MantisBT
Mantis Bug Tracker Workflow

View Issue Details Jump to Notes ] Related Changesets ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0031048Open CASCADE[OCCT] OCCT:Visualizationpublic2019-10-08 23:012019-10-23 11:51
Reporterabv 
Assigned Toabv 
PrioritynormalSeverityminor 
StatusverifiedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version[OCCT] 7.5.0*Fixed in Version 
Summary0031048: Visualization - runtime error reported by Clang undefined behavior sanitizer in Image_AlienPixMap::Save()
DescriptionWhen running OCCT built on Linux with Clang with option -fsanitize=undefined, a runtime error is reported on any test that uses command xwd:

xwd /mnt/d/ABV/OCCT/Ubuntu/results/sanitizer-undefined-2019-10-07/blend/simple/B3.png

/home/abv/occt/src/Image/Image_PixMapData.hxx:97:24: runtime error: addition of unsigned offset to 0x7f6f1cf3bf70 overflowed to 0x7f6f1cf3b930

    # 0 0x7f6f3b5cab2f in Image_PixMapData::ChangeValue(unsigned long, unsigned long) /home/abv/occt/src/Image/Image_PixMapData.hxx:97:24
    # 1 0x7f6f3b5c7a0d in Image_AlienPixMap::Save(TCollection_AsciiString const&) /home/abv/occt/src/Image/Image_AlienPixMap.cxx:902:20
    # 2 0x7f6f3e61c16c in Draw_Window::Save(char const*) const /home/abv/occt/src/Draw/Draw_Window.cxx:774:18
    # 3 0x7f6f3e60b786 in Draw_Viewer::SaveView(int, char const*) /home/abv/occt/src/Draw/Draw_Viewer.cxx:702:25
    # 4 0x7f6f3e5d8b0a in xwd(Draw_Interpretor&, int, char const**) /home/abv/occt/src/Draw/Draw_GraphicCommands.cxx:843:13
    # 5 0x7f6f3e5c96b3 in Draw_Interpretor::CallBackDataFunc::Invoke(Draw_Interpretor&, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.hxx:81:31
    # 6 0x7f6f3e5dcecb in CommandCmd(void*, Tcl_Interp*, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:154:40
    # 7 0x7f6f2f9edb95 in TclInvokeStringCommand (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x38b95)
    # 8 0x7f6f2f9effa6 in TclNRRunCallbacks (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x3afa6)
    # 9 0x7f6f2fa8e87a in Tcl_RecordAndEvalObj (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd987a)
    # 10 0x7f6f2fa8e756 in Tcl_RecordAndEval (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd9756)
    # 11 0x7f6f3e5de5d0 in Draw_Interpretor::RecordAndEval(char const*, int) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:496:10
    # 12 0x7f6f3e5b60d3 in Draw_Interprete(char const*) /home/abv/occt/src/Draw/Draw.cxx:608:19
    # 13 0x7f6f3e5b7335 in interpreteTclCommand(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:110:5
    # 14 0x7f6f3e5b503e in ReadInitFile(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:121:3
    # 15 0x7f6f3e5b47d3 in Draw_Appli(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw.cxx:497:5
    # 16 0x7f6f3e5df78a in Draw_Main(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw_Main.cxx:113:3
    # 17 0x42a9b7 in main /home/abv/occt/src/DRAWEXE/DRAWEXE.cxx:33:1
    # 18 0x7f6f2e41982f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    # 19 0x403588 in _start (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x403588)
Steps To ReproduceIn DRAW with OCCT built with undefined sanitizer:

axo
xwd tmp.png
Additional information
and documentation updates
Implementation of the class Image_PixMapData is unsafe in general: its fields that characterize internal structure of data (SizeBPP, SizeX, SizeY, SizeRowBytes, TopToDown) are public and can be changed arbitrarily, thus the class does not guarantee integrity of its internal state
TagsNo tags attached.
Test case numberNot needed
Attached Files

- Relationships
parent of 0031073newkgv Coding - Image_PixMapData shall have data fields private 
child of 0030557newkgv Coding - eliminate errors reported by -fsanitize 
Not all the children of this issue are yet resolved or closed.

-  Notes
(0088033)
kgv (developer)
2019-10-11 12:37

This is FALSE detection - unsigned overflow is expected here and should not cause any issues following C++ standard.

Or I'm wrong? Where undefined comes from?
(0088036)
tizmaylo (developer)
2019-10-11 14:10
edited on: 2019-10-11 14:11

>> Where undefined comes from?

Look at the simplified example: https://wandbox.org/permlink/Oj4CT3UWS8NV2dok [^]

#include <iostream>

int main()
{
  int anArray[] = {1, 2};
  int* aPointerTo2 = anArray + 1;
  int* aPointerTo1 = aPointerTo2 + static_cast<std::size_t>(-1); // causes pointer overflow
  (void)aPointerTo1;
}


(0088040)
tizmaylo (developer)
2019-10-11 14:55

Reference to the corresponding wording in the current draft of the C++ standard: http://eel.is/c++draft/expr.add#4.2 [^]
(0088041)
git (administrator)
2019-10-11 14:56

Branch CR31048 has been created by kgv.

SHA-1: 917a988b540a2c427bfb4065c03ed39227b7426c


Detailed log of new commits:

Author: kgv
Date: Fri Oct 11 14:56:03 2019 +0300

    0031048: Visualization - runtime error reported by Clang undefined behavior sanitizer in Image_AlienPixMap::Save()
    
    Image_PixMapData - use unsigned math (uintptr_t) instead of signed math with pointers for defining negative stride.
(0088042)
git (administrator)
2019-10-11 15:11

Branch CR31048_1 has been created by kgv.

SHA-1: 08ddc0085ac960bd4a9c01f3f4bfd3c70afa0eda


Detailed log of new commits:

Author: kgv
Date: Fri Oct 11 14:56:03 2019 +0300

    0031048: Visualization - runtime error reported by Clang undefined behavior sanitizer in Image_AlienPixMap::Save()
    
    Image_PixMapData - use unsigned math (uintptr_t) instead of signed math with pointers for defining negative stride.
(0088052)
kgv (developer)
2019-10-11 18:45

Patch is ready for review.
(0088207)
abv (manager)
2019-10-17 05:13

Reviewed, please integrate
(0088483)
git (administrator)
2019-10-23 11:51

Branch CR31048 has been deleted by kgv.

SHA-1: 917a988b540a2c427bfb4065c03ed39227b7426c
(0088484)
git (administrator)
2019-10-23 11:51

Branch CR31048_1 has been deleted by kgv.

SHA-1: 08ddc0085ac960bd4a9c01f3f4bfd3c70afa0eda

- Related Changesets
occt: master 8ba3d978
Timestamp: 2019-10-11 11:56:03
Author: abv
Committer: abv
Details ] Diff ]
0031048: Visualization - runtime error reported by Clang undefined behavior sanitizer in Image_AlienPixMap::Save()

Image_PixMapData - use unsigned math (uintptr_t) instead of signed math with pointers for defining negative stride.
mod - src/Image/Image_PixMapData.hxx Diff ] File ]

- Issue History
Date Modified Username Field Change
2019-10-08 23:01 abv New Issue
2019-10-08 23:01 abv Assigned To => kgv
2019-10-08 23:01 abv Relationship added child of 0030557
2019-10-09 06:45 abv Steps to Reproduce Updated View Revisions
2019-10-11 12:37 kgv Note Added: 0088033
2019-10-11 14:10 tizmaylo Note Added: 0088036
2019-10-11 14:11 tizmaylo Note Edited: 0088036 View Revisions
2019-10-11 14:55 tizmaylo Note Added: 0088040
2019-10-11 14:56 git Note Added: 0088041
2019-10-11 15:11 git Note Added: 0088042
2019-10-11 18:45 kgv Note Added: 0088052
2019-10-11 18:45 kgv Assigned To kgv => abv
2019-10-11 18:45 kgv Status new => resolved
2019-10-17 05:13 abv Note Added: 0088207
2019-10-17 05:13 abv Assigned To abv => bugmaster
2019-10-17 05:13 abv Status resolved => reviewed
2019-10-17 05:48 abv Relationship added parent of 0031073
2019-10-23 01:07 abv Changeset attached => occt master 8ba3d978
2019-10-23 01:07 abv Assigned To bugmaster => abv
2019-10-23 01:07 abv Status reviewed => verified
2019-10-23 01:07 abv Resolution open => fixed
2019-10-23 01:14 apn Test case number => Not needed
2019-10-23 11:51 git Note Added: 0088483
2019-10-23 11:51 git Note Added: 0088484


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker