View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0031034Open CASCADEOCCT:Visualizationpublic2019-10-04 20:352020-12-02 17:12
ReporterabvAssigned Toabv 
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version5.2.2 
Target Version7.5.0Fixed in Version7.5.0 
Summary0031034: Visualization - stack-use-after-scope reported by Clang address sanitizer in AIS_FixRelation::Compute()
DescriptionWhen running OCCT built on Linux with Clang with option -fsanitize=address, error stack-use-after-scope is reported on test v3d dimensions fix:

vrelation r -fix
=================================================================
==24383==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffef89556f8 at pc 0x0000004ddb7d bp 0x7ffef8954fd0 sp 0x7ffef8954780

READ of size 24 at 0x7ffef89556f8 thread T0
    #0 0x4ddb7c in __asan_memcpy (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x4ddb7c)
    0000001 0x7f0c14af6849 in gp_Vec::gp_Vec(gp_Dir const&) /home/abv/occt/src/gp/gp_Vec.lxx:27:49
    0000002 0x7f0c004c52ec in DsgPrs_FixPresentation::Add(opencascade::handle const&, opencascade::handle const&, gp_Pnt const&, gp_Pnt const&, gp_Dir const&, double) /home/abv/occt/src/DsgPrs/DsgPrs_FixPresentation.cxx:57:32
    #3 0x7f0c003ea395 in AIS_FixRelation::Compute(opencascade::handle const&, opencascade::handle const&, int) /home/abv/occt/src/AIS/AIS_FixRelation.cxx:191:3
    #4 0x7f0c003713d4 in PrsMgr_PresentableObject::Fill(opencascade::handle const&, opencascade::handle const&, int) /home/abv/occt/src/PrsMgr/PrsMgr_PresentableObject.cxx:95:3
    #5 0x7f0c0037a8e8 in PrsMgr_PresentationManager::Presentation(opencascade::handle const&, int, bool, opencascade::handle const&) const /home/abv/occt/src/PrsMgr/PrsMgr_PresentationManager.cxx:517:14
    #6 0x7f0c0037a25e in PrsMgr_PresentationManager::Display(opencascade::handle const&, int) /home/abv/occt/src/PrsMgr/PrsMgr_PresentationManager.cxx:52:40
    0000007 0x7f0c003ff00f in AIS_InteractiveContext::Display(opencascade::handle const&, int, int, bool, AIS_DisplayStatus) /home/abv/occt/src/AIS/AIS_InteractiveContext.cxx:452:15
    0000008 0x7f0c003fe926 in AIS_InteractiveContext::Display(opencascade::handle const&, bool) /home/abv/occt/src/AIS/AIS_InteractiveContext.cxx:391:3
    0000009 0x7f0c03746f35 in ViewerTest::Display(TCollection_AsciiString const&, opencascade::handle const&, bool, bool) /home/abv/occt/src/ViewerTest/ViewerTest.cxx:753:9
    #10 0x7f0c03747091 in VDisplayAISObject(TCollection_AsciiString const&, opencascade::handle const&, bool) /home/abv/occt/src/ViewerTest/ViewerTest.cxx:762:10
    0000011 0x7f0c03807109 in VRelationBuilder(Draw_Interpretor&, int, char const**) /home/abv/occt/src/ViewerTest/ViewerTest_RelationCommands.cxx:1547:3
    #12 0x7f0c14afb6a9 in Draw_Interpretor::CallBackDataFunc::Invoke(Draw_Interpretor&, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.hxx:81:31
    0000013 0x7f0c14b08edd in CommandCmd(void*, Tcl_Interp*, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:154:40
    0000014 0x7f0c0ebebb95 in TclInvokeStringCommand (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x38b95)
    0000015 0x7f0c0ebedfa6 in TclNRRunCallbacks (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x3afa6)
    0000016 0x7f0c0ec8c87a in Tcl_RecordAndEvalObj (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd987a)
    0000017 0x7f0c0ec8c756 in Tcl_RecordAndEval (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd9756)
    0000018 0x7f0c14b0a41f in Draw_Interpretor::RecordAndEval(char const*, int) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:496:10
    0000019 0x7f0c14af0e2d in Draw_Interprete(char const*) /home/abv/occt/src/Draw/Draw.cxx:608:19
    0000020 0x7f0c14af1c10 in interpreteTclCommand(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:110:5
    0000021 0x7f0c14aef3fb in ReadInitFile(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:121:3
    0000022 0x7f0c14aee9f3 in Draw_Appli(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw.cxx:497:5
    0000023 0x7f0c14b0b688 in Draw_Main(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw_Main.cxx:113:3
    0000024 0x51ab0f in main /home/abv/occt/src/DRAWEXE/DRAWEXE.cxx:33:1
    0000025 0x7f0c0d61782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    #26 0x41aae8 in _start (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x41aae8)

Address 0x7ffef89556f8 is located in stack of thread T0 at offset 120 in frame
    #0 0x7f0c003ea19f in AIS_FixRelation::Compute(opencascade::handle const&, opencascade::handle const&, int) /home/abv/occt/src/AIS/AIS_FixRelation.cxx:173

  This frame has 2 object(s):
    [32, 56) 'curpos' (line 176)
    [96, 144) 'ref.tmp' (line 182) <== Memory access at offset 120 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x4ddb7c) in __asan_memcpy
Shadow bytes around the buggy address:
  0x10005f122a80: f2 f2 f8 f8 f8 f2 f2 f2 f2 f2 f8 f8 f8 f2 f2 f2
  0x10005f122a90: f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 f8 f8
  0x10005f122aa0: f2 f2 f8 f2 f2 f2 00 f2 f2 f2 f8 f2 f2 f2 00 f3
  0x10005f122ab0: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005f122ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10005f122ad0: f1 f1 f1 f1 00 00 00 f2 f2 f2 f2 f2 f8 f8 f8[f8]
  0x10005f122ae0: f8 f8 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
  0x10005f122af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005f122b00: 00 00 00 00 f1 f1 f1 f1 f8 f8 f2 f2 00 f2 f2 f2
  0x10005f122b10: f8 f2 f2 f2 f8 f2 f2 f2 00 f3 f3 f3 00 00 00 00
  0x10005f122b20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
  Left alloca redzone: ca
  Right alloca redzone: cb
==24383==ABORTING
Steps To ReproduceBuild on Linux with CLang with -fsanitize=address, then run test v3d dimensions fix
TagsNo tags attached.
Test case numberNot needed

Relationships

child of 0030557 newdpasukhi Coding - eliminate errors reported by -fsanitize 

Activities

git

2019-10-04 21:16

administrator   ~0087845

Branch CR31034 has been created by abv.

SHA-1: 086d2d35d9cc2ed977f5302e4a204f16cd6445e5


Detailed log of new commits:

Author: abv
Date: Fri Oct 4 21:14:17 2019 +0300

    0031034: Visualization - stack-use-after-scope reported by Clang address sanitizer in AIS_FixRelation::Compute()
    
    Methods of classes Geom_ElementarySurface, Geom_Conic, and Geom2d_Conic setting or returning values of fields are made inline and return const& to avoid copying

abv

2019-10-05 09:53

manager   ~0087850

Fix is pushed to branch CR31034 and tested, see Jenkins job CR31034-abv; please review

abv

2019-10-05 09:58

manager   ~0087851

Last edited: 2019-10-05 09:59

 The problem was at line 182 of AIS_FixRelation.cxx: reference to field of temporary object returned by method Axis() of Geom_Plane object was stored in local variable and used after destruction of the temporary. The fix is however not to make a copy but to correct Geom_ElementarySurface and sibling classes to return references instead of copies in methods that provide access to the class fields.

git

2019-10-23 11:51

administrator   ~0088479

Branch CR31034 has been deleted by kgv.

SHA-1: 086d2d35d9cc2ed977f5302e4a204f16cd6445e5

Related Changesets

occt: master 2724a0b3

2019-10-04 18:14:17

abv


Committer: abv Details Diff		 0031034: Visualization - stack-use-after-scope reported by Clang address sanitizer in AIS_FixRelation::Compute()

Methods of classes Geom_ElementarySurface, Geom_Conic, and Geom2d_Conic setting or returning values of fields are made inline and return const& to avoid copying		 Affected Issues
0031034
mod - src/Geom/Geom_Conic.cxx Diff File
mod - src/Geom/Geom_Conic.hxx Diff File
mod - src/Geom/Geom_ElementarySurface.cxx Diff File
mod - src/Geom/Geom_ElementarySurface.hxx Diff File
mod - src/Geom/Geom_Surface.hxx Diff File
mod - src/Geom2d/Geom2d_Conic.cxx Diff File
mod - src/Geom2d/Geom2d_Conic.hxx Diff File

Issue History

Date Modified Username Field Change
2019-10-04 20:35 abv New Issue
2019-10-04 20:35 abv Assigned To => kgv
2019-10-04 20:35 abv Relationship added child of 0030557
2019-10-04 21:16 git Note Added: 0087845
2019-10-05 09:53 abv Note Added: 0087850
2019-10-05 09:53 abv Status new => resolved
2019-10-05 09:53 abv Steps to Reproduce Updated
2019-10-05 09:58 abv Note Added: 0087851
2019-10-05 09:59 abv Note Edited: 0087851
2019-10-05 10:19 kgv Product Version => 5.2.2
2019-10-05 10:20 kgv Assigned To kgv => bugmaster
2019-10-05 10:20 kgv Status resolved => reviewed
2019-10-23 01:07 abv Changeset attached => occt master 2724a0b3
2019-10-23 01:07 abv Assigned To bugmaster => abv
2019-10-23 01:07 abv Status reviewed => verified
2019-10-23 01:07 abv Resolution open => fixed
2019-10-23 01:17 apn Test case number => Not needed
2019-10-23 11:51 git Note Added: 0088479
2020-12-02 16:40 emo Fixed in Version => 7.5.0
2020-12-02 17:12 emo Status verified => closed