Details
Description
Build with CC="gcc -fsanitize=address".
Run:
ASAN_OPTIONS=detect_leaks=0,alloc_dealloc_mismatch=0 LD_PRELOAD=/usr/lib64/libasan.so.4 LD_LIBRARY_PATH=`pwd`/.libs python ../test/suite/run.py -v 2 -j 20 cursor12
Generates this trace:
=================================================================
|
==11207==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020001ffc1c at pc 0x7f4291209426 bp 0x7ffdfb680b80 sp 0x7ffdfb680b70
|
WRITE of size 1 at 0x6020001ffc1c thread T0
|
#0 0x7f4291209425 in __modify_apply_one ../src/support/modify.c:116
|
#1 0x7f4291208bee in __wt_modify_apply_api ../src/support/modify.c:188
|
#2 0x7f4290d1ea8b in __wt_btcur_modify ../src/btree/bt_cursor.c:1360
|
#3 0x7f4290f1c861 in __curfile_modify ../src/cursor/cur_file.c:333
|
#4 0x7f42915f50f7 in __wt_cursor__modify /home/mjc/wt/src/wiredtiger-git/lang/python/wiredtiger_wrap.c:3574
|
#5 0x7f42915f50f7 in _wrap_Cursor_modify /home/mjc/wt/src/wiredtiger-git/lang/python/wiredtiger_wrap.c:5274
|
#6 0x7f429dd51c47 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x169c47)
|
#7 0x7f429dd50b18 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x168b18)
|
#8 0x7f429dd50b18 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x168b18)
|
#9 0x7f429dd53197 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x16b197)
|
#10 0x7f429dc9f036 (/lib64/libpython2.7.so.1.0+0xb7036)
|
#11 0x7f429dc89342 in PyObject_Call (/lib64/libpython2.7.so.1.0+0xa1342)
|
#12 0x7f429dd4e97e in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x16697e)
|
#13 0x7f429dd53197 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x16b197)
|
#14 0x7f429dc9ee9d (/lib64/libpython2.7.so.1.0+0xb6e9d)
|
#15 0x7f429dc89342 in PyObject_Call (/lib64/libpython2.7.so.1.0+0xa1342)
|
#16 0x7f429dc91e1d (/lib64/libpython2.7.so.1.0+0xa9e1d)
|
#17 0x7f429dc89342 in PyObject_Call (/lib64/libpython2.7.so.1.0+0xa1342)
|
#18 0x7f429dd3618a (/lib64/libpython2.7.so.1.0+0x14e18a)
|
#19 0x7f429dc89342 in PyObject_Call (/lib64/libpython2.7.so.1.0+0xa1342)
|
#20 0x7f429dd4e1b1 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x1661b1)
|
#21 0x7f429dd53197 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x16b197)
|
#22 0x7f429dd50192 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x168192)
|
#23 0x7f429dd53197 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x16b197)
|
#24 0x7f429dd50192 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x168192)
|
#25 0x7f429dd53197 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x16b197)
|
#26 0x7f429dc9f036 (/lib64/libpython2.7.so.1.0+0xb7036)
|
#27 0x7f429dc89342 in PyObject_Call (/lib64/libpython2.7.so.1.0+0xa1342)
|
#28 0x7f429dd4e97e in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x16697e)
|
#29 0x7f429dd53197 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x16b197)
|
#30 0x7f429dc9ee9d (/lib64/libpython2.7.so.1.0+0xb6e9d)
|
#31 0x7f429dc89342 in PyObject_Call (/lib64/libpython2.7.so.1.0+0xa1342)
|
#32 0x7f429dc91e1d (/lib64/libpython2.7.so.1.0+0xa9e1d)
|
#33 0x7f429dc89342 in PyObject_Call (/lib64/libpython2.7.so.1.0+0xa1342)
|
#34 0x7f429dd3618a (/lib64/libpython2.7.so.1.0+0x14e18a)
|
#35 0x7f429dc89342 in PyObject_Call (/lib64/libpython2.7.so.1.0+0xa1342)
|
#36 0x7f429dd4e1b1 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x1661b1)
|
#37 0x7f429dd50b18 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x168b18)
|
#38 0x7f429dd50b18 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x168b18)
|
#39 0x7f429dd53197 in PyEval_EvalCodeEx (/lib64/libpython2.7.so.1.0+0x16b197)
|
#40 0x7f429dd533a8 in PyEval_EvalCode (/lib64/libpython2.7.so.1.0+0x16b3a8)
|
#41 0x7f429dd5939e (/lib64/libpython2.7.so.1.0+0x17139e)
|
#42 0x7f429dd59349 in PyRun_FileExFlags (/lib64/libpython2.7.so.1.0+0x171349)
|
#43 0x7f429dd5923d in PyRun_SimpleFileExFlags (/lib64/libpython2.7.so.1.0+0x17123d)
|
#44 0x7f429dd5f518 in Py_Main (/lib64/libpython2.7.so.1.0+0x177518)
|
#45 0x7f429cef7889 in __libc_start_main (/lib64/libc.so.6+0x20889)
|
#46 0x564ae42c4779 in _start (/usr/bin/python2.7+0x779)
|
|
0x6020001ffc1c is located 0 bytes to the right of 12-byte region [0x6020001ffc10,0x6020001ffc1c)
|
allocated by thread T0 here:
|
#0 0x7f429e10ac40 in realloc (/usr/lib64/libasan.so.4+0xdec40)
|
#1 0x7f42910ce1dd in __realloc_func ../src/os_common/os_alloc.c:130
|
#2 0x7f42910ce330 in __wt_realloc_noclear ../src/os_common/os_alloc.c:171
|
#3 0x7f429121073a in __wt_buf_grow_worker ../src/support/scratch.c:49
|
#4 0x7f429120a3af in __wt_buf_grow ../src/include/buf.i:18
|
#5 0x7f4291208ffc in __modify_apply_one ../src/support/modify.c:84
|
#6 0x7f4291208bee in __wt_modify_apply_api ../src/support/modify.c:188
|
#7 0x7f4290d1ea8b in __wt_btcur_modify ../src/btree/bt_cursor.c:1360
|
#8 0x7f4290f1c861 in __curfile_modify ../src/cursor/cur_file.c:333
|
#9 0x7f42915f50f7 in __wt_cursor__modify /home/mjc/wt/src/wiredtiger-git/lang/python/wiredtiger_wrap.c:3574
|
#10 0x7f42915f50f7 in _wrap_Cursor_modify /home/mjc/wt/src/wiredtiger-git/lang/python/wiredtiger_wrap.c:5274
|
#11 0x7f429dd51c47 in PyEval_EvalFrameEx (/lib64/libpython2.7.so.1.0+0x169c47)
|
|
SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/support/modify.c:116 in __modify_apply_one
|
Shadow bytes around the buggy address:
|
0x0c0480037f30: fa fa fd fd fa fa 07 fa fa fa fd fa fa fa fd fa
|
0x0c0480037f40: fa fa fd fa fa fa fd fd fa fa fd fa fa fa fd fd
|
0x0c0480037f50: fa fa 00 03 fa fa 00 05 fa fa fd fd fa fa 00 00
|
0x0c0480037f60: fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fa
|
0x0c0480037f70: fa fa fd fd fa fa fd fa fa fa fd fa fa fa 02 fa
|
=>0x0c0480037f80: fa fa 00[04]fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c0480037f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c0480037fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c0480037fb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c0480037fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c0480037fd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==11207==ABORTING
|