Details
Description
Seen when running Python tests with gcc -fsanitize=address (requires LD_PRELOAD=/usr/lib64/libasan.so.4 and ASAN_OPTIONS=detect_leaks=0):
ERROR: test_pack.test_pack.test_packing (subunit.RemotedTestCase)
|
=================================================================
|
==7890==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000214d9 at pc 0x7efcad2f836e bp 0x7fffca858730 sp 0x7fffca857ed8
|
READ of size 10 at 0x6020000214d9 thread T0
|
#0 0x7efcad2f836d (/usr/lib64/libasan.so.4+0x5136d)
|
#1 0x7efca0a28008 in __pack_write ../src/include/packing.i:345
|
#2 0x7efca0a2f970 in __wt_schema_project_merge ../src/schema/schema_project.c:470
|
#3 0x7efca08ff2a6 in __wt_apply_single_idx ../src/cursor/cur_table.c:120
|
#4 0x7efca08ff61a in __apply_idx ../src/cursor/cur_table.c:154
|
#5 0x7efca0904914 in __curtable_insert ../src/cursor/cur_table.c:533
|
#6 0x7efca0dc3a5e in _wrap_Cursor_insert /home/mjc/wt/src/wiredtiger-git/lang/python/wiredtiger_wrap.c:4275
|
#7 0x7efcacfe2eab in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x17feab)
|
#8 0x7efcacfe43f7 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x1813f7)
|
#9 0x7efcacfe1432 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x17e432)
|
#10 0x7efcacfe1d98 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x17ed98)
|
#11 0x7efcacfe43f7 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x1813f7)
|
#12 0x7efcacf33986 (/lib64/libpython2.7.so.1.0+0xd0986)
|
#13 0x7efcacefca52 in PyObject_Call (/lib64/libpython2.7.so.1.0+0x99a52)
|
#14 0x7efcacfdfc42 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x17cc42)
|
#15 0x7efcacfe43f7 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x1813f7)
|
#16 0x7efcacf337ed (/lib64/libpython2.7.so.1.0+0xd07ed)
|
#17 0x7efcacefca52 in PyObject_Call (/lib64/libpython2.7.so.1.0+0x99a52)
|
#18 0x7efcacf2888d (/lib64/libpython2.7.so.1.0+0xc588d)
|
#19 0x7efcacefca52 in PyObject_Call (/lib64/libpython2.7.so.1.0+0x99a52)
|
#20 0x7efcacfb6a2a (/lib64/libpython2.7.so.1.0+0x153a2a)
|
#21 0x7efcacefca52 in PyObject_Call (/lib64/libpython2.7.so.1.0+0x99a52)
|
#22 0x7efcacfdf453 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x17c453)
|
#23 0x7efcacfe43f7 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x1813f7)
|
#24 0x7efcacfe1432 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x17e432)
|
#25 0x7efcacfe43f7 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x1813f7)
|
#26 0x7efcacfe1432 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x17e432)
|
#27 0x7efcacfe43f7 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x1813f7)
|
#28 0x7efcacf33986 (/lib64/libpython2.7.so.1.0+0xd0986)
|
#29 0x7efcacefca52 in PyObject_Call (/lib64/libpython2.7.so.1.0+0x99a52)
|
#30 0x7efcacfdfc42 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x17cc42)
|
#31 0x7efcacfe43f7 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x1813f7)
|
#32 0x7efcacf337ed (/lib64/libpython2.7.so.1.0+0xd07ed)
|
#33 0x7efcacefca52 in PyObject_Call (/lib64/libpython2.7.so.1.0+0x99a52)
|
#34 0x7efcacf2888d (/lib64/libpython2.7.so.1.0+0xc588d)
|
#35 0x7efcacefca52 in PyObject_Call (/lib64/libpython2.7.so.1.0+0x99a52)
|
#36 0x7efcacfb6a2a (/lib64/libpython2.7.so.1.0+0x153a2a)
|
#37 0x7efcacefca52 in PyObject_Call (/lib64/libpython2.7.so.1.0+0x99a52)
|
#38 0x7efcacfdf453 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x17c453)
|
#39 0x7efcacfe1d98 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x17ed98)
|
#40 0x7efcacfe1d98 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x17ed98)
|
#41 0x7efcacfe43f7 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x1813f7)
|
#42 0x7efcacfe4608 in PyEval_EvalCode (/lib64/libpython2.7.so.1.0+0x181608)
|
#43 0x7efcacfbc81e (/lib64/libpython2.7.so.1.0+0x15981e)
|
#44 0x7efcacfbc8c9 in PyRun_FileExFlags (/lib64/libpython2.7.so.1.0+0x1598c9)
|
#45 0x7efcacfbd8cd in PyRun_SimpleFileExFlags (/lib64/libpython2.7.so.1.0+0x15a8cd)
|
#46 0x7efcacfb061d in Py_Main (/lib64/libpython2.7.so.1.0+0x14d61d)
|
#47 0x7efcac176509 in __libc_start_main (/lib64/libc.so.6+0x20509)
|
#48 0x55d4a4b02779 in _start (/usr/bin/python2.7+0x779)
|
|
0x6020000214d9 is located 0 bytes to the right of 9-byte region [0x6020000214d0,0x6020000214d9)
|
allocated by thread T0 here:
|
#0 0x7efcad385c40 in realloc (/usr/lib64/libasan.so.4+0xdec40)
|
#1 0x7efca09ad016 in __realloc_func ../src/os_common/os_alloc.c:130
|
#2 0x7efca09ad154 in __wt_realloc_noclear ../src/os_common/os_alloc.c:171
|
#3 0x7efca0a75bfe in __wt_buf_grow_worker ../src/support/scratch.c:48
|
#4 0x7efca0a2671e in __wt_buf_grow ../src/include/buf.i:18
|
#5 0x7efca0a2e667 in __wt_schema_project_slice ../src/schema/schema_project.c:369
|
#6 0x7efca0900ab7 in __wt_curtable_set_value ../src/cursor/cur_table.c:258
|
#7 0x7efca0dc6a2c in __wt_cursor__set_value /home/mjc/wt/src/wiredtiger-git/lang/python/wiredtiger_wrap.c:3480
|
#8 0x7efca0dc6a2c in _wrap_Cursor__set_value /home/mjc/wt/src/wiredtiger-git/lang/python/wiredtiger_wrap.c:4747
|
|
SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib64/libasan.so.4+0x5136d)
|
Shadow bytes around the buggy address:
|
0x0c047fffc240: fa fa 07 fa fa fa 03 fa fa fa 04 fa fa fa 00 fa
|
0x0c047fffc250: fa fa fd fd fa fa 04 fa fa fa fd fa fa fa fd fa
|
0x0c047fffc260: fa fa 07 fa fa fa fd fa fa fa fd fa fa fa fd fd
|
0x0c047fffc270: fa fa fd fd fa fa 00 03 fa fa 00 05 fa fa 00 fa
|
0x0c047fffc280: fa fa 00 00 fa fa 02 fa fa fa 00 fa fa fa 04 fa
|
=>0x0c047fffc290: fa fa 01 fa fa fa 00 00 fa fa 00[01]fa fa 00 fa
|
0x0c047fffc2a0: fa fa 00 fa fa fa 00 01 fa fa fa fa fa fa 00 00
|
0x0c047fffc2b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c047fffc2c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c047fffc2d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c047fffc2e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==7890==ABORTING
|
This is surprising because that test has been around forever and nothing in that area has changed recently.