[Desktop-packages] [Bug 1743401] Re: AddressSanitizer: heap-buffer-overflow in libxkbcommon-x11.so
I rebuild the package without optimizations got some more data. The ASAN out now matches the gdb one READ of size 9 at 0x6040001944b8 thread T0 #0 0x14454c2 in __interceptor_strndup /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:327:3 #1 0x7ffa3f4b06f8 in get_atom_name /home/user/libxkbcommon-0.5.0/src/x11/util.c:146 #2 0x7ffa3f4afd63 in get_names /home/user/libxkbcommon-0.5.0/src/x11/keymap.c:1092 #3 0x7ffa3f4b026c in xkb_x11_keymap_new_from_device /home/user/libxkbcommon-0.5.0/src/x11/keymap.c:1169 Looking at the variables in the debugger everything seems fine #7 0x7fffc44236f9 in get_atom_name (conn=0x62aae200, atom=142, out=0x61bef400) at src/x11/util.c:146 146 *out = strndup(name, length); (gdb) print length $1 = 8 (gdb) print name $2 = 0x6040001944b0 "complete" (gdb) print name[7] $3 = 101 'e' (gdb) print name[8] $4 = 0 '\000' But judging from the error message somehow the ASAN peaks beyond its end. I was able reproduce this behavior in a small sample and it turns out it is caused by ASAN_OPTIONS=strict_string_checks=1. So it seems it is a sanitizer issue. I will bring it up with that team. Sorry about the apparently faulty report. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxkbcommon in Ubuntu. https://bugs.launchpad.net/bugs/1743401 Title: AddressSanitizer: heap-buffer-overflow in libxkbcommon-x11.so Status in libxkbcommon package in Ubuntu: New Bug description: I am running an application which has a feature which utilizes Qt5. For testing purposes this application was built with the AddressSanitizer of the official clang 5.0.1 binariesfor ubuntu 16.04. This was working fine until a few days ago. It started out with another user reporting issues with Qt and the pt_BR.UTF-8 locale which I was able to confirm after I installed it. Shorty after that I was no longer able to run anything that used the Qt code. I tried removing the additional locale or setting a different one via the environment, but that didn't help. I also did some changes in the "Text Input" settings like removing removing the "English" keyboard layout before I encountered this. Unfortunately I didn't have the time yet to set the system back up from scratch and try to reproduce what exact change caused this. Below I added the traces of ASAN and the debugger. The code in question is found in xkbcommon/src/x11/util.c length = xcb_get_atom_name_name_length(reply); name = xcb_get_atom_name_name(reply); *out = strndup(name, length); Unfortunately I was not able to see what "name" is, but length was 8. lsb_release -rd Description:Ubuntu 16.04.3 LTS Release:16.04 libxkbcommon0: Installed: 0.5.0-1ubuntu2 Candidate: 0.5.0-1ubuntu2 Version table: *** 0.5.0-1ubuntu2 500 500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status qt5-default: Installed: 5.5.1+dfsg-16ubuntu7.5 Candidate: 5.5.1+dfsg-16ubuntu7.5 Version table: *** 5.5.1+dfsg-16ubuntu7.5 500 500 http://de.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages 100 /var/lib/dpkg/status 5.5.1+dfsg-16ubuntu7 500 500 http://de.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages locale LANG=en_US.UTF-8 LANGUAGE= LC_CTYPE="en_US.UTF-8" LC_NUMERIC=de_DE.UTF-8 LC_TIME=de_DE.UTF-8 LC_COLLATE="en_US.UTF-8" LC_MONETARY=de_DE.UTF-8 LC_MESSAGES="en_US.UTF-8" LC_PAPER=de_DE.UTF-8 LC_NAME=de_DE.UTF-8 LC_ADDRESS=de_DE.UTF-8 LC_TELEPHONE=de_DE.UTF-8 LC_MEASUREMENT=de_DE.UTF-8 LC_IDENTIFICATION=de_DE.UTF-8 LC_ALL= ==3008==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400015c4b8 at pc 0x01445853 bp 0x7ffd07632920 sp 0x7ffd076320b8 READ of size 9 at 0x60400015c4b8 thread T0 #0 0x1445852 in __interceptor___strndup /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:337:3 #1 0x7fc1481fd70e (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x470e) #2 0x7fc1481fcd79 in xkb_x11_keymap_new_from_device (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x3d79) #3 0x7fc149cb9c8f (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x42c8f) #4 0x7fc149cba0ec (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x430ec) #5 0x7fc149cb4931 in QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x3d931) #6 0x7fc149cb7bac in QXcbIntegration::QXcbIntegration(QStringList const&, int&, char**) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x40bac) #7 0x7fc149d773ac in _init (/usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so+0x13ac)
[Desktop-packages] [Bug 1743401] Re: AddressSanitizer: heap-buffer-overflow in libxkbcommon-x11.so
Sorry I didn't think about this before, but I gave the non-ASAN version of the application a spin with valgrind 3.13 and it doesn't report any memory errors with it - so it's possible this is either something valgrind won't catch or a false positive by ASAN. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxkbcommon in Ubuntu. https://bugs.launchpad.net/bugs/1743401 Title: AddressSanitizer: heap-buffer-overflow in libxkbcommon-x11.so Status in libxkbcommon package in Ubuntu: New Bug description: I am running an application which has a feature which utilizes Qt5. For testing purposes this application was built with the AddressSanitizer of the official clang 5.0.1 binariesfor ubuntu 16.04. This was working fine until a few days ago. It started out with another user reporting issues with Qt and the pt_BR.UTF-8 locale which I was able to confirm after I installed it. Shorty after that I was no longer able to run anything that used the Qt code. I tried removing the additional locale or setting a different one via the environment, but that didn't help. I also did some changes in the "Text Input" settings like removing removing the "English" keyboard layout before I encountered this. Unfortunately I didn't have the time yet to set the system back up from scratch and try to reproduce what exact change caused this. Below I added the traces of ASAN and the debugger. The code in question is found in xkbcommon/src/x11/util.c length = xcb_get_atom_name_name_length(reply); name = xcb_get_atom_name_name(reply); *out = strndup(name, length); Unfortunately I was not able to see what "name" is, but length was 8. lsb_release -rd Description:Ubuntu 16.04.3 LTS Release:16.04 libxkbcommon0: Installed: 0.5.0-1ubuntu2 Candidate: 0.5.0-1ubuntu2 Version table: *** 0.5.0-1ubuntu2 500 500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status qt5-default: Installed: 5.5.1+dfsg-16ubuntu7.5 Candidate: 5.5.1+dfsg-16ubuntu7.5 Version table: *** 5.5.1+dfsg-16ubuntu7.5 500 500 http://de.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages 100 /var/lib/dpkg/status 5.5.1+dfsg-16ubuntu7 500 500 http://de.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages locale LANG=en_US.UTF-8 LANGUAGE= LC_CTYPE="en_US.UTF-8" LC_NUMERIC=de_DE.UTF-8 LC_TIME=de_DE.UTF-8 LC_COLLATE="en_US.UTF-8" LC_MONETARY=de_DE.UTF-8 LC_MESSAGES="en_US.UTF-8" LC_PAPER=de_DE.UTF-8 LC_NAME=de_DE.UTF-8 LC_ADDRESS=de_DE.UTF-8 LC_TELEPHONE=de_DE.UTF-8 LC_MEASUREMENT=de_DE.UTF-8 LC_IDENTIFICATION=de_DE.UTF-8 LC_ALL= ==3008==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400015c4b8 at pc 0x01445853 bp 0x7ffd07632920 sp 0x7ffd076320b8 READ of size 9 at 0x60400015c4b8 thread T0 #0 0x1445852 in __interceptor___strndup /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:337:3 #1 0x7fc1481fd70e (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x470e) #2 0x7fc1481fcd79 in xkb_x11_keymap_new_from_device (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x3d79) #3 0x7fc149cb9c8f (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x42c8f) #4 0x7fc149cba0ec (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x430ec) #5 0x7fc149cb4931 in QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x3d931) #6 0x7fc149cb7bac in QXcbIntegration::QXcbIntegration(QStringList const&, int&, char**) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x40bac) #7 0x7fc149d773ac in _init (/usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so+0x13ac) #8 0x7fc179728d91 in QPlatformIntegrationFactory::create(QString const&, QStringList const&, int&, char**, QString const&) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xdfd91) #9 0x7fc179734fc3 in QGuiApplicationPrivate::createPlatformIntegration() (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xebfc3) #10 0x7fc179735ecc in QGuiApplicationPrivate::createEventDispatcher() (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xececc) #11 0x7fc1793fd7e5 in QCoreApplication::init() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28a7e5) #12 0x7fc1793fd855 in QCoreApplication::QCoreApplication(QCoreApplicationPrivate&) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28a855) #13 0x7fc179737cc8 in QGuiApplication::QGuiApplication(QGuiApplicationPrivate&) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xeecc8) #14 0x7fc179ceebcc in QApplication::QApplication(int&, char**, int) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15dbcc) #15 0x8c7f4e5 in debug_qt::init_debugger(running_machine&) /mnt/mame/build/projec
[Desktop-packages] [Bug 1743401] Re: AddressSanitizer: heap-buffer-overflow in libxkbcommon-x11.so
** Tags added: xenial -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxkbcommon in Ubuntu. https://bugs.launchpad.net/bugs/1743401 Title: AddressSanitizer: heap-buffer-overflow in libxkbcommon-x11.so Status in libxkbcommon package in Ubuntu: New Bug description: I am running an application which has a feature which utilizes Qt5. For testing purposes this application was built with the AddressSanitizer of the official clang 5.0.1 binariesfor ubuntu 16.04. This was working fine until a few days ago. It started out with another user reporting issues with Qt and the pt_BR.UTF-8 locale which I was able to confirm after I installed it. Shorty after that I was no longer able to run anything that used the Qt code. I tried removing the additional locale or setting a different one via the environment, but that didn't help. I also did some changes in the "Text Input" settings like removing removing the "English" keyboard layout before I encountered this. Unfortunately I didn't have the time yet to set the system back up from scratch and try to reproduce what exact change caused this. Below I added the traces of ASAN and the debugger. The code in question is found in xkbcommon/src/x11/util.c length = xcb_get_atom_name_name_length(reply); name = xcb_get_atom_name_name(reply); *out = strndup(name, length); Unfortunately I was not able to see what "name" is, but length was 8. lsb_release -rd Description:Ubuntu 16.04.3 LTS Release:16.04 libxkbcommon0: Installed: 0.5.0-1ubuntu2 Candidate: 0.5.0-1ubuntu2 Version table: *** 0.5.0-1ubuntu2 500 500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status qt5-default: Installed: 5.5.1+dfsg-16ubuntu7.5 Candidate: 5.5.1+dfsg-16ubuntu7.5 Version table: *** 5.5.1+dfsg-16ubuntu7.5 500 500 http://de.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages 100 /var/lib/dpkg/status 5.5.1+dfsg-16ubuntu7 500 500 http://de.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages locale LANG=en_US.UTF-8 LANGUAGE= LC_CTYPE="en_US.UTF-8" LC_NUMERIC=de_DE.UTF-8 LC_TIME=de_DE.UTF-8 LC_COLLATE="en_US.UTF-8" LC_MONETARY=de_DE.UTF-8 LC_MESSAGES="en_US.UTF-8" LC_PAPER=de_DE.UTF-8 LC_NAME=de_DE.UTF-8 LC_ADDRESS=de_DE.UTF-8 LC_TELEPHONE=de_DE.UTF-8 LC_MEASUREMENT=de_DE.UTF-8 LC_IDENTIFICATION=de_DE.UTF-8 LC_ALL= ==3008==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400015c4b8 at pc 0x01445853 bp 0x7ffd07632920 sp 0x7ffd076320b8 READ of size 9 at 0x60400015c4b8 thread T0 #0 0x1445852 in __interceptor___strndup /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:337:3 #1 0x7fc1481fd70e (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x470e) #2 0x7fc1481fcd79 in xkb_x11_keymap_new_from_device (/usr/lib/x86_64-linux-gnu/libxkbcommon-x11.so.0+0x3d79) #3 0x7fc149cb9c8f (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x42c8f) #4 0x7fc149cba0ec (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x430ec) #5 0x7fc149cb4931 in QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x3d931) #6 0x7fc149cb7bac in QXcbIntegration::QXcbIntegration(QStringList const&, int&, char**) (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x40bac) #7 0x7fc149d773ac in _init (/usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so+0x13ac) #8 0x7fc179728d91 in QPlatformIntegrationFactory::create(QString const&, QStringList const&, int&, char**, QString const&) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xdfd91) #9 0x7fc179734fc3 in QGuiApplicationPrivate::createPlatformIntegration() (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xebfc3) #10 0x7fc179735ecc in QGuiApplicationPrivate::createEventDispatcher() (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xececc) #11 0x7fc1793fd7e5 in QCoreApplication::init() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28a7e5) #12 0x7fc1793fd855 in QCoreApplication::QCoreApplication(QCoreApplicationPrivate&) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28a855) #13 0x7fc179737cc8 in QGuiApplication::QGuiApplication(QGuiApplicationPrivate&) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xeecc8) #14 0x7fc179ceebcc in QApplication::QApplication(int&, char**, int) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15dbcc) #15 0x8c7f4e5 in debug_qt::init_debugger(running_machine&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/debugger/debugqt.cpp:251:7 #16 0x8c81c6c in non-virtual thunk to debug_qt::init_debugger(running_machine&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../
