MantisBT
Mantis Bug Tracker Workflow

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0031034Open CASCADE[OCCT] OCCT:Visualizationpublic2019-10-04 20:352019-10-05 10:20
Reporterabv 
Assigned Tobugmaster 
PrioritynormalSeverityminor 
StatusreviewedResolutionopen 
PlatformOSOS Version
Product Version[OCCT] 5.2.2 
Target Version[OCCT] 7.5.0*Fixed in Version 
Summary0031034: Visualization - stack-use-after-scope reported by Clang address sanitizer in AIS_FixRelation::Compute()
DescriptionWhen running OCCT built on Linux with Clang with option -fsanitize=address, error stack-use-after-scope is reported on test v3d dimensions fix:

vrelation r -fix
=================================================================
==24383==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffef89556f8 at pc 0x0000004ddb7d bp 0x7ffef8954fd0 sp 0x7ffef8954780

READ of size 24 at 0x7ffef89556f8 thread T0
    #0 0x4ddb7c in __asan_memcpy (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x4ddb7c)
    0000001 0x7f0c14af6849 in gp_Vec::gp_Vec(gp_Dir const&) /home/abv/occt/src/gp/gp_Vec.lxx:27:49
    0000002 0x7f0c004c52ec in DsgPrs_FixPresentation::Add(opencascade::handle const&, opencascade::handle const&, gp_Pnt const&, gp_Pnt const&, gp_Dir const&, double) /home/abv/occt/src/DsgPrs/DsgPrs_FixPresentation.cxx:57:32
    #3 0x7f0c003ea395 in AIS_FixRelation::Compute(opencascade::handle const&, opencascade::handle const&, int) /home/abv/occt/src/AIS/AIS_FixRelation.cxx:191:3
    #4 0x7f0c003713d4 in PrsMgr_PresentableObject::Fill(opencascade::handle const&, opencascade::handle const&, int) /home/abv/occt/src/PrsMgr/PrsMgr_PresentableObject.cxx:95:3
    #5 0x7f0c0037a8e8 in PrsMgr_PresentationManager::Presentation(opencascade::handle const&, int, bool, opencascade::handle const&) const /home/abv/occt/src/PrsMgr/PrsMgr_PresentationManager.cxx:517:14
    #6 0x7f0c0037a25e in PrsMgr_PresentationManager::Display(opencascade::handle const&, int) /home/abv/occt/src/PrsMgr/PrsMgr_PresentationManager.cxx:52:40
    0000007 0x7f0c003ff00f in AIS_InteractiveContext::Display(opencascade::handle const&, int, int, bool, AIS_DisplayStatus) /home/abv/occt/src/AIS/AIS_InteractiveContext.cxx:452:15
    0000008 0x7f0c003fe926 in AIS_InteractiveContext::Display(opencascade::handle const&, bool) /home/abv/occt/src/AIS/AIS_InteractiveContext.cxx:391:3
    0000009 0x7f0c03746f35 in ViewerTest::Display(TCollection_AsciiString const&, opencascade::handle const&, bool, bool) /home/abv/occt/src/ViewerTest/ViewerTest.cxx:753:9
    #10 0x7f0c03747091 in VDisplayAISObject(TCollection_AsciiString const&, opencascade::handle const&, bool) /home/abv/occt/src/ViewerTest/ViewerTest.cxx:762:10
    0000011 0x7f0c03807109 in VRelationBuilder(Draw_Interpretor&, int, char const**) /home/abv/occt/src/ViewerTest/ViewerTest_RelationCommands.cxx:1547:3
    #12 0x7f0c14afb6a9 in Draw_Interpretor::CallBackDataFunc::Invoke(Draw_Interpretor&, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.hxx:81:31
    0000013 0x7f0c14b08edd in CommandCmd(void*, Tcl_Interp*, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:154:40
    0000014 0x7f0c0ebebb95 in TclInvokeStringCommand (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x38b95)
    0000015 0x7f0c0ebedfa6 in TclNRRunCallbacks (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x3afa6)
    0000016 0x7f0c0ec8c87a in Tcl_RecordAndEvalObj (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd987a)
    0000017 0x7f0c0ec8c756 in Tcl_RecordAndEval (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd9756)
    0000018 0x7f0c14b0a41f in Draw_Interpretor::RecordAndEval(char const*, int) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:496:10
    0000019 0x7f0c14af0e2d in Draw_Interprete(char const*) /home/abv/occt/src/Draw/Draw.cxx:608:19
    0000020 0x7f0c14af1c10 in interpreteTclCommand(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:110:5
    0000021 0x7f0c14aef3fb in ReadInitFile(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:121:3
    0000022 0x7f0c14aee9f3 in Draw_Appli(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw.cxx:497:5
    0000023 0x7f0c14b0b688 in Draw_Main(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw_Main.cxx:113:3
    0000024 0x51ab0f in main /home/abv/occt/src/DRAWEXE/DRAWEXE.cxx:33:1
    0000025 0x7f0c0d61782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    #26 0x41aae8 in _start (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x41aae8)

Address 0x7ffef89556f8 is located in stack of thread T0 at offset 120 in frame
    #0 0x7f0c003ea19f in AIS_FixRelation::Compute(opencascade::handle const&, opencascade::handle const&, int) /home/abv/occt/src/AIS/AIS_FixRelation.cxx:173

  This frame has 2 object(s):
    [32, 56) 'curpos' (line 176)
    [96, 144) 'ref.tmp' (line 182) <== Memory access at offset 120 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x4ddb7c) in __asan_memcpy
Shadow bytes around the buggy address:
  0x10005f122a80: f2 f2 f8 f8 f8 f2 f2 f2 f2 f2 f8 f8 f8 f2 f2 f2
  0x10005f122a90: f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 f8 f8
  0x10005f122aa0: f2 f2 f8 f2 f2 f2 00 f2 f2 f2 f8 f2 f2 f2 00 f3
  0x10005f122ab0: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005f122ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10005f122ad0: f1 f1 f1 f1 00 00 00 f2 f2 f2 f2 f2 f8 f8 f8[f8]
  0x10005f122ae0: f8 f8 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
  0x10005f122af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005f122b00: 00 00 00 00 f1 f1 f1 f1 f8 f8 f2 f2 00 f2 f2 f2
  0x10005f122b10: f8 f2 f2 f2 f8 f2 f2 f2 00 f3 f3 f3 00 00 00 00
  0x10005f122b20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
  Left alloca redzone: ca
  Right alloca redzone: cb
==24383==ABORTING
Steps To ReproduceBuild on Linux with CLang with -fsanitize=address, then run test v3d dimensions fix
TagsNo tags attached.
Test case number
Attached Files

- Relationships
child of 0030557newkgv Coding - eliminate errors reported by -fsanitize 

-  Notes
(0087845)
git (administrator)
2019-10-04 21:16

Branch CR31034 has been created by abv.

SHA-1: 086d2d35d9cc2ed977f5302e4a204f16cd6445e5


Detailed log of new commits:

Author: abv
Date: Fri Oct 4 21:14:17 2019 +0300

    0031034: Visualization - stack-use-after-scope reported by Clang address sanitizer in AIS_FixRelation::Compute()
    
    Methods of classes Geom_ElementarySurface, Geom_Conic, and Geom2d_Conic setting or returning values of fields are made inline and return const& to avoid copying
(0087850)
abv (manager)
2019-10-05 09:53

Fix is pushed to branch CR31034 and tested, see Jenkins job CR31034-abv; please review
(0087851)
abv (manager)
2019-10-05 09:58
edited on: 2019-10-05 09:59

The problem was at line 182 of AIS_FixRelation.cxx: reference to field of temporary object returned by method Axis() of Geom_Plane object was stored in local variable and used after destruction of the temporary. The fix is however not to make a copy but to correct Geom_ElementarySurface and sibling classes to return references instead of copies in methods that provide access to the class fields.


- Issue History
Date Modified Username Field Change
2019-10-04 20:35 abv New Issue
2019-10-04 20:35 abv Assigned To => kgv
2019-10-04 20:35 abv Relationship added child of 0030557
2019-10-04 21:16 git Note Added: 0087845
2019-10-05 09:53 abv Note Added: 0087850
2019-10-05 09:53 abv Status new => resolved
2019-10-05 09:53 abv Steps to Reproduce Updated View Revisions
2019-10-05 09:58 abv Note Added: 0087851
2019-10-05 09:59 abv Note Edited: 0087851 View Revisions
2019-10-05 10:19 kgv Product Version => 5.2.2
2019-10-05 10:20 kgv Assigned To kgv => bugmaster
2019-10-05 10:20 kgv Status resolved => reviewed


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker