MantisBT
Mantis Bug Tracker Workflow

View Issue Details Jump to Notes ] Related Changesets ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0030980Open CASCADE[OCCT] OCCT:Data Exchangepublic2019-09-19 06:162019-09-22 11:41
Reporterabv 
Assigned Tobugmaster 
PrioritynormalSeverityminor 
StatusverifiedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version[OCCT] 7.4.0Fixed in Version 
Summary0030980: Data Exchange - global-buffer-overflow reported by Clang address sanitizer in iges_newchar()
DescriptionWhen running OCCT built on Linux with Clang with option -fsanitize=address, the following error is reported on test bugs fclasses bug22125 and some others:

igesbrep /mnt/d/ABV/OCCT/occt_tests_data/private/unsorted/iges/bug22125_Part1_badname.igs a *
=================================================================
==31461==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f6cc692e6ef at pc 0x7f6cc66b6830 bp 0x7ffd15af01d0 sp 0x7ffd15af01c8

READ of size 1 at 0x7f6cc692e6ef thread T0
    # 0 0x7f6cc66b682f in iges_newchar /home/abv/occt/src/IGESFile/structiges.c:105:50
    # 1 0x7f6cc66b70d9 in iges_addparam /home/abv/occt/src/IGESFile/structiges.c:226:12
    # 2 0x7f6cc66b2270 in iges_param /home/abv/occt/src/IGESFile/analiges.c:163:7
    # 3 0x7f6cc66b55bf in igesread /home/abv/occt/src/IGESFile/igesread.c:106:9
    # 4 0x7f6cc66b2f74 in IGESFile_Read(char*, opencascade::handle const&, opencascade::handle const&, opencascade::handle const&, bool) /home/abv/occt/src/IGESFile/IGESFile_Read.cxx:101:16
    # 5 0x7f6cc66b2cab in IGESFile_Read(char*, opencascade::handle const&, opencascade::handle const&) /home/abv/occt/src/IGESFile/IGESFile_Read.cxx:67:10
    # 6 0x7f6cc687f4d8 in IGESSelect_WorkLibrary::ReadFile(char const*, opencascade::handle&, opencascade::handle const&) const /home/abv/occt/src/IGESSelect/IGESSelect_WorkLibrary.cxx:85:29
    # 7 0x7f6cc4300a18 in IFSelect_WorkSession::ReadFile(char const*) /home/abv/occt/src/IFSelect/IFSelect_WorkSession.cxx:219:41
    # 8 0x7f6cc4339953 in XSControl_Reader::ReadFile(char const*) /home/abv/occt/src/XSControl/XSControl_Reader.cxx:128:44
    # 9 0x7f6cc79f0a57 in igesbrep(Draw_Interpretor&, int, char const**) /home/abv/occt/src/XSDRAWIGES/XSDRAWIGES.cxx:137:33
    # 10 0x7f6cda256349 in Draw_Interpretor::CallBackDataFunc::Invoke(Draw_Interpretor&, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.hxx:81:31
    # 11 0x7f6cda263b7d in CommandCmd(void*, Tcl_Interp*, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:154:40
    # 12 0x7f6cd4618b95 in TclInvokeStringCommand (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x38b95)
    # 13 0x7f6cd461afa6 in TclNRRunCallbacks (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x3afa6)
    # 14 0x7f6cd46b987a in Tcl_RecordAndEvalObj (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd987a)
    # 15 0x7f6cd46b9756 in Tcl_RecordAndEval (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd9756)
    # 16 0x7f6cda2650bf in Draw_Interpretor::RecordAndEval(char const*, int) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:496:10
    # 17 0x7f6cda24bdad in Draw_Interprete(char const*) /home/abv/occt/src/Draw/Draw.cxx:608:19
    # 18 0x7f6cda24cb90 in interpreteTclCommand(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:110:5
    # 19 0x7f6cda24a37b in ReadInitFile(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:121:3
    # 20 0x7f6cda249973 in Draw_Appli(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw.cxx:497:5
    # 21 0x7f6cda266328 in Draw_Main(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw_Main.cxx:113:3
    # 22 0x51aaef in main /home/abv/occt/src/DRAWEXE/DRAWEXE.cxx:33:1
    # 23 0x7f6cd304482f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    # 24 0x41aac8 in _start (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x41aac8)

0x7f6cc692e6ef is located 46 bytes to the right of global variable '' defined in '/home/abv/occt/src/IGESFile/structiges.c:226:25' (0x7f6cc692e6c0) of size 1
  '' is ascii string ''
SUMMARY: AddressSanitizer: global-buffer-overflow /home/abv/occt/src/IGESFile/structiges.c:105:50 in iges_newchar
Shadow bytes around the buggy address:
  0x0fee18d1dc80: f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0fee18d1dc90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fee18d1dca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fee18d1dcb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fee18d1dcc0: 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
=>0x0fee18d1dcd0: 00 00 00 00 00 00 00 00 01 f9 f9 f9 f9[f9]f9 f9
  0x0fee18d1dce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fee18d1dcf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fee18d1dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fee18d1dd10: 00 00 00 03 f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9
  0x0fee18d1dd20: 00 00 04 f9 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
  Left alloca redzone: ca
  Right alloca redzone: cb
==31461==ABORTING
Steps To ReproduceBuild on Linux with CLang with -fsanitize=address, then run test bugs fclasses bug22125
TagsNo tags attached.
Test case numberNot required
Attached Files

- Relationships
child of 0030557newkgv Coding - eliminate errors reported by -fsanitize 

-  Notes
(0087285)
git (administrator)
2019-09-19 07:10

Branch CR30980 has been created by abv.

SHA-1: a5a19a055220e66799b3745761b8c4d71a46a7e1


Detailed log of new commits:

Author: abv
Date: Thu Sep 19 07:07:13 2019 +0300

    0030980: Data Exchange - global-buffer-overflow reported by Clang address sanitizer in iges_newchar()
    
    Avoid unnecessary copying of characters with zero-length string literal as source
(0087298)
git (administrator)
2019-09-19 12:40

Branch CR30980 has been updated forcibly by abv.

SHA-1: e513ee41acaa543a396d0476412a60af39a93959
(0087305)
abv (manager)
2019-09-19 14:46

Fix is pushed to CR30980 and tested, see Jenkins job CR30980-abv; please review
(0087314)
gka (developer)
2019-09-19 16:28

Branch CR30980 was reviewed
(0087336)
bugmaster (administrator)
2019-09-20 07:52

Combination -
OCCT branch : WEEK-38
master SHA - 3561f506c83b672cc3e06b77029aafca8d91d5d9
5f5b1aed1c6e139bbd34314eca77ae7abcd8895c
Products branch : WEEK-38 SHA - 408582119deba96d291df52766ca720a3059ce71
was compiled on Linux, MacOS and Windows platforms and tested in optimize mode.

Number of compiler warnings:
No new/fixed warnings

Regressions/Differences/Improvements:
No regressions/differences

CPU differences:
Debian80-64:
OCCT
Total CPU difference: 16813.57000000016 / 16822.810000000067 [-0.05%]
Products
Total CPU difference: 10542.720000000027 / 10555.120000000048 [-0.12%]
Windows-64-VC14:
OCCT
Total CPU difference: 18271.390625 / 18222.765625 [+0.27%]
Products
Total CPU difference: 12493.84375 / 12438.984375 [+0.44%]


Image differences :
No differences that require special attention

Memory differences :
No differences that require special attention
(0087424)
git (administrator)
2019-09-22 11:41

Branch CR30980 has been deleted by inv.

SHA-1: e513ee41acaa543a396d0476412a60af39a93959

- Related Changesets
occt: master 25093c3f
Timestamp: 2019-09-19 04:07:13
Author: abv
Committer: bugmaster
Details ] Diff ]
0030980: Data Exchange - global-buffer-overflow reported by Clang address sanitizer in iges_newchar()

Avoid unnecessary copying of characters with zero-length string literal as source
mod - src/IGESFile/structiges.c Diff ] File ]

- Issue History
Date Modified Username Field Change
2019-09-19 06:16 abv New Issue
2019-09-19 06:16 abv Assigned To => gka
2019-09-19 07:10 git Note Added: 0087285
2019-09-19 07:15 abv Relationship added child of 0030557
2019-09-19 12:40 git Note Added: 0087298
2019-09-19 14:45 abv Status new => resolved
2019-09-19 14:45 abv Steps to Reproduce Updated View Revisions
2019-09-19 14:46 abv Note Added: 0087305
2019-09-19 14:47 abv Description Updated View Revisions
2019-09-19 16:23 abv Target Version 7.5.0* => 7.4.0
2019-09-19 16:28 gka Note Added: 0087314
2019-09-19 16:28 gka Assigned To gka => bugmaster
2019-09-19 16:28 gka Status resolved => reviewed
2019-09-20 07:52 bugmaster Test case number => Not required
2019-09-20 07:52 bugmaster Note Added: 0087336
2019-09-20 07:52 bugmaster Status reviewed => tested
2019-09-21 18:13 bugmaster Changeset attached => occt master 25093c3f
2019-09-21 18:13 bugmaster Status tested => verified
2019-09-21 18:13 bugmaster Resolution open => fixed
2019-09-22 11:41 git Note Added: 0087424


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker