-8/orig; cd gcc-8/orig apt source libstdc++6 cd gcc-8-8.2.0; tar axf gcc-8.2.0-dfsg.tar.xz; cd .. cd ../.. mkdir -p arrayfire/orig; cd arrayfire/orig dget http://192.168.178.25:9999/debian-unstable-ftp.de.debian.org/pool/main/a/arrayfire/arrayfire_3.3.2+dfsg1-4.dsc # http://http.debian.net/debian/pool/main/a/arrayfire/arrayfire_3.3.2+dfsg1-4.dsc cd arrayfire-3.3.2+dfsg1 CC=gcc-7 CXX=g++-7 dpkg-buildpackage -uc CC=gcc-7 CXX=g++-7 DEB_BUILD_OPTIONS=parallel=16 dpkg-buildpackage -uc -nc cd obj-i686-linux-gnu/test $ gdb -q --args ./assign_cpu set height 0 set width 0 set pagination off directory /home/benutzer/glibc/orig/glibc-2.27/malloc directory /home/benutzer/gcc-8/orig/gcc-8-8.2.0/gcc-8.2.0/libstdc++-v3/libsupc++ directory /home/benutzer/arrayfire/orig/arrayfire-3.3.2+dfsg1 b Asssign_LinearAssignGenSeq_Test::TestBody run record set can-use-hw-watchpoints 0 display/i $pc b malloc.c:2944 if tc_idx == 5 # tcache_get #b malloc.c:2932 if tc_idx == 5 #not stopping for some reason #b *0xb6abce25 if tc_idx == 5 #not stopping for some reason # tcache_put cont display e print &(tcache->entries[5]) disa 2 display (*((tcache_entry **) 0x5ca064)) display (*((tcache_entry **) 0x5ca064))->next display (*((tcache_entry **) 0x5ca064))->next->next display (*((tcache_entry **) 0x5ca064))->next->next->next display (*((tcache_entry **) 0x5ca064))->next->next->next->next display (*((tcache_entry **) 0x5ca064))->next->next->next->next->next display (*((tcache_entry **) 0x5ca064))->next->next->next->next->next->next display (*((tcache_entry **) 0x5ca064))->next->next->next->next->next->next->next (gdb) bt #0 _int_free (av=<optimized out>, p=<optimized out>, have_lock=<optimized out>) at malloc.c:4390 #1 0xb6cd1668 in operator delete (ptr=0x5fd7a0) at ../../../../src/libstdc++-v3/libsupc++/del_op.cc:49 #2 0xb6e65477 in cpu::destroyArray<float> (A=0x5fd7a0) at ./src/backend/cpu/Array.cpp:223 #3 0xb77f7a6e in releaseHandle<float> (arr=0x5fd7a0) at ./src/api/c/handle.hpp:109 #4 af_release_array (arr=0x5fd7a0) at ./src/api/c/array.cpp:189 #5 0xb78625b4 in af_assign_seq (out=0xbffff328, lhs=0x5faea0, ndims=<optimized out>, index=0x5fd800, rhs=<optimized out>) at ./src/api/c/assign.cpp:134 #6 0xb7865bd7 in af_assign_gen (out=0xbffff328, lhs=0x5faea0, ndims=1, indexs=0xbffff35c, rhs_=0x5fae20) at ./src/api/c/assign.cpp:223 #7 0x00429b7c in Asssign_LinearAssignGenSeq_Test::TestBody (this=0x5faf90) at ./test/assign.cpp:926 #8 0x00563605 in testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void> (location=0x574590 "the test body", method=&virtual testing::Test::TestBody(), object=0x5faf90) at /usr/src/gtest/src/gtest.cc:2402 #9 testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void> (object=0x5faf90, method=&virtual testing::Test::TestBody(), location=0x574590 "the test body") at /usr/src/gtest/src/gtest.cc:2438 #10 0x00557c0e in testing::Test::Run (this=this@entry=0x5faf90) at /usr/src/gtest/src/gtest.cc:2474 #11 0x00557ed4 in testing::Test::Run (this=0x5faf90) at /usr/src/gtest/src/gtest.cc:2466 #12 testing::TestInfo::Run (this=0x5f9410) at /usr/src/gtest/src/gtest.cc:2656 #13 0x00558087 in testing::TestInfo::Run (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:2631 #14 testing::TestCase::Run (this=0x5f9230) at /usr/src/gtest/src/gtest.cc:2776 #15 0x00558695 in testing::TestCase::Run (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:2762 #16 testing::internal::UnitTestImpl::RunAllTests (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:4651 #17 0x0055889d in testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (location=0x573adc "auxiliary test code (environments or event listeners)", method=<optimized out>, object=0x5ddc60) at /usr/src/gtest/src/gtest.cc:2402 #18 testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (location=0x573adc "auxiliary test code (environments or event listeners)", method=(bool (testing::internal::UnitTestImpl::*)(testing::internal::UnitTestImpl * const)) 0x5581f0 <testing::internal::UnitTestImpl::RunAllTests()>, object=0x5ddc60) at /usr/src/gtest/src/gtest.cc:2438 #19 testing::UnitTest::Run (this=0x5c91e0 <testing::UnitTest::GetInstance()::instance>) at /usr/src/gtest/src/gtest.cc:4259 #20 0x00423f1a in RUN_ALL_TESTS () at /usr/src/gtest/include/gtest/gtest.h:2233 #21 main (argc=<optimized out>, argv=0xbffff654) at /usr/src/gtest/src/gtest_main.cc:37 0xb6abce1f 2930 e->next = tcache->entries[tc_idx]; 1: x/i $pc => 0xb6abce1f <_int_free+159>: mov %ebx,0x8(%edx) 3: (*((tcache_entry **) 0x5ca064)) = (tcache_entry *) 0x5fd7a0 4: (*((tcache_entry **) 0x5ca064))->next = (struct tcache_entry *) 0x5f9d30 5: (*((tcache_entry **) 0x5ca064))->next->next = (struct tcache_entry *) 0x602eb0 6: (*((tcache_entry **) 0x5ca064))->next->next->next = (struct tcache_entry *) 0x5fa970 7: (*((tcache_entry **) 0x5ca064))->next->next->next->next = (struct tcache_entry *) 0x0 8: (*((tcache_entry **) 0x5ca064))->next->next->next->next->next = <error: Cannot access memory at address 0x0> (gdb) 2931 tcache->entries[tc_idx] = e; 1: x/i $pc => 0xb6abce22 <_int_free+162>: mov %edi,0x40(%eax) 3: (*((tcache_entry **) 0x5ca064)) = (tcache_entry *) 0x5fd7a0 4: (*((tcache_entry **) 0x5ca064))->next = (struct tcache_entry *) 0x5fd7a0 <------ next is pointing to itself 5: (*((tcache_entry **) 0x5ca064))->next->next = (struct tcache_entry *) 0x5fd7a0 6: (*((tcache_entry **) 0x5ca064))->next->next->next = (struct tcache_entry *) 0x5fd7a0 7: (*((tcache_entry **) 0x5ca064))->next->next->next->next = (struct tcache_entry *) 0x5fd7a0 8: (*((tcache_entry **) 0x5ca064))->next->next->next->next->next = (struct tcache_entry *) 0x5fd7a0 9: (*((tcache_entry **) 0x5ca064))->next->next->next->next->next->next = (struct tcache_entry *) 0x5fd7a0 10: (*((tcache_entry **) 0x5ca064))->next->next->next->next->next->next->next = (struct tcache_entry *) 0x5fd7a0 11: (*((tcache_entry **) 0x5ca064))->next->next->next->next->next->next->next->next = (struct tcache_entry *) 0x5fd7a0 (gdb) (gdb) bt #0 0xb6abce2a in tcache_put (tc_idx=5, chunk=0x5fd798) at malloc.c:2932 #1 _int_free (av=0xb6c1b7a0 <main_arena>, p=0x5fd798, have_lock=0) at malloc.c:4173 #2 0xb6cd1668 in operator delete (ptr=0x5fd7a0) at ../../../../src/libstdc++-v3/libsupc++/del_op.cc:49 #3 0xb6e65477 in cpu::destroyArray<float> (A=0x5fd7a0) at ./src/backend/cpu/Array.cpp:223 #4 0xb77f7a6e in releaseHandle<float> (arr=0x5fd7a0) at ./src/api/c/handle.hpp:109 #5 af_release_array (arr=0x5fd7a0) at ./src/api/c/array.cpp:189 #6 0xb78625d5 in af_assign_seq (out=0xbffff328, lhs=0x5faea0, ndims=<optimized out>, index=0x5fd800, rhs=<optimized out>) at ./src/api/c/assign.cpp:135 #7 0xb7865bd7 in af_assign_gen (out=0xbffff328, lhs=0x5faea0, ndims=1, indexs=0xbffff35c, rhs_=0x5fae20) at ./src/api/c/assign.cpp:223 #8 0x00429b7c in Asssign_LinearAssignGenSeq_Test::TestBody (this=0x5faf90) at ./test/assign.cpp:926 #9 0x00563605 in testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void> (location=0x574590 "the test body", method=&virtual testing::Test::TestBody(), object=0x5faf90) at /usr/src/gtest/src/gtest.cc:2402 #10 testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void> (object=0x5faf90, method=&virtual testing::Test::TestBody(), location=0x574590 "the test body") at /usr/src/gtest/src/gtest.cc:2438 #11 0x00557c0e in testing::Test::Run (this=this@entry=0x5faf90) at /usr/src/gtest/src/gtest.cc:2474 #12 0x00557ed4 in testing::Test::Run (this=0x5faf90) at /usr/src/gtest/src/gtest.cc:2466 #13 testing::TestInfo::Run (this=0x5f9410) at /usr/src/gtest/src/gtest.cc:2656 #14 0x00558087 in testing::TestInfo::Run (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:2631 #15 testing::TestCase::Run (this=0x5f9230) at /usr/src/gtest/src/gtest.cc:2776 #16 0x00558695 in testing::TestCase::Run (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:2762 #17 testing::internal::UnitTestImpl::RunAllTests (this=<optimized out>) at /usr/src/gtest/src/gtest.cc:4651 #18 0x0055889d in testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (location=0x573adc "auxiliary test code (environments or event listeners)", method=<optimized out>, object=0x5ddc60) at /usr/src/gtest/src/gtest.cc:2402 #19 testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> (location=0x573adc "auxiliary test code (environments or event listeners)", method=(bool (testing::internal::UnitTestImpl::*)(testing::internal::UnitTestImpl * const)) 0x5581f0 <testing::internal::UnitTestImpl::RunAllTests()>, object=0x5ddc60) at /usr/src/gtest/src/gtest.cc:2438 #20 testing::UnitTest::Run (this=0x5c91e0 <testing::UnitTest::GetInstance()::instance>) at /usr/src/gtest/src/gtest.cc:4259 #21 0x00423f1a in RUN_ALL_TESTS () at /usr/src/gtest/include/gtest/gtest.h:2233 #22 main (argc=<optimized out>, argv=0xbffff654) at /usr/src/gtest/src/gtest_main.cc:37 With: mc -e debian/rules -export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export DEB_BUILD_MAINT_OPTIONS = hardening=+all sanitize=+address The following tests FAILED: 43 - Test_index_cpu (Failed) 78 - Test_rotate_linear_cpu (Failed) Errors while running CTest obj-i686-linux-gnu/test# ./index_cpu ... [ RUN ] Indexing.SNIPPET_indexing_copy ================================================================= ==31526==ERROR: AddressSanitizer: heap-use-after-free on address 0xb0f65120 at pc 0xb66524e7 bp 0xbfd56098 sp 0xbfd5608c READ of size 4 at 0xb0f65120 thread T0 #0 0xb66524e6 in ArrayInfo::ArrayInfo(ArrayInfo const&) src/backend/ArrayInfo.hpp:73 #1 0xb66524e6 in af_release_array src/api/c/array.cpp:182 #2 0xb75370a7 in af::index::~index() src/api/cpp/index.cpp:84 #3 0x4675bb in Indexing_SNIPPET_indexing_copy_Test::TestBody() test/index.cpp:1258 #4 0xb60b43 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402 #5 0xb60b43 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438 #6 0xb33018 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2474 #7 0xb339c3 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2466 #8 0xb339c3 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2656 #9 0xb34183 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2631 #10 0xb34183 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2776 #11 0xb35fb4 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2762 #12 0xb35fb4 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/gtest/src/gtest.cc:4651 #13 0xb62143 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402 #14 0xb62143 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438 #15 0xb36ae1 in testing::UnitTest::Run() /usr/src/gtest/src/gtest.cc:4259 #16 0x466029 in RUN_ALL_TESTS() /usr/src/gtest/include/gtest/gtest.h:2233 #17 0x466029 in main /usr/src/gtest/src/gtest_main.cc:37 #18 0xb3c8a9a0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x199a0) #19 0x466105 (/home/benutzer/arrayfire/orig/arrayfire-3.3.2+dfsg1/obj-i686-linux-gnu/test/index_cpu+0x38105) 0xb0f65120 is located 0 bytes inside of 80-byte region [0xb0f65120,0xb0f65170) freed by thread T0 here: #0 0xb7a3b194 in operator delete(void*) (/usr/lib/i386-linux-gnu/libasan.so.4+0xe2194) #1 0xb40e6c93 in void cpu::destroyArray<int>(cpu::Array<int>*) src/backend/cpu/Array.cpp:223 #2 0xb66523f3 in releaseHandle<int> src/api/c/handle.hpp:109 #3 0xb66523f3 in af_release_array src/api/c/array.cpp:194 #4 0xb75370a7 in af::index::~index() src/api/cpp/index.cpp:84 #5 0x46759d in Indexing_SNIPPET_indexing_copy_Test::TestBody() test/index.cpp:1259 #6 0xb60b43 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402 #7 0xb60b43 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438 #8 0xb33018 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2474 #9 0xb339c3 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2466 #10 0xb339c3 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2656 #11 0xb34183 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2631 #12 0xb34183 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2776 #13 0xb35fb4 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2762 #14 0xb35fb4 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/gtest/src/gtest.cc:4651 #15 0xb62143 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402 #16 0xb62143 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438 #17 0xb36ae1 in testing::UnitTest::Run() /usr/src/gtest/src/gtest.cc:4259 #18 0x466029 in RUN_ALL_TESTS() /usr/src/gtest/include/gtest/gtest.h:2233 #19 0x466029 in main /usr/src/gtest/src/gtest_main.cc:37 #20 0xb3c8a9a0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x199a0) previously allocated by thread T0 here: #0 0xb7a3a494 in operator new(unsigned int) (/usr/lib/i386-linux-gnu/libasan.so.4+0xe1494) #1 0xb40d6c81 in cpu::Array<int>* cpu::initArray<int>() src/backend/cpu/Array.cpp:162 #2 0xb66537f4 in retainHandle<int> src/api/c/array.cpp:216 #3 0xb66537f4 in retain(void*) src/api/c/array.cpp:227 #4 0xb665d10e in af_retain_array src/api/c/array.cpp:245 #5 0xb7536690 in af::index::index(af::array const&) src/api/cpp/index.cpp:71 #6 0x467578 in Indexing_SNIPPET_indexing_copy_Test::TestBody() test/index.cpp:1259 #7 0xb60b43 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402 #8 0xb60b43 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438 #9 0xb33018 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2474 #10 0xb339c3 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2466 #11 0xb339c3 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2656 #12 0xb34183 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2631 #13 0xb34183 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2776 #14 0xb35fb4 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2762 #15 0xb35fb4 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/gtest/src/gtest.cc:4651 #16 0xb62143 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402 #17 0xb62143 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438 #18 0xb36ae1 in testing::UnitTest::Run() /usr/src/gtest/src/gtest.cc:4259 #19 0x466029 in RUN_ALL_TESTS() /usr/src/gtest/include/gtest/gtest.h:2233 #20 0x466029 in main /usr/src/gtest/src/gtest_main.cc:37 #21 0xb3c8a9a0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x199a0) SUMMARY: AddressSanitizer: heap-use-after-free src/backend/ArrayInfo.hpp:73 in ArrayInfo::ArrayInfo(ArrayInfo const&) Shadow bytes around the buggy address: 0x361ec9d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x361ec9e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x361ec9f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x361eca00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x361eca10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x361eca20: fa fa fa fa[fd]fd fd fd fd fd fd fd fd fd fa fa 0x361eca30: fa fa fd fd fd fd fd fd fd fd fd fd fa fa fa fa 0x361eca40: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fd fd 0x361eca50: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd 0x361eca60: fd fd fd fd fd fd fa fa fa fa fd fd fd fd fd fd 0x361eca70: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==31526==ABORTING obj-i686-linux-gnu/test# ./rotate_linear_cpu ... [ RUN ] RotateLinear/1.Rectangle90CropRecenter ================================================================= ==31528==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xae1066a0 at pc 0xb60a1918 bp 0xbfc52eb8 sp 0xbfc52eac READ of size 8 at 0xae1066a0 thread T0 #0 0xb60a1917 in void cpu::transform_b<double>(double*, double const*, float const*, af::dim4 const&, af::dim4 const&, af::dim4 const&, int, int, int, int, bool) src/backend/cpu/transform_interp.hpp:140 #1 0xb60a222a in void cpu::kernel::rotate<double, (af_interp_type)2>(cpu::Array<double>, cpu::Array<double>, float) src/backend/cpu/kernel/rotate.hpp:78 #2 0xb60a4c42 in void cpu::queue::enqueue<void (*)(cpu::Array<double>, cpu::Array<double>, float), cpu::Array<double>, cpu::Array<double>, float>(void (*)(cpu::Array<double>, cpu::Array<double>, float), cpu::Array<double>, cpu::Array<double>, float) src/backend/cpu/queue.hpp:65 #3 0xb60a4c42 in cpu::Array<double> cpu::rotate<double>(cpu::Array<double> const&, float, af::dim4 const&, af_interp_type) src/backend/cpu/rotate.cpp:33 #4 0xb700eb64 in rotate<double> src/api/c/rotate.cpp:24 #5 0xb700eb64 in af_rotate src/api/c/rotate.cpp:59 #6 0x7fbebf in void rotateTest<double>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, unsigned int, float, bool, bool, bool, std::vector<af_seq, std::allocator<af_seq> > const*) test/rotate_linear.cpp:74 #7 0x803459 in RotateLinear_Rectangle90CropRecenter_Test<double>::TestBody() test/rotate_linear.cpp:145 #8 0x8b14c3 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402 #9 0x8b14c3 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438 #10 0x883998 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2474 #11 0x884343 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2466 #12 0x884343 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2656 #13 0x884b03 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2631 #14 0x884b03 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2776 #15 0x886934 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2762 #16 0x886934 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/gtest/src/gtest.cc:4651 #17 0x8b2ac3 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402 #18 0x8b2ac3 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438 #19 0x887461 in testing::UnitTest::Run() /usr/src/gtest/src/gtest.cc:4259 #20 0x48b1b9 in RUN_ALL_TESTS() /usr/src/gtest/include/gtest/gtest.h:2233 #21 0x48b1b9 in main /usr/src/gtest/src/gtest_main.cc:37 #22 0xb3cd19a0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x199a0) #23 0x48b295 (/home/benutzer/arrayfire/orig/arrayfire-3.3.2+dfsg1/obj-i686-linux-gnu/test/rotate_linear_cpu+0x31295) 0xae1066a0 is located 160 bytes to the right of 25600-byte region [0xae100200,0xae106600) allocated by thread T0 here: #0 0xb7a804a4 in malloc (/usr/lib/i386-linux-gnu/libasan.so.4+0xe04a4) #1 0xb5d2193d in cpu::MemoryManager::nativeAlloc(unsigned int) src/backend/cpu/memory.cpp:66 #2 0xb667c260 in common::MemoryManager::alloc(unsigned int, bool) src/backend/MemoryManager.cpp:179 #3 0xb5d22b3e in double* cpu::memAlloc<double>(unsigned int const&) src/backend/cpu/memory.cpp:118 #4 0xb4117123 in cpu::Array<double>::Array(af::dim4) src/backend/cpu/Array.cpp:38 #5 0xb411775d in cpu::Array<double> cpu::createEmptyArray<double>(af::dim4 const&) src/backend/cpu/Array.cpp:158 #6 0xb60a3b84 in cpu::Array<double> cpu::rotate<double>(cpu::Array<double> const&, float, af::dim4 const&, af_interp_type) src/backend/cpu/rotate.cpp:26 #7 0xb700eb64 in rotate<double> src/api/c/rotate.cpp:24 #8 0xb700eb64 in af_rotate src/api/c/rotate.cpp:59 #9 0x7fbebf in void rotateTest<double>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, unsigned int, float, bool, bool, bool, std::vector<af_seq, std::allocator<af_seq> > const*) test/rotate_linear.cpp:74 #10 0x802bb9 in RotateLinear_Rectangle180NoCropRecenter_Test<double>::TestBody() test/rotate_linear.cpp:142 #11 0x8b14c3 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402 #12 0x8b14c3 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438 #13 0x883998 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2474 #14 0x884343 in testing::Test::Run() /usr/src/gtest/src/gtest.cc:2466 #15 0x884343 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2656 #16 0x884b03 in testing::TestInfo::Run() /usr/src/gtest/src/gtest.cc:2631 #17 0x884b03 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2776 #18 0x886934 in testing::TestCase::Run() /usr/src/gtest/src/gtest.cc:2762 #19 0x886934 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/gtest/src/gtest.cc:4651 #20 0x8b2ac3 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2402 #21 0x8b2ac3 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/gtest/src/gtest.cc:2438 #22 0x887461 in testing::UnitTest::Run() /usr/src/gtest/src/gtest.cc:4259 #23 0x48b1b9 in RUN_ALL_TESTS() /usr/src/gtest/include/gtest/gtest.h:2233 #24 0x48b1b9 in main /usr/src/gtest/src/gtest_main.cc:37 #25 0xb3cd19a0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x199a0) SUMMARY: AddressSanitizer: heap-buffer-overflow src/backend/cpu/transform_interp.hpp:140 in void cpu::transform_b<double>(double*, double const*, float const*, af::dim4 const&, af::dim4 const&, af::dim4 const&, int, int, int, int, bool) Shadow bytes around the buggy address: 0x35c20c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x35c20c90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x35c20ca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x35c20cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x35c20cc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x35c20cd0: fa fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa 0x35c20ce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x35c20cf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x35c20d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x35c20d10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x35c20d20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==31528==ABORTING