View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0030985Open CASCADEOCCT:Modeling Algorithmspublic2019-09-20 07:562019-09-29 12:36
ReporterabvAssigned Tobugmaster  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Target Version7.4.0Fixed in Version7.4.0 
Summary0030985: Modeling Algorithms - heap-use-after-free reported by Clang address sanitizer in TopOpeBRepTool_REGUW::InitBlock()
DescriptionWhen running OCCT built on Linux with Clang with option -fsanitize=address, error heap-use-after-free is reported on test bugs modalg_7 bug22886:

common result2 solid1 solid2
=================================================================
==12007==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300070c278 at pc 0x7f7bc3e8127e bp 0x7ffeb581b1a0 sp 0x7ffeb581b198

READ of size 8 at 0x60300070c278 thread T0
    #0 0x7f7bc3e8127d in opencascade::handle::get() const /home/abv/occt/src/Standard/Standard_Handle.hxx:127:51
    0000001 0x7f7bc154fd64 in TopoDS_Shape::HashCode(int) const /home/abv/occt/src/TopoDS/TopoDS_Shape.cxx:32:53
    0000002 0x7f7bc3e811a8 in TopTools_ShapeMapHasher::HashCode(TopoDS_Shape const&, int) /home/abv/occt/src/TopTools/TopTools_ShapeMapHasher.lxx:26:19
    #3 0x7f7bc34c963e in NCollection_Map::Remove(TopoDS_Shape const&) /home/abv/occt/src/NCollection/NCollection_Map.hxx:261:26
    #4 0x7f7bb3e69e96 in TopOpeBRepTool_REGUW::InitBlock() /home/abv/occt/src/TopOpeBRepTool/TopOpeBRepTool_REGUW.cxx:451:22
    #5 0x7f7bb3e6c2af in TopOpeBRepTool_REGUW::REGU(int, TopoDS_Shape const&, NCollection_List&) /home/abv/occt/src/TopOpeBRepTool/TopOpeBRepTool_REGUW.cxx:752:29
    #6 0x7f7bb3e6cac3 in TopOpeBRepTool_REGUW::REGU() /home/abv/occt/src/TopOpeBRepTool/TopOpeBRepTool_REGUW.cxx:862:51
    0000007 0x7f7bb3e624f7 in TopOpeBRepTool::RegularizeWires(TopoDS_Face const&, NCollection_DataMap, TopTools_ShapeMapHasher>&, NCollection_DataMap, TopTools_ShapeMapHasher>&) /home/abv/occt/src/TopOpeBRepTool/TopOpeBRepTool_RegularizeW.cxx:100:16
    0000008 0x7f7bb3dc09c2 in TopOpeBRepBuild_Builder::RegularizeFace(TopoDS_Shape const&, TopoDS_Shape const&, NCollection_List&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_FREGU.cxx:205:8
    0000009 0x7f7bb3dc01c2 in TopOpeBRepBuild_Builder::RegularizeFaces(TopoDS_Shape const&, NCollection_List const&, NCollection_List&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_FREGU.cxx:80:5
    #10 0x7f7bb3dfc7f5 in TopOpeBRepBuild_Builder::GWESMakeFaces(TopoDS_Shape const&, TopOpeBRepBuild_WireEdgeSet&, NCollection_List&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_makefaces.cxx:248:32
    0000011 0x7f7bb3d92984 in TopOpeBRepBuild_Builder1::GWESMakeFaces(TopoDS_Shape const&, TopOpeBRepBuild_WireEdgeSet&, NCollection_List&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:1201:28
    #12 0x7f7bb3d8b5a4 in TopOpeBRepBuild_Builder1::GFillFaceNotSameDomSFS(TopoDS_Shape const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&, TopOpeBRepBuild_ShellFaceSet&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:350:3
    0000013 0x7f7bb3d8a5ae in TopOpeBRepBuild_Builder1::GFillShellSFS(TopoDS_Shape const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&, TopOpeBRepBuild_ShellFaceSet&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:299:5
    0000014 0x7f7bb3d89eff in TopOpeBRepBuild_Builder1::GFillSolidSFS(TopoDS_Shape const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&, TopOpeBRepBuild_ShellFaceSet&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:243:7
    0000015 0x7f7bb3dd839d in TopOpeBRepBuild_Builder::GFillSolidsSFS(NCollection_List const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&, TopOpeBRepBuild_ShellFaceSet&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_GridSS.cxx:334:18
    0000016 0x7f7bb3dd7c51 in TopOpeBRepBuild_Builder::GMergeSolids(NCollection_List const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_GridSS.cxx:268:3
    0000017 0x7f7bb3debea0 in TopOpeBRepBuild_Builder::MergeKPartissoso() /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_KPart.cxx:926:5
    0000018 0x7f7bb3d89b35 in TopOpeBRepBuild_Builder1::MergeKPart() /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:182:5
    0000019 0x7f7bb3de89ec in TopOpeBRepBuild_Builder::MergeKPart(TopAbs_State, TopAbs_State) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_KPart.cxx:186:3
    0000020 0x7f7bb3d89a38 in TopOpeBRepBuild_Builder1::MergeKPart(TopAbs_State, TopAbs_State) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:160:28
    0000021 0x7f7bb3de6afd in TopOpeBRepBuild_HBuilder::MergeKPart(TopAbs_State, TopAbs_State) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_HBuilder.cxx:685:23
    0000022 0x7f7bb3ea2ec3 in BRepAlgo_BooleanOperation::Perform(TopAbs_State, TopAbs_State) /home/abv/occt/src/BRepAlgo/BRepAlgo_BooleanOperation.cxx:194:17
    0000023 0x7f7bb3ea77d8 in BRepAlgo_Common::BRepAlgo_Common(TopoDS_Shape const&, TopoDS_Shape const&) /home/abv/occt/src/BRepAlgo/BRepAlgo_Common.cxx:33:3
    0000024 0x7f7bb5e6b755 in topop(Draw_Interpretor&, int, char const**) /home/abv/occt/src/BRepTest/BRepTest_TopologyCommands.cxx:68:11
    0000025 0x7f7bc3e43349 in Draw_Interpretor::CallBackDataFunc::Invoke(Draw_Interpretor&, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.hxx:81:31
    #26 0x7f7bc3e50b7d in CommandCmd(void*, Tcl_Interp*, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:154:40
    #27 0x7f7bbe205b95 in TclInvokeStringCommand (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x38b95)
    #28 0x7f7bbe207fa6 in TclNRRunCallbacks (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x3afa6)
    0000029 0x7f7bbe2a687a in Tcl_RecordAndEvalObj (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd987a)
    #30 0x7f7bbe2a6756 in Tcl_RecordAndEval (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd9756)
    #31 0x7f7bc3e520bf in Draw_Interpretor::RecordAndEval(char const*, int) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:496:10
    #32 0x7f7bc3e38dad in Draw_Interprete(char const*) /home/abv/occt/src/Draw/Draw.cxx:608:19
    0000033 0x7f7bc3e39b90 in interpreteTclCommand(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:110:5
    0000034 0x7f7bc3e3737b in ReadInitFile(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:121:3
    0000035 0x7f7bc3e36973 in Draw_Appli(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw.cxx:497:5
    #36 0x7f7bc3e53328 in Draw_Main(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw_Main.cxx:113:3
    #37 0x51aaef in main /home/abv/occt/src/DRAWEXE/DRAWEXE.cxx:33:1
    #38 0x7f7bbcc3182f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    #39 0x41aac8 in _start (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x41aac8)

0x60300070c278 is located 8 bytes inside of 32-byte region [0x60300070c270,0x60300070c290)
freed by thread T0 here:
    #0 0x4deb18 in __interceptor_cfree.localalias.0 (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x4deb18)
    0000001 0x7f7bbf7cafdb in Standard_MMgrRaw::Free(void*) /home/abv/occt/src/Standard/Standard_MMgrRaw.cxx:55:3
    0000002 0x7f7bbf7c293c in Standard::Free(void*) /home/abv/occt/src/Standard/Standard.cxx:250:36
    #3 0x7f7bbf820430 in NCollection_BaseAllocator::Free(void*) /home/abv/occt/src/NCollection/NCollection_BaseAllocator.cxx:46:18
    #4 0x7f7bc3e806ec in NCollection_TListNode::delNode(NCollection_ListNode*, opencascade::handle&) /home/abv/occt/src/NCollection/NCollection_TListNode.hxx:43:12
    #5 0x7f7bbf824a55 in NCollection_BaseList::PRemoveFirst(void (*)(NCollection_ListNode*, opencascade::handle&)) /home/abv/occt/src/NCollection/NCollection_BaseList.cxx:122:3
    #6 0x7f7bbf824c69 in NCollection_BaseList::PRemove(NCollection_BaseList::Iterator&, void (*)(NCollection_ListNode*, opencascade::handle&)) /home/abv/occt/src/NCollection/NCollection_BaseList.cxx:139:5
    0000007 0x7f7bc3515ddf in NCollection_List::Remove(NCollection_TListIterator&) /home/abv/occt/src/NCollection/NCollection_List.hxx:203:5
    0000008 0x7f7bb3e69e8b in TopOpeBRepTool_REGUW::InitBlock() /home/abv/occt/src/TopOpeBRepTool/TopOpeBRepTool_REGUW.cxx:450:23
    0000009 0x7f7bb3e6c2af in TopOpeBRepTool_REGUW::REGU(int, TopoDS_Shape const&, NCollection_List&) /home/abv/occt/src/TopOpeBRepTool/TopOpeBRepTool_REGUW.cxx:752:29
    #10 0x7f7bb3e6cac3 in TopOpeBRepTool_REGUW::REGU() /home/abv/occt/src/TopOpeBRepTool/TopOpeBRepTool_REGUW.cxx:862:51
    0000011 0x7f7bb3e624f7 in TopOpeBRepTool::RegularizeWires(TopoDS_Face const&, NCollection_DataMap, TopTools_ShapeMapHasher>&, NCollection_DataMap, TopTools_ShapeMapHasher>&) /home/abv/occt/src/TopOpeBRepTool/TopOpeBRepTool_RegularizeW.cxx:100:16
    #12 0x7f7bb3dc09c2 in TopOpeBRepBuild_Builder::RegularizeFace(TopoDS_Shape const&, TopoDS_Shape const&, NCollection_List&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_FREGU.cxx:205:8
    0000013 0x7f7bb3dc01c2 in TopOpeBRepBuild_Builder::RegularizeFaces(TopoDS_Shape const&, NCollection_List const&, NCollection_List&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_FREGU.cxx:80:5
    0000014 0x7f7bb3dfc7f5 in TopOpeBRepBuild_Builder::GWESMakeFaces(TopoDS_Shape const&, TopOpeBRepBuild_WireEdgeSet&, NCollection_List&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_makefaces.cxx:248:32
    0000015 0x7f7bb3d92984 in TopOpeBRepBuild_Builder1::GWESMakeFaces(TopoDS_Shape const&, TopOpeBRepBuild_WireEdgeSet&, NCollection_List&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:1201:28
    0000016 0x7f7bb3d8b5a4 in TopOpeBRepBuild_Builder1::GFillFaceNotSameDomSFS(TopoDS_Shape const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&, TopOpeBRepBuild_ShellFaceSet&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:350:3
    0000017 0x7f7bb3d8a5ae in TopOpeBRepBuild_Builder1::GFillShellSFS(TopoDS_Shape const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&, TopOpeBRepBuild_ShellFaceSet&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:299:5
    0000018 0x7f7bb3d89eff in TopOpeBRepBuild_Builder1::GFillSolidSFS(TopoDS_Shape const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&, TopOpeBRepBuild_ShellFaceSet&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:243:7
    0000019 0x7f7bb3dd839d in TopOpeBRepBuild_Builder::GFillSolidsSFS(NCollection_List const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&, TopOpeBRepBuild_ShellFaceSet&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_GridSS.cxx:334:18
    0000020 0x7f7bb3dd7c51 in TopOpeBRepBuild_Builder::GMergeSolids(NCollection_List const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_GridSS.cxx:268:3
    0000021 0x7f7bb3debea0 in TopOpeBRepBuild_Builder::MergeKPartissoso() /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_KPart.cxx:926:5
    0000022 0x7f7bb3d89b35 in TopOpeBRepBuild_Builder1::MergeKPart() /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:182:5
    0000023 0x7f7bb3de89ec in TopOpeBRepBuild_Builder::MergeKPart(TopAbs_State, TopAbs_State) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_KPart.cxx:186:3
    0000024 0x7f7bb3d89a38 in TopOpeBRepBuild_Builder1::MergeKPart(TopAbs_State, TopAbs_State) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:160:28
    0000025 0x7f7bb3de6afd in TopOpeBRepBuild_HBuilder::MergeKPart(TopAbs_State, TopAbs_State) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_HBuilder.cxx:685:23
    #26 0x7f7bb3ea2ec3 in BRepAlgo_BooleanOperation::Perform(TopAbs_State, TopAbs_State) /home/abv/occt/src/BRepAlgo/BRepAlgo_BooleanOperation.cxx:194:17
    #27 0x7f7bb3ea77d8 in BRepAlgo_Common::BRepAlgo_Common(TopoDS_Shape const&, TopoDS_Shape const&) /home/abv/occt/src/BRepAlgo/BRepAlgo_Common.cxx:33:3
    #28 0x7f7bb5e6b755 in topop(Draw_Interpretor&, int, char const**) /home/abv/occt/src/BRepTest/BRepTest_TopologyCommands.cxx:68:11
    0000029 0x7f7bc3e43349 in Draw_Interpretor::CallBackDataFunc::Invoke(Draw_Interpretor&, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.hxx:81:31

previously allocated by thread T0 here:
    #0 0x4deef0 in calloc (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x4deef0)
    0000001 0x7f7bbf7caf58 in Standard_MMgrRaw::Allocate(unsigned long) /home/abv/occt/src/Standard/Standard_MMgrRaw.cxx:41:39
    0000002 0x7f7bbf7c28dc in Standard::Allocate(unsigned long) /home/abv/occt/src/Standard/Standard.cxx:240:43
    #3 0x7f7bbf82041b in NCollection_BaseAllocator::Allocate(unsigned long) /home/abv/occt/src/NCollection/NCollection_BaseAllocator.cxx:36:10
    #4 0x7f7bc3e3bf6f in NCollection_ListNode::operator new(unsigned long, opencascade::handle const&) /home/abv/occt/src/NCollection/NCollection_ListNode.hxx:30:3
    #5 0x7f7bc34476e1 in NCollection_List::Append(TopoDS_Shape const&) /home/abv/occt/src/NCollection/NCollection_List.hxx:134:23
    #6 0x7f7bb3e69a07 in TopOpeBRepTool_REGUW::MapS() /home/abv/occt/src/TopOpeBRepTool/TopOpeBRepTool_REGUW.cxx:391:25
    0000007 0x7f7bb3e624df in TopOpeBRepTool::RegularizeWires(TopoDS_Face const&, NCollection_DataMap, TopTools_ShapeMapHasher>&, NCollection_DataMap, TopTools_ShapeMapHasher>&) /home/abv/occt/src/TopOpeBRepTool/TopOpeBRepTool_RegularizeW.cxx:96:33
    0000008 0x7f7bb3dc09c2 in TopOpeBRepBuild_Builder::RegularizeFace(TopoDS_Shape const&, TopoDS_Shape const&, NCollection_List&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_FREGU.cxx:205:8
    0000009 0x7f7bb3dc01c2 in TopOpeBRepBuild_Builder::RegularizeFaces(TopoDS_Shape const&, NCollection_List const&, NCollection_List&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_FREGU.cxx:80:5
    #10 0x7f7bb3dfc7f5 in TopOpeBRepBuild_Builder::GWESMakeFaces(TopoDS_Shape const&, TopOpeBRepBuild_WireEdgeSet&, NCollection_List&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_makefaces.cxx:248:32
    0000011 0x7f7bb3d92984 in TopOpeBRepBuild_Builder1::GWESMakeFaces(TopoDS_Shape const&, TopOpeBRepBuild_WireEdgeSet&, NCollection_List&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:1201:28
    #12 0x7f7bb3d8b5a4 in TopOpeBRepBuild_Builder1::GFillFaceNotSameDomSFS(TopoDS_Shape const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&, TopOpeBRepBuild_ShellFaceSet&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:350:3
    0000013 0x7f7bb3d8a5ae in TopOpeBRepBuild_Builder1::GFillShellSFS(TopoDS_Shape const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&, TopOpeBRepBuild_ShellFaceSet&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:299:5
    0000014 0x7f7bb3d89eff in TopOpeBRepBuild_Builder1::GFillSolidSFS(TopoDS_Shape const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&, TopOpeBRepBuild_ShellFaceSet&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:243:7
    0000015 0x7f7bb3dd839d in TopOpeBRepBuild_Builder::GFillSolidsSFS(NCollection_List const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&, TopOpeBRepBuild_ShellFaceSet&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_GridSS.cxx:334:18
    0000016 0x7f7bb3dd7c51 in TopOpeBRepBuild_Builder::GMergeSolids(NCollection_List const&, NCollection_List const&, TopOpeBRepBuild_GTopo const&) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_GridSS.cxx:268:3
    0000017 0x7f7bb3debea0 in TopOpeBRepBuild_Builder::MergeKPartissoso() /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_KPart.cxx:926:5
    0000018 0x7f7bb3d89b35 in TopOpeBRepBuild_Builder1::MergeKPart() /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:182:5
    0000019 0x7f7bb3de89ec in TopOpeBRepBuild_Builder::MergeKPart(TopAbs_State, TopAbs_State) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_KPart.cxx:186:3
    0000020 0x7f7bb3d89a38 in TopOpeBRepBuild_Builder1::MergeKPart(TopAbs_State, TopAbs_State) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_Builder1.cxx:160:28
    0000021 0x7f7bb3de6afd in TopOpeBRepBuild_HBuilder::MergeKPart(TopAbs_State, TopAbs_State) /home/abv/occt/src/TopOpeBRepBuild/TopOpeBRepBuild_HBuilder.cxx:685:23
    0000022 0x7f7bb3ea2ec3 in BRepAlgo_BooleanOperation::Perform(TopAbs_State, TopAbs_State) /home/abv/occt/src/BRepAlgo/BRepAlgo_BooleanOperation.cxx:194:17
    0000023 0x7f7bb3ea77d8 in BRepAlgo_Common::BRepAlgo_Common(TopoDS_Shape const&, TopoDS_Shape const&) /home/abv/occt/src/BRepAlgo/BRepAlgo_Common.cxx:33:3
    0000024 0x7f7bb5e6b755 in topop(Draw_Interpretor&, int, char const**) /home/abv/occt/src/BRepTest/BRepTest_TopologyCommands.cxx:68:11
    0000025 0x7f7bc3e43349 in Draw_Interpretor::CallBackDataFunc::Invoke(Draw_Interpretor&, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.hxx:81:31
    #26 0x7f7bc3e50b7d in CommandCmd(void*, Tcl_Interp*, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:154:40
    #27 0x7f7bbe205b95 in TclInvokeStringCommand (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x38b95)

SUMMARY: AddressSanitizer: heap-use-after-free /home/abv/occt/src/Standard/Standard_Handle.hxx:127:51 in opencascade::handle::get() const
Shadow bytes around the buggy address:
  0x0c06800d97f0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x0c06800d9800: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
  0x0c06800d9810: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
  0x0c06800d9820: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x0c06800d9830: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
=>0x0c06800d9840: fa fa fd fd fd fd fa fa 00 00 00 00 fa fa fd[fd]
  0x0c06800d9850: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x0c06800d9860: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
  0x0c06800d9870: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
  0x0c06800d9880: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x0c06800d9890: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
  Left alloca redzone: ca
  Right alloca redzone: cb
==12007==ABORTING
Steps To ReproduceBuild on Linux with CLang with -fsanitize=address, then run test bugs modalg_7 bug22886
TagsNo tags attached.
Test case number

Relationships

child of 0030557 newdpasukhi Coding - eliminate errors reported by -fsanitize 

Activities

git

2019-09-20 07:58

administrator   ~0087341

Branch CR30985 has been created by abv.

SHA-1: 867a6500bb633ca9fcfda51300344a20102a7db8


Detailed log of new commits:

Author: abv
Date: Fri Sep 20 07:55:05 2019 +0300

    0030985: Modeling Algorithms - heap-use-after-free reported by Clang address sanitizer in TopOpeBRepTool_REGUW::InitBlock()
    
    Code is corrected to avoid use of reference to a shape removed from the list after that removal

abv

2019-09-20 11:36

manager   ~0087352

Fix pushed to branch CR30985 and tested, see Jenkins job CR30985-abv; please review

msv

2019-09-20 14:31

developer   ~0087367

Reviewed.

git

2019-09-29 12:36

administrator   ~0087625

Branch CR30985 has been deleted by inv.

SHA-1: 867a6500bb633ca9fcfda51300344a20102a7db8

Related Changesets

occt: master cbaac5de

2019-09-20 04:55:05

abv


Committer: bugmaster Details Diff		 0030985: Modeling Algorithms - heap-use-after-free reported by Clang address sanitizer in TopOpeBRepTool_REGUW::InitBlock()

Code is corrected to avoid use of reference to a shape removed from the list after that removal		 Affected Issues
0030985
mod - src/TopOpeBRepTool/TopOpeBRepTool_REGUW.cxx Diff File

Issue History

Date Modified Username Field Change
2019-09-20 07:56 abv New Issue
2019-09-20 07:56 abv Assigned To => msv
2019-09-20 07:58 git Note Added: 0087341
2019-09-20 08:09 abv Relationship added child of 0030557
2019-09-20 09:37 abv Target Version 7.5.0 => 7.4.0
2019-09-20 11:36 abv Note Added: 0087352
2019-09-20 11:36 abv Status new => resolved
2019-09-20 11:36 abv Steps to Reproduce Updated
2019-09-20 14:31 msv Note Added: 0087367
2019-09-20 14:31 msv Assigned To msv => bugmaster
2019-09-20 14:31 msv Status resolved => reviewed
2019-09-21 18:13 bugmaster Changeset attached => occt master cbaac5de
2019-09-21 18:13 bugmaster Status reviewed => verified
2019-09-21 18:13 bugmaster Resolution open => fixed
2019-09-29 12:36 git Note Added: 0087625