[Desktop-packages] [Bug 1743401] Re: AddressSanitizer: heap-buffer-overflow in libxkbcommon-x11.so
I rebuild the package without optimizations got some more data. The ASAN out now matches the gdb one READ of size 9 at 0x6040001944b8 thread T0 #0 0x14454c2 in __interceptor_strndup /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:327:3 #1 0x7ffa3f4b06f8 in get_atom_name /home/user/libxkbcommon-0.5.0/src/x11/util.c:146 #2 0x7ffa3f4afd63 in get_names /home/user/libxkbcommon-0.5.0/src/x11/keymap.c:1092 #3 0x7ffa3f4b026c in xkb_x11_keymap_new_from_device /home/user/libxkbcommon-0.5.0/src/x11/keymap.c:1169 Looking at the variables in the debugger everything seems fine #7 0x7fffc44236f9 in get_atom_name (conn=0x62aae200, atom=142, out=0x61bef400) at src/x11/util.c:146 146 *out = strndup(name, length); (gdb) print length $1 = 8 (gdb) print name $2 = 0x6040001944b0 "complete" (gdb) print name[7] $3 = 101 'e' (gdb) print name[8] $4 = 0 '\000' But judging from the error message somehow the ASAN peaks beyond its end. I was able reproduce this behavior in a small sample and it turns out it is caused by ASAN_OPTIONS=strict_string_checks=1. So it seems it is a sanitizer issue. I will bring it up with that team. Sorry about the apparently faulty report. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxkbcommon in Ubuntu. https://bugs.launchpad.net/bugs/1743401 Title: AddressSanitizer: heap-buffer-overflow in libxkbcommon-x11.so Status in libxkbcommon package in Ubuntu: New Bug description: I am running an application which has a feature which utilizes Qt5. For testing purposes this application was built with the AddressSanitizer of the official clang 5.0.1 binariesfor ubuntu 16.04. This was working fine until a few days ago. It started out with another user reporting issues with Qt and the pt_BR.UTF-8 locale which I was able to confirm after I installed it. Shorty after that I was no longer able to run anything that used the Qt code. I tried removing the additional locale or setting a different one via the environment, but that didn't help. I also did some changes in the "Text Input" settings like removing removing the "English" keyboard layout before I encountered this. Unfortunately I didn't have the time yet to set the system back up from scratch and try to reproduce what exact change caused this. Below I added the traces of ASAN and the debugger. The code in question is found in xkbcommon/src/x11/util.c length = xcb_get_atom_name_name_length(reply); name = xcb_get_atom_name_name(reply); *out = strndup(name, length); Unfortunately I was not able to see what "name" is, but length was 8. lsb_release -rd Description:Ubuntu 16.04.3 LTS Release:16.04 libxkbcommon0: Installed: 0.5.0-1ubuntu2 Candidate: 0.5.0-1ubuntu2 Version table: *** 0.5.0-1ubuntu2 500 500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status qt5-default: Installed: 5.5.1+dfsg-16ubuntu7.5 Candidate: 5.5.1+dfsg-16ubuntu7.5 Version table: *** 5.5.1+dfsg-16ubuntu7.5 500 500 http://de.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages 100 /var/lib/dpkg/status 5.5.1+dfsg-16ubuntu7 500 500 http://de.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages locale LANG=en_US.UTF-8 LANGUAGE= LC_CTYPE="en_US.UTF-8" LC_NUMERIC=de_DE.UTF-8 LC_TIME=de_DE.UTF-8 LC_COLLATE="en_US.UTF-8" LC_MONETARY=de_DE.UTF-8 LC_MESSAGES="en_US.UTF-8" LC_PAPER=de_DE.UTF-8 LC_NAME=de_DE.UTF-8 LC_ADDRESS=de_DE.UTF-8 LC_TELEPHONE=de_DE.UTF-8 LC_MEASUREMENT=de_DE.UTF-8 LC_IDENTIFICATION=de_DE.UTF-8 LC_ALL= ==3008==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400015c4b8 at pc 0x01445853 bp 0x7ffd07632920 sp 0x7ffd076320b8 READ of size 9 at 0x60400015c4b8 thread T0 #0 0x1445852 in __interceptor___strndup /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:337:3 #1 0x7fc1481fd70e (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x470e) #2 0x7fc1481fcd79 in xkb_x11_keymap_new_from_device (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x3d79) #3 0x7fc149cb9c8f (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x42c8f) #4 0x7fc149cba0ec (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x430ec) #5 0x7fc149cb4931 in QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x3d931) #6 0x7fc149cb7bac in QXcbIntegration::QXcbIntegration(QStringList const&, int&, char**) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x40bac) #7 0x7fc149d773ac in _init (/usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so+0x13ac)
[Desktop-packages] [Bug 1743401] Re: AddressSanitizer: heap-buffer-overflow in libxkbcommon-x11.so
Sorry I didn't think about this before, but I gave the non-ASAN version of the application a spin with valgrind 3.13 and it doesn't report any memory errors with it - so it's possible this is either something valgrind won't catch or a false positive by ASAN. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxkbcommon in Ubuntu. https://bugs.launchpad.net/bugs/1743401 Title: AddressSanitizer: heap-buffer-overflow in libxkbcommon-x11.so Status in libxkbcommon package in Ubuntu: New Bug description: I am running an application which has a feature which utilizes Qt5. For testing purposes this application was built with the AddressSanitizer of the official clang 5.0.1 binariesfor ubuntu 16.04. This was working fine until a few days ago. It started out with another user reporting issues with Qt and the pt_BR.UTF-8 locale which I was able to confirm after I installed it. Shorty after that I was no longer able to run anything that used the Qt code. I tried removing the additional locale or setting a different one via the environment, but that didn't help. I also did some changes in the "Text Input" settings like removing removing the "English" keyboard layout before I encountered this. Unfortunately I didn't have the time yet to set the system back up from scratch and try to reproduce what exact change caused this. Below I added the traces of ASAN and the debugger. The code in question is found in xkbcommon/src/x11/util.c length = xcb_get_atom_name_name_length(reply); name = xcb_get_atom_name_name(reply); *out = strndup(name, length); Unfortunately I was not able to see what "name" is, but length was 8. lsb_release -rd Description:Ubuntu 16.04.3 LTS Release:16.04 libxkbcommon0: Installed: 0.5.0-1ubuntu2 Candidate: 0.5.0-1ubuntu2 Version table: *** 0.5.0-1ubuntu2 500 500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status qt5-default: Installed: 5.5.1+dfsg-16ubuntu7.5 Candidate: 5.5.1+dfsg-16ubuntu7.5 Version table: *** 5.5.1+dfsg-16ubuntu7.5 500 500 http://de.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages 100 /var/lib/dpkg/status 5.5.1+dfsg-16ubuntu7 500 500 http://de.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages locale LANG=en_US.UTF-8 LANGUAGE= LC_CTYPE="en_US.UTF-8" LC_NUMERIC=de_DE.UTF-8 LC_TIME=de_DE.UTF-8 LC_COLLATE="en_US.UTF-8" LC_MONETARY=de_DE.UTF-8 LC_MESSAGES="en_US.UTF-8" LC_PAPER=de_DE.UTF-8 LC_NAME=de_DE.UTF-8 LC_ADDRESS=de_DE.UTF-8 LC_TELEPHONE=de_DE.UTF-8 LC_MEASUREMENT=de_DE.UTF-8 LC_IDENTIFICATION=de_DE.UTF-8 LC_ALL= ==3008==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400015c4b8 at pc 0x01445853 bp 0x7ffd07632920 sp 0x7ffd076320b8 READ of size 9 at 0x60400015c4b8 thread T0 #0 0x1445852 in __interceptor___strndup /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:337:3 #1 0x7fc1481fd70e (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x470e) #2 0x7fc1481fcd79 in xkb_x11_keymap_new_from_device (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x3d79) #3 0x7fc149cb9c8f (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x42c8f) #4 0x7fc149cba0ec (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x430ec) #5 0x7fc149cb4931 in QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x3d931) #6 0x7fc149cb7bac in QXcbIntegration::QXcbIntegration(QStringList const&, int&, char**) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x40bac) #7 0x7fc149d773ac in _init (/usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so+0x13ac) #8 0x7fc179728d91 in QPlatformIntegrationFactory::create(QString const&, QStringList const&, int&, char**, QString const&) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xdfd91) #9 0x7fc179734fc3 in QGuiApplicationPrivate::createPlatformIntegration() (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xebfc3) #10 0x7fc179735ecc in QGuiApplicationPrivate::createEventDispatcher() (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xececc) #11 0x7fc1793fd7e5 in QCoreApplication::init() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28a7e5) #12 0x7fc1793fd855 in QCoreApplication::QCoreApplication(QCoreApplicationPrivate&) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28a855) #13 0x7fc179737cc8 in QGuiApplication::QGuiApplication(QGuiApplicationPrivate&) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xeecc8) #14 0x7fc179ceebcc in QApplication::QApplication(int&, char**, int) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15dbcc) #15 0x8c7f4e5 in debug_qt::init_debugger(running_machine&)
[Desktop-packages] [Bug 1743401] [NEW] AddressSanitizer: heap-buffer-overflow in libxkbcommon-x11.so
Public bug reported: I am running an application which has a feature which utilizes Qt5. For testing purposes this application was built with the AddressSanitizer of the official clang 5.0.1 binariesfor ubuntu 16.04. This was working fine until a few days ago. It started out with another user reporting issues with Qt and the pt_BR.UTF-8 locale which I was able to confirm after I installed it. Shorty after that I was no longer able to run anything that used the Qt code. I tried removing the additional locale or setting a different one via the environment, but that didn't help. I also did some changes in the "Text Input" settings like removing removing the "English" keyboard layout before I encountered this. Unfortunately I didn't have the time yet to set the system back up from scratch and try to reproduce what exact change caused this. Below I added the traces of ASAN and the debugger. The code in question is found in xkbcommon/src/x11/util.c length = xcb_get_atom_name_name_length(reply); name = xcb_get_atom_name_name(reply); *out = strndup(name, length); Unfortunately I was not able to see what "name" is, but length was 8. lsb_release -rd Description:Ubuntu 16.04.3 LTS Release:16.04 libxkbcommon0: Installed: 0.5.0-1ubuntu2 Candidate: 0.5.0-1ubuntu2 Version table: *** 0.5.0-1ubuntu2 500 500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status qt5-default: Installed: 5.5.1+dfsg-16ubuntu7.5 Candidate: 5.5.1+dfsg-16ubuntu7.5 Version table: *** 5.5.1+dfsg-16ubuntu7.5 500 500 http://de.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages 100 /var/lib/dpkg/status 5.5.1+dfsg-16ubuntu7 500 500 http://de.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages locale LANG=en_US.UTF-8 LANGUAGE= LC_CTYPE="en_US.UTF-8" LC_NUMERIC=de_DE.UTF-8 LC_TIME=de_DE.UTF-8 LC_COLLATE="en_US.UTF-8" LC_MONETARY=de_DE.UTF-8 LC_MESSAGES="en_US.UTF-8" LC_PAPER=de_DE.UTF-8 LC_NAME=de_DE.UTF-8 LC_ADDRESS=de_DE.UTF-8 LC_TELEPHONE=de_DE.UTF-8 LC_MEASUREMENT=de_DE.UTF-8 LC_IDENTIFICATION=de_DE.UTF-8 LC_ALL= ==3008==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400015c4b8 at pc 0x01445853 bp 0x7ffd07632920 sp 0x7ffd076320b8 READ of size 9 at 0x60400015c4b8 thread T0 #0 0x1445852 in __interceptor___strndup /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:337:3 #1 0x7fc1481fd70e (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x470e) #2 0x7fc1481fcd79 in xkb_x11_keymap_new_from_device (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x3d79) #3 0x7fc149cb9c8f (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x42c8f) #4 0x7fc149cba0ec (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x430ec) #5 0x7fc149cb4931 in QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x3d931) #6 0x7fc149cb7bac in QXcbIntegration::QXcbIntegration(QStringList const&, int&, char**) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x40bac) #7 0x7fc149d773ac in _init (/usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so+0x13ac) #8 0x7fc179728d91 in QPlatformIntegrationFactory::create(QString const&, QStringList const&, int&, char**, QString const&) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xdfd91) #9 0x7fc179734fc3 in QGuiApplicationPrivate::createPlatformIntegration() (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xebfc3) #10 0x7fc179735ecc in QGuiApplicationPrivate::createEventDispatcher() (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xececc) #11 0x7fc1793fd7e5 in QCoreApplication::init() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28a7e5) #12 0x7fc1793fd855 in QCoreApplication::QCoreApplication(QCoreApplicationPrivate&) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28a855) #13 0x7fc179737cc8 in QGuiApplication::QGuiApplication(QGuiApplicationPrivate&) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xeecc8) #14 0x7fc179ceebcc in QApplication::QApplication(int&, char**, int) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15dbcc) #15 0x8c7f4e5 in debug_qt::init_debugger(running_machine&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/debugger/debugqt.cpp:251:7 #16 0x8c81c6c in non-virtual thunk to debug_qt::init_debugger(running_machine&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/debugger/debugqt.cpp #17 0x8af8740 in osd_common_t::init_debugger() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/lib/osdobj_common.cpp:498:14 #18 0xe0bded4 in debugger_manager::debugger_manager(running_machine&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/debugger.cpp:138:16 #19 0xe69fc1c in make_unique
[Desktop-packages] [Bug 1406901] [NEW] MemorySanitizer reports warning for each application linked against Qt
Public bug reported: When compiling a program with clang and MemorySanitizer you get the following: Uninitialized bytes in __interceptor_strcmp at offset 0 inside [0x6080ded8, 2) ==10413== WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x7fdfc0c6575d in QMetaType::registerType(char const*, void (*)(void*), void* (*)(void const*)) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18975d) #1 0x7fdfc1178e4d in _init (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1b7e4d) #2 0x7fdfc2496139 in call_init /build/buildd/eglibc-2.19/elf/dl-init.c:78 #3 0x7fdfc2496222 in call_init /build/buildd/eglibc-2.19/elf/dl-init.c:36 #4 0x7fdfc2496222 in _dl_init /build/buildd/eglibc-2.19/elf/dl-init.c:126 #5 0x7fdfc2487309 (/lib64/ld-linux-x86-64.so.2+0x1309) Uninitialized value was created by a heap allocation #0 0x7fdfc3845e23 in __interceptor_malloc /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/msan/msan_interceptors.cc:835:3 #1 0x7fdfc0b591bf in QByteArray::realloc(int) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x7d1bf) #2 0x7fff5f7611cf (unknown module) SUMMARY: MemorySanitizer: use-of-uninitialized-value ??:0 QMetaType::registerType(char const*, void (*)(void*), void* (*)(void const*)) I used the official clang 3.5 ubuntu 14.04 binaries provided by llvm.org - http://llvm.org/releases/download.html#3.5.0 libqtcore4: Installed: 4:4.8.5+git192-g085f851+dfsg-2ubuntu4 Candidate: 4:4.8.5+git192-g085f851+dfsg-2ubuntu4 Version table: *** 4:4.8.5+git192-g085f851+dfsg-2ubuntu4 0 500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages 100 /var/lib/dpkg/status Description:Ubuntu 14.04.1 LTS Release:14.04 ** Affects: qt4-x11 (Ubuntu) Importance: Undecided Status: New ** Package changed: apport (Ubuntu) = qt4-x11 (Ubuntu) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1406901 Title: MemorySanitizer reports warning for each application linked against Qt Status in qt4-x11 package in Ubuntu: New Bug description: When compiling a program with clang and MemorySanitizer you get the following: Uninitialized bytes in __interceptor_strcmp at offset 0 inside [0x6080ded8, 2) ==10413== WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x7fdfc0c6575d in QMetaType::registerType(char const*, void (*)(void*), void* (*)(void const*)) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x18975d) #1 0x7fdfc1178e4d in _init (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1b7e4d) #2 0x7fdfc2496139 in call_init /build/buildd/eglibc-2.19/elf/dl-init.c:78 #3 0x7fdfc2496222 in call_init /build/buildd/eglibc-2.19/elf/dl-init.c:36 #4 0x7fdfc2496222 in _dl_init /build/buildd/eglibc-2.19/elf/dl-init.c:126 #5 0x7fdfc2487309 (/lib64/ld-linux-x86-64.so.2+0x1309) Uninitialized value was created by a heap allocation #0 0x7fdfc3845e23 in __interceptor_malloc /home/ben/development/llvm/3.5/final/llvm.src/projects/compiler-rt/lib/msan/msan_interceptors.cc:835:3 #1 0x7fdfc0b591bf in QByteArray::realloc(int) (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x7d1bf) #2 0x7fff5f7611cf (unknown module) SUMMARY: MemorySanitizer: use-of-uninitialized-value ??:0 QMetaType::registerType(char const*, void (*)(void*), void* (*)(void const*)) I used the official clang 3.5 ubuntu 14.04 binaries provided by llvm.org - http://llvm.org/releases/download.html#3.5.0 libqtcore4: Installed: 4:4.8.5+git192-g085f851+dfsg-2ubuntu4 Candidate: 4:4.8.5+git192-g085f851+dfsg-2ubuntu4 Version table: *** 4:4.8.5+git192-g085f851+dfsg-2ubuntu4 0 500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages 100 /var/lib/dpkg/status Description:Ubuntu 14.04.1 LTS Release:14.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qt4-x11/+bug/1406901/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
