View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0030207CommunityOCCT:Codingpublic2018-10-05 23:362018-10-14 13:56
Reportergalbramc Assigned Toapn  
PrioritynormalSeveritycrash 
Status closedResolutionfixed 
Product Version7.3.0 
Target Version7.4.0Fixed in Version7.4.0 
Summary0030207: ChFi3d_KParticular stack-use-after-scope
DescriptionRunning OCC with the llvm sanitizer I get the following error:

=================================================================
==601==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffd16140748 at pc 0x7f51f34051b4 bp 0x7ffd161405f0 sp 0x7ffd161405e8
READ of size 8 at 0x7ffd16140748 thread T0
    #0 0x7f51f34051b3 in gp_XYZ::Dot(gp_XYZ const&) const opencascade-7.3/src/gp/gp_XYZ.lxx:160
    0000001 0x7f51f34051b3 in gp_Dir::Angle(gp_Dir const&) const opencascade-7.3/src/gp/gp_Dir.cxx:36
    0000002 0x7f51eef658b3 in gp_Dir::IsParallel(gp_Dir const&, double) const opencascade-7.3/src/gp/gp_Dir.lxx:175
    #3 0x7f51eef658b3 in ChFi3d_KParticular(opencascade::handle<ChFiDS_Spine> const&, int, BRepAdaptor_Surface const&, BRepAdaptor_Surface const&) opencascade-7.3/src/ChFi3d/ChFi3d_Builder_0.cxx:547
    #4 0x7f51eefd9c32 in ChFi3d_Builder::PerformSetOfKPart(opencascade::handle<ChFiDS_Stripe>&, bool) opencascade-7.3/src/ChFi3d/ChFi3d_Builder_2.cxx:2342
    #5 0x7f51ef0002fd in ChFi3d_Builder::PerformSetOfSurf(opencascade::handle<ChFiDS_Stripe>&, bool) opencascade-7.3/src/ChFi3d/ChFi3d_Builder_2.cxx:2968
    #6 0x7f51eef55eef in ChFi3d_Builder::Compute() opencascade-7.3/src/ChFi3d/ChFi3d_Builder.cxx:264
    0000007 0x7f51ef4732ec in BRepFilletAPI_MakeChamfer::Build() opencascade-7.3/src/BRepFilletAPI/BRepFilletAPI_MakeChamfer.cxx:389

The problem is on line 547 of ChFi3d_Builder_0.cxx:

const gp_Dir& aD1=aS1.Plane().Axis().Direction();

Here, aS1.Plane(), which is,

gp_Pln BRepAdaptor_Surface::Plane()const
{
  return mySurf.Plane().Transformed(myTrsf);
}

returns a temporary object of the type gp_Pln. As a result const gp_Dir& aD1 references a temporary object. The functions calls to aS2.Cylinder() and aS2.Cone() have the same problem in ChFi3d_KParticular.

The following patch resolves the issue:

Index: src/ChFi3d/ChFi3d_Builder_0.cxx
===================================================================
--- src/ChFi3d/ChFi3d_Builder_0.cxx (revision 1)
+++ src/ChFi3d/ChFi3d_Builder_0.cxx (working copy)
@@ -538,8 +538,8 @@
     }
   }
   else if (aST2==GeomAbs_Cylinder) {
- const gp_Dir& aD1=aS1.Plane().Axis().Direction();
- const gp_Dir& aD2=aS2.Cylinder().Axis().Direction();
+ const gp_Dir aD1=aS1.Plane().Axis().Direction();
+ const gp_Dir aD2=aS2.Cylinder().Axis().Direction();
     //
     if (aCT==GeomAbs_Line && aD1.IsNormal(aD2, aPA)) {
       return bRet;
@@ -549,8 +549,8 @@
     }
   }
   else if(aST2==GeomAbs_Cone) {
- const gp_Dir& aD1=aS1.Plane().Axis().Direction();
- const gp_Dir& aD2=aS2.Cone().Axis().Direction();
+ const gp_Dir aD1=aS1.Plane().Axis().Direction();
+ const gp_Dir aD2=aS2.Cone().Axis().Direction();
     if (aCT == GeomAbs_Circle && aD1.IsParallel(aD2, aPA)) {
       return bRet;
     }

Steps To ReproduceCompile OCCT 7.3 using gcc 4.9 or newer, or the clang compiler, with the flags "-g -fsanitize=address -fno-omit-frame-pointer". If you have a link error you might need to add -fuse-ld=gold. Then run any test cases that call BRepFilletAPI_MakeChamfer. I can generate some .brep files if needed.

New test case is not needed. However, the following script calls the described fragment.
### SCRIPT ###

pload ALL
pcylinder cy 100 500

explode cy f
explode cy_1 e

chamf cf cy cy_1_3 cy_1 S 10
TagsNo tags attached.
Test case numberNot needed

Relationships

related to 0029997 closedbugmaster Open CASCADE Coding Rules - eliminate GCC compiler warnings -Wmaybe-uninitialized in Select3D_InteriorSensitivePointSet.cxx 
related to 0029927 closedbugmaster Open CASCADE Coding Rules - eliminate GCC compiler warnings -Wmaybe-uninitialized in BRepApprox 

Activities

git

2018-10-08 12:13

administrator   ~0079783

Branch CR30207 has been created by nbv.

SHA-1: f35fe767fdc0bb72c3b270eda0fb8167aa98555a


Detailed log of new commits:

Author: nbv
Date: Mon Oct 8 12:12:07 2018 +0300

    0030207: ChFi3d_KParticular stack-use-after-scope
    
    References to temporary objects have been eliminated.

nbv

2018-10-08 15:10

developer   ~0079789

Dear Mikhail,

Please review the current state of the branch CR30207.

Test results are here: http://jenkins-test-12.nnov.opencascade.com/view/CR30207-master_NBV/.

msv

2018-10-08 15:17

developer   ~0079791

Reviewed.

bugmaster

2018-10-08 16:21

administrator   ~0079794

Combination -
OCCT branch : CR30207 SHA - f35fe767fdc0bb72c3b270eda0fb8167aa98555a
Products branch : master SHA - fa672296ba29ad12e59ba21c0c612c412b808a5d
was compiled on Linux, MacOS and Windows platforms and tested in optimize mode.

Number of compiler warnings:
No new/fixed warnings

Regressions/Differences/Improvements:
No regressions/differences

CPU differences:
Debian80-64:
OCCT
Total CPU difference: 17369.85999999986 / 17385.999999999854 [-0.09%]
Products
Total CPU difference: 7433.980000000049 / 7445.680000000064 [-0.16%]
Windows-64-VC14:
OCCT
Total CPU difference: 17425.70170249843 / 17457.853508598404 [-0.18%]
Products
Total CPU difference: 8367.659638499994 / 8343.292282299992 [+0.29%]


Image differences :
No differences that require special attention

Memory differences :
No differences that require special attention

git

2018-10-14 13:56

administrator   ~0079936

Branch CR30207 has been deleted by inv.

SHA-1: f35fe767fdc0bb72c3b270eda0fb8167aa98555a

Related Changesets

occt: master f67d7efd

2018-10-08 09:12:07

nbv


Committer: apn Details Diff		 0030207: ChFi3d_KParticular stack-use-after-scope

References to temporary objects have been eliminated.		 Affected Issues
0030207
mod - src/ChFi3d/ChFi3d_Builder_0.cxx Diff File

Issue History

Date Modified Username Field Change
2018-10-05 23:36 galbramc New Issue
2018-10-05 23:36 galbramc Assigned To => msv
2018-10-08 10:20 msv Assigned To msv => nbv
2018-10-08 10:20 msv Status new => assigned
2018-10-08 10:20 msv Target Version => 7.4.0
2018-10-08 11:45 nbv Steps to Reproduce Updated
2018-10-08 11:51 nbv Category OCCT:Modeling Algorithms => OCCT:Coding
2018-10-08 11:52 nbv Steps to Reproduce Updated
2018-10-08 12:13 git Note Added: 0079783
2018-10-08 12:15 kgv Relationship added related to 0029997
2018-10-08 12:16 kgv Relationship added related to 0029927
2018-10-08 15:10 nbv Note Added: 0079789
2018-10-08 15:10 nbv Assigned To nbv => msv
2018-10-08 15:10 nbv Status assigned => resolved
2018-10-08 15:17 msv Note Added: 0079791
2018-10-08 15:17 msv Assigned To msv => bugmaster
2018-10-08 15:17 msv Status resolved => reviewed
2018-10-08 16:12 bugmaster Test case number => Not needed
2018-10-08 16:21 bugmaster Note Added: 0079794
2018-10-08 16:21 bugmaster Status reviewed => tested
2018-10-13 16:01 apn Changeset attached => occt master f67d7efd
2018-10-13 16:01 apn Assigned To bugmaster => apn
2018-10-13 16:01 apn Status tested => verified
2018-10-13 16:01 apn Resolution open => fixed
2018-10-14 13:56 git Note Added: 0079936