MantisBT
Mantis Bug Tracker Workflow

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0030986Open CASCADE[OCCT] OCCT:Modeling Algorithmspublic2019-09-20 08:012019-09-20 08:09
Reporterabv 
Assigned Tomsv 
PrioritynormalSeverityminor 
StatusnewResolutionopen 
PlatformOSOS Version
Product Version 
Target Version[OCCT] 7.5.0*Fixed in Version 
Summary0030986: Modeling Algorithms - heap-buffer-overflow reported by Clang address sanitizer in HLRBRep_Data.cxx
DescriptionWhen running OCCT built on Linux with Clang with option -fsanitize=address, error heap-buffer-overflow is reported on test bugs modalg_5 bug23625_1:

reflectlines result a 0 1 0
=================================================================
==8116==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000562230 at pc 0x7f3584067540 bp 0x7fff23ed65d0 sp 0x7fff23ed65c8

READ of size 4 at 0x603000562230 thread T0
    #0 0x7f358406753f in TableauRejection::Set(int, int, double) /home/abv/occt/src/HLRBRep/HLRBRep_Data.cxx:245:16
    0000001 0x7f35840645cf in TableauRejection::SetIntersection(int, int, IntRes2d_IntersectionPoint const&) /home/abv/occt/src/HLRBRep/HLRBRep_Data.cxx:353:4
    0000002 0x7f35840597c0 in HLRBRep_Data::NextInterference() /home/abv/occt/src/HLRBRep/HLRBRep_Data.cxx:1203:8
    #3 0x7f3584057f57 in HLRBRep_Data::InitInterference() /home/abv/occt/src/HLRBRep/HLRBRep_Data.cxx:1031:3
    #4 0x7f358406fce9 in HLRBRep_Hider::Hide(int, NCollection_DataMap&) /home/abv/occt/src/HLRBRep/HLRBRep_Hider.cxx:121:18
    #5 0x7f3584093f92 in HLRBRep_InternalAlgo::HideSelected(int, bool) /home/abv/occt/src/HLRBRep/HLRBRep_InternalAlgo.cxx:880:10
    #6 0x7f3584092277 in HLRBRep_InternalAlgo::Hide(int) /home/abv/occt/src/HLRBRep/HLRBRep_InternalAlgo.cxx:609:5
    0000007 0x7f3584092379 in HLRBRep_InternalAlgo::Hide() /home/abv/occt/src/HLRBRep/HLRBRep_InternalAlgo.cxx:582:7
    0000008 0x7f35841064af in HLRAppli_ReflectLines::Perform() /home/abv/occt/src/HLRAppli/HLRAppli_ReflectLines.cxx:77:14
    0000009 0x7f3576fa94a2 in reflectlines(Draw_Interpretor&, int, char const**) /home/abv/occt/src/HLRTest/HLRTest.cxx:446:13
    #10 0x7f3584f17349 in Draw_Interpretor::CallBackDataFunc::Invoke(Draw_Interpretor&, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.hxx:81:31
    0000011 0x7f3584f24b7d in CommandCmd(void*, Tcl_Interp*, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:154:40
    #12 0x7f357f2d9b95 in TclInvokeStringCommand (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x38b95)
    0000013 0x7f357f2dbfa6 in TclNRRunCallbacks (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x3afa6)
    0000014 0x7f357f37a87a in Tcl_RecordAndEvalObj (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd987a)
    0000015 0x7f357f37a756 in Tcl_RecordAndEval (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd9756)
    0000016 0x7f3584f260bf in Draw_Interpretor::RecordAndEval(char const*, int) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:496:10
    0000017 0x7f3584f0cdad in Draw_Interprete(char const*) /home/abv/occt/src/Draw/Draw.cxx:608:19
    0000018 0x7f3584f0db90 in interpreteTclCommand(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:110:5
    0000019 0x7f3584f0b37b in ReadInitFile(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:121:3
    0000020 0x7f3584f0a973 in Draw_Appli(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw.cxx:497:5
    0000021 0x7f3584f27328 in Draw_Main(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw_Main.cxx:113:3
    0000022 0x51aaef in main /home/abv/occt/src/DRAWEXE/DRAWEXE.cxx:33:1
    0000023 0x7f357dd0582f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    0000024 0x41aac8 in _start (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x41aac8)

0x603000562230 is located 0 bytes to the right of 32-byte region [0x603000562210,0x603000562230)
allocated by thread T0 here:
    #0 0x4decd8 in __interceptor_malloc (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x4decd8)
    0000001 0x7f3584062439 in TableauRejection::SetDim(int) /home/abv/occt/src/HLRBRep/HLRBRep_Data.cxx:125:37
    0000002 0x7f3584050e02 in HLRBRep_Data::HLRBRep_Data(int, int, int) /home/abv/occt/src/HLRBRep/HLRBRep_Data.cxx:417:35
    #3 0x7f35840bdf9a in HLRBRep_ShapeToHLR::Load(opencascade::handle const&, HLRAlgo_Projector const&, NCollection_DataMap&, int) /home/abv/occt/src/HLRBRep/HLRBRep_ShapeToHLR.cxx:102:33
    #4 0x7f358408f8d2 in HLRBRep_InternalAlgo::Update() /home/abv/occt/src/HLRBRep/HLRBRep_InternalAlgo.cxx:106:12
    #5 0x7f358410649f in HLRAppli_ReflectLines::Perform() /home/abv/occt/src/HLRAppli/HLRAppli_ReflectLines.cxx:76:14
    #6 0x7f3576fa94a2 in reflectlines(Draw_Interpretor&, int, char const**) /home/abv/occt/src/HLRTest/HLRTest.cxx:446:13
    0000007 0x7f3584f17349 in Draw_Interpretor::CallBackDataFunc::Invoke(Draw_Interpretor&, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.hxx:81:31
    0000008 0x7f3584f24b7d in CommandCmd(void*, Tcl_Interp*, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:154:40
    0000009 0x7f357f2d9b95 in TclInvokeStringCommand (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x38b95)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/abv/occt/src/HLRBRep/HLRBRep_Data.cxx:245:16 in TableauRejection::Set(int, int, double)
Shadow bytes around the buggy address:
  0x0c06800a43f0: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
  0x0c06800a4400: 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00
  0x0c06800a4410: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00
  0x0c06800a4420: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
  0x0c06800a4430: 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00
=>0x0c06800a4440: fa fa 00 00 00 00[fa]fa 00 00 00 00 fa fa 00 00
  0x0c06800a4450: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
  0x0c06800a4460: 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00
  0x0c06800a4470: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00
  0x0c06800a4480: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
  0x0c06800a4490: 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
  Left alloca redzone: ca
  Right alloca redzone: cb
==8116==ABORTING
TagsNo tags attached.
Test case number
Attached Files

- Relationships
child of 0030557newkgv Coding - eliminate errors reported by -fsanitize 

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2019-09-20 08:01 abv New Issue
2019-09-20 08:01 abv Assigned To => msv
2019-09-20 08:09 abv Relationship added child of 0030557


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker