Crashes in Resampler
- From: Tim Janik <timj gnu org>
- To: Stefan Westerfeld <stefan space twc de>
- Cc: beast gnome org
- Subject: Crashes in Resampler
- Date: Mon, 3 Feb 2020 22:41:54 +0100
Hi Stefan,
compiling beast as described below crashes the resampler.
The following workaround avoids the crash but is most certainly incomplete:
--- a/bse/bseresampler.cc
+++ b/bse/bseresampler.cc
@@ -469,3 +469,3 @@ fir_test_filter_sse (bool verbose,
- AlignedArray<float,16> random_mem (order + 4);
+ AlignedArray<float,16> random_mem (order + 6);
for (uint i = 0; i < order + 4; i++)
Build instructions:
# disable ASAN spam to stderr about leaks
export ASAN_OPTIONS=detect_leaks=0
# build with address sanitizer
make default MODE = asan
make clean
make -j11
make check
RUN… testresampler_check_filter_impl
=================================================================
==13997==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000050d20 at pc 0x15544db63beb bp
0x15544a047660 sp 0x15544a047650
READ of size 16 at 0x603000050d20 thread T1 (BseMain)
#0 0x15544db63bea in (anonymous namespace)::fir_process_4samples_sse(float const*, float const*, unsigned
int, float*, float*, float*, float*) bse/bseresa
mpler.cc:383
#1 0x15544db630fc in (anonymous namespace)::fir_test_filter_sse(bool, unsigned int)
bse/bseresampler.cc:478
#2 0x15544db62c09 in Bse::Resampler2::test_filter_impl(bool) bse/bseresampler.cc:863
#3 0x5e23a3 in test_filter_impl() tests/testresampler.cc:305
#4 0x5e234d in perform_test() tests/testresampler.cc:651
#5 0x5e2213 in run_testresampler(TestType) tests/testresampler.cc:754
#6 0x5e0d09 in testresampler_check_filter_impl() tests/testresampler.cc:799
0x603000050d28 is located 0 bytes to the right of 24-byte region [0x603000050d10,0x603000050d28)
allocated by thread T1 (BseMain) here:
#0 0x15544e462a67 in operator new[](unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0x10fa67)
#1 0x15544d977182 in Bse::aligned_alloc(unsigned long, unsigned long, unsigned char**) bse/bcore.cc:66
#2 0x15544db6568e in Bse::AlignedArray<float, 16>::allocate_aligned_data() bse/bcore.hh:342
#3 0x15544db65121 in Bse::AlignedArray<float, 16>::AlignedArray(unsigned long) bse/bcore.hh:357
#4 0x15544db63039 in (anonymous namespace)::fir_test_filter_sse(bool, unsigned int)
bse/bseresampler.cc:470
SUMMARY: AddressSanitizer: heap-buffer-overflow bse/bseresampler.cc:383 in (anonymous
namespace)::fir_process_4samples_sse(float const*, float const*, unsigned int, float*, float*, float*, float*)
Shadow bytes around the buggy address:
0x0c0680002150: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
0x0c0680002160: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
0x0c0680002170: fa fa fd fd fd fa fa fa fd fd fd fd fa fa fd fd
0x0c0680002180: fd fa fa fa fd fd fd fd fa fa fd fd fd fd fa fa
0x0c0680002190: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fa
=>0x0c06800021a0: fa fa 00 00[00]fa fa fa fa fa fa fa fa fa fa fa
0x0c06800021b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c06800021c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c06800021d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c06800021e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c06800021f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==13997==ABORTING
make: *** [tests/Makefile.mk:107: check-suite] Error 1
--
Yours sincerely,
Tim Janik
---
https://testbit.eu/timj/
Free software author.
--
Yours sincerely,
Tim Janik
https://testbit.eu/timj
Free software author.
[Date Prev][
Date Next] [Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
