New issue
Advanced search Search tips

Issue 774609 link

Starred by 1 user
Status: Duplicate
Owner:
ahass...@chromium.org
Closed: Oct 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

Puffin asan tests failure

Project Member Reported by ahass...@chromium.org, Oct 13 2017 
 * ERROR: dev-util/puffin-9999::chromiumos failed (test phase):
 *   (no error message)
 * 
 * Call stack:
 *     ebuild.sh, line   93:  Called src_test
 *   environment, line 3610:  Called platform_src_test
 *   environment, line 3205:  Called platform_pkg_test
 *   environment, line 3188:  Called platform_test 'run' '/build/amd64-generic/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest'
 *   environment, line 3238:  Called die
 * The specific snippet of code:
 *       "${cmd[@]}" || die
 * 
 * If you need support, post the output of `emerge --info '=dev-util/puffin-9999::chromiumos'`,
 * the complete build log and the output of `emerge -pqv '=dev-util/puffin-9999::chromiumos'`.
 * ASAN error detected:
 * =================================================================
 * ==17==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000006208 at pc 0x55b97fafb3b8 bp 0x7ffe91967cd0 sp 0x7ffe91967cc8
 * READ of size 8 at 0x604000006208 thread T0
 *     #0 0x55b97fafb3b7  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x1cb3b7)
 *     #1 0x55b97fab87cc  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x1887cc)
 *     #2 0x55b97fab4b0a  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x184b0a)
 *     #3 0x7fc16c5c532a  (/usr/lib64/libgtest.so.0+0x4732a)
 *     #4 0x7fc16c5a4d26  (/usr/lib64/libgtest.so.0+0x26d26)
 *     #5 0x7fc16c5a6218  (/usr/lib64/libgtest.so.0+0x28218)
 *     #6 0x7fc16c5a6a36  (/usr/lib64/libgtest.so.0+0x28a36)
 *     #7 0x7fc16c5b0bf6  (/usr/lib64/libgtest.so.0+0x32bf6)
 *     #8 0x7fc16c5c609a  (/usr/lib64/libgtest.so.0+0x4809a)
 *     #9 0x7fc16c5b0881  (/usr/lib64/libgtest.so.0+0x32881)
 *     #10 0x55b97fb0cf55  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x1dcf55)
 *     #11 0x7fc16b29a735  (/lib64/libc.so.6+0x20735)
 *     #12 0x55b97f9b4588  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x84588)
 * 
 * 0x604000006208 is located 8 bytes to the left of 34-byte region [0x604000006210,0x604000006232)
 * allocated by thread T0 here:
 *     #0 0x55b97fa7ebb2  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x14ebb2)
 *     #1 0x55b97fa9e8f6  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x16e8f6)
 *     #2 0x55b97faa5411  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x175411)
 *     #3 0x55b97fab7bac  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x187bac)
 *     #4 0x55b97fab4b0a  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x184b0a)
 *     #5 0x7fc16c5c532a  (/usr/lib64/libgtest.so.0+0x4732a)
 *     #6 0x7fc16c5a4d26  (/usr/lib64/libgtest.so.0+0x26d26)
 *     #7 0x7fc16c5a6218  (/usr/lib64/libgtest.so.0+0x28218)
 *     #8 0x7fc16c5a6a36  (/usr/lib64/libgtest.so.0+0x28a36)
 *     #9 0x7fc16c5b0bf6  (/usr/lib64/libgtest.so.0+0x32bf6)
 *     #10 0x7fc16c5c609a  (/usr/lib64/libgtest.so.0+0x4809a)
 *     #11 0x7fc16c5b0881  (/usr/lib64/libgtest.so.0+0x32881)
 *     #12 0x55b97fb0cf55  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x1dcf55)
 *     #13 0x7fc16b29a735  (/lib64/libc.so.6+0x20735)
 *     #14 0x55b97f9b4588  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x84588)
 * 
 * SUMMARY: AddressSanitizer: heap-buffer-overflow (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x1cb3b7) 
 * Shadow bytes around the buggy address:
 *   0x0c087fff8bf0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
 *   0x0c087fff8c00: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
 *   0x0c087fff8c10: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
 *   0x0c087fff8c20: fa fa fd fd fd fd fd fd fa fa 00 00 00 00 00 fa
 *   0x0c087fff8c30: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
 * =>0x0c087fff8c40: fa[fa]00 00 00 00 02 fa fa fa fa fa fa fa fa fa
 *   0x0c087fff8c50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 *   0x0c087fff8c60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 *   0x0c087fff8c70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 *   0x0c087fff8c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 *   0x0c087fff8c90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 * Shadow byte legend (one shadow byte represents 8 application bytes):
 *   Addressable:           00
 *   Partially addressable: 01 02 03 04 05 06 07 
 *   Heap left redzone:       fa
 *   Freed heap region:       fd
 *   Stack left redzone:      f1
 *   Stack mid redzone:       f2
 *   Stack right redzone:     f3
 *   Stack after return:      f5
 *   Stack use after scope:   f8
 *   Global redzone:          f9
 *   Global init order:       f6
 *   Poisoned by user:        f7
 *   Container overflow:      fc
 *   Array cookie:            ac
 *   Intra object redzone:    bb
 *   ASan internal:           fe
 *   Left alloca redzone:     ca
 *   Right alloca redzone:    cb
 * ==17==ABORTING
 * The complete build log is located at '/build/amd64-generic/tmp/portage/logs/dev-util:puffin-9999:20171013-183458.log'.
 * For convenience, a symlink to the build log is located at '/build/amd64-generic/tmp/portage/dev-util/puffin-9999/temp/build.log'.
 * The ebuild environment file is located at '/build/amd64-generic/tmp/portage/dev-util/puffin-9999/temp/environment'.
 * Working directory: '/build/amd64-generic/tmp/portage/dev-util/puffin-9999/work/puffin-9999/platform/puffin'
 * S: '/build/amd64-generic/tmp/portage/dev-util/puffin-9999/work/puffin-9999/platform/puffin'

Comment 1 by ahass...@chromium.org, Oct 13 2017 

In PuffIOTest:

 * ERROR: dev-util/puffin-9999::chromiumos failed (test phase):
 *   (no error message)
 * 
 * Call stack:
 *     ebuild.sh, line   93:  Called src_test
 *   environment, line 3611:  Called platform_src_test
 *   environment, line 3206:  Called platform_pkg_test
 *   environment, line 3189:  Called platform_test 'run' '/build/amd64-generic/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest'
 *   environment, line 3239:  Called die
 * The specific snippet of code:
 *       "${cmd[@]}" || die
 * 
 * If you need support, post the output of `emerge --info '=dev-util/puffin-9999::chromiumos'`,
 * the complete build log and the output of `emerge -pqv '=dev-util/puffin-9999::chromiumos'`.
 * ASAN error detected:
 * 
 * =================================================================
 * ==17==ERROR: LeakSanitizer: detected memory leaks
 * 
 * Direct leak of 16 byte(s) in 1 object(s) allocated from:
 *     #0 0x55fbec6005d2  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x14e5d2)
 *     #1 0x55fbec610a93  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x15ea93)
 *     #2 0x7effdca6132a  (/usr/lib64/libgtest.so.0+0x4732a)
 *     #3 0x7effdca40d26  (/usr/lib64/libgtest.so.0+0x26d26)
 *     #4 0x7effdca42218  (/usr/lib64/libgtest.so.0+0x28218)
 *     #5 0x7effdca42a36  (/usr/lib64/libgtest.so.0+0x28a36)
 *     #6 0x7effdca4cbf6  (/usr/lib64/libgtest.so.0+0x32bf6)
 *     #7 0x7effdca6209a  (/usr/lib64/libgtest.so.0+0x4809a)
 *     #8 0x7effdca4c881  (/usr/lib64/libgtest.so.0+0x32881)
 *     #9 0x55fbec68a945  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x1d8945)
 *     #10 0x7effdb736735  (/lib64/libc.so.6+0x20735)
 *     #11 0x55fbec535fa8  (/var/cache/portage/dev-util/puffin/out/Default/puffin_unittest+0x83fa8)
 * 
 * SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s).
 * The complete build log is located at '/build/amd64-generic/tmp/portage/logs/dev-util:puffin-9999:20171013-194802.log'.
 * For convenience, a symlink to the build log is located at '/build/amd64-generic/tmp/portage/dev-util/puffin-9999/temp/build.log'.
 * The ebuild environment file is located at '/build/amd64-generic/tmp/portage/dev-util/puffin-9999/temp/environment'.
 * Working directory: '/build/amd64-generic/tmp/portage/dev-util/puffin-9999/work/puffin-9999/platform/puffin'
 * S: '/build/amd64-generic/tmp/portage/dev-util/puffin-9999/work/puffin-9999/platform/puffin'

Comment 2 by ahass...@chromium.org, Oct 13 2017

Mergedinto: 773441
Status: Duplicate (was: Untriaged)
Project Member

Comment 3 by bugdroid1@chromium.org, Oct 16 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/puffin/+/92f667a14a8183e0efcc98a2ed347830dce71710

commit 92f667a14a8183e0efcc98a2ed347830dce71710
Author: Amin Hassani <ahassani@google.com>
Date: Mon Oct 16 21:14:01 2017

puffin: Fix asan build errors

This CL fixes some memory sanitizer bugs in puffin.

BUG= chromium:774609 
TEST='USE="asan" FEATURES="test" emerge-amd64-generic puffin'

Change-Id: Icbb758025b0f56e846522d7384ef1ae8c5d1f4a7
Reviewed-on: https://chromium-review.googlesource.com/719386
Commit-Ready: Amin Hassani <ahassani@chromium.org>
Tested-by: Amin Hassani <ahassani@chromium.org>
Reviewed-by: Amin Hassani <ahassani@chromium.org>
Reviewed-by: Ben Chan <benchan@chromium.org>

[modify] https://crrev.com/92f667a14a8183e0efcc98a2ed347830dce71710/src/puffin_stream.cc
[modify] https://crrev.com/92f667a14a8183e0efcc98a2ed347830dce71710/src/puff_io_unittest.cc

Sign in to add a comment