View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0031048Open CASCADEOCCT:Visualizationpublic2019-10-08 23:012020-12-02 17:12
ReporterabvAssigned Toabv 
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Target Version7.5.0Fixed in Version7.5.0 
Summary0031048: Visualization - runtime error reported by Clang undefined behavior sanitizer in Image_AlienPixMap::Save()
DescriptionWhen running OCCT built on Linux with Clang with option -fsanitize=undefined, a runtime error is reported on any test that uses command xwd:

xwd /mnt/d/ABV/OCCT/Ubuntu/results/sanitizer-undefined-2019-10-07/blend/simple/B3.png

/home/abv/occt/src/Image/Image_PixMapData.hxx:97:24: runtime error: addition of unsigned offset to 0x7f6f1cf3bf70 overflowed to 0x7f6f1cf3b930

    # 0 0x7f6f3b5cab2f in Image_PixMapData::ChangeValue(unsigned long, unsigned long) /home/abv/occt/src/Image/Image_PixMapData.hxx:97:24
    # 1 0x7f6f3b5c7a0d in Image_AlienPixMap::Save(TCollection_AsciiString const&) /home/abv/occt/src/Image/Image_AlienPixMap.cxx:902:20
    # 2 0x7f6f3e61c16c in Draw_Window::Save(char const*) const /home/abv/occt/src/Draw/Draw_Window.cxx:774:18
    # 3 0x7f6f3e60b786 in Draw_Viewer::SaveView(int, char const*) /home/abv/occt/src/Draw/Draw_Viewer.cxx:702:25
    # 4 0x7f6f3e5d8b0a in xwd(Draw_Interpretor&, int, char const**) /home/abv/occt/src/Draw/Draw_GraphicCommands.cxx:843:13
    # 5 0x7f6f3e5c96b3 in Draw_Interpretor::CallBackDataFunc::Invoke(Draw_Interpretor&, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.hxx:81:31
    # 6 0x7f6f3e5dcecb in CommandCmd(void*, Tcl_Interp*, int, char const**) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:154:40
    # 7 0x7f6f2f9edb95 in TclInvokeStringCommand (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x38b95)
    # 8 0x7f6f2f9effa6 in TclNRRunCallbacks (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0x3afa6)
    # 9 0x7f6f2fa8e87a in Tcl_RecordAndEvalObj (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd987a)
    # 10 0x7f6f2fa8e756 in Tcl_RecordAndEval (/usr/lib/x86_64-linux-gnu/libtcl8.6.so+0xd9756)
    # 11 0x7f6f3e5de5d0 in Draw_Interpretor::RecordAndEval(char const*, int) /home/abv/occt/src/Draw/Draw_Interpretor.cxx:496:10
    # 12 0x7f6f3e5b60d3 in Draw_Interprete(char const*) /home/abv/occt/src/Draw/Draw.cxx:608:19
    # 13 0x7f6f3e5b7335 in interpreteTclCommand(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:110:5
    # 14 0x7f6f3e5b503e in ReadInitFile(TCollection_AsciiString const&) /home/abv/occt/src/Draw/Draw.cxx:121:3
    # 15 0x7f6f3e5b47d3 in Draw_Appli(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw.cxx:497:5
    # 16 0x7f6f3e5df78a in Draw_Main(int, char**, void (*)(Draw_Interpretor&)) /home/abv/occt/src/Draw/Draw_Main.cxx:113:3
    # 17 0x42a9b7 in main /home/abv/occt/src/DRAWEXE/DRAWEXE.cxx:33:1
    # 18 0x7f6f2e41982f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    # 19 0x403588 in _start (/home/abv/tmp/occt-clang/lin64/clang/bini/DRAWEXE-7.4.0+0x403588)
Steps To ReproduceIn DRAW with OCCT built with undefined sanitizer:

axo
xwd tmp.png
Additional information
and documentation updates		Implementation of the class Image_PixMapData is unsafe in general: its fields that characterize internal structure of data (SizeBPP, SizeX, SizeY, SizeRowBytes, TopToDown) are public and can be changed arbitrarily, thus the class does not guarantee integrity of its internal state
TagsNo tags attached.
Test case numberNot needed

Relationships

parent of 0031073 newvpozdyayev Coding - Image_PixMapData shall have data fields private 
child of 0030557 newdpasukhi Coding - eliminate errors reported by -fsanitize 
Not all the children of this issue are yet resolved or closed.

Activities

kgv

2019-10-11 12:37

developer   ~0088033

This is FALSE detection - unsigned overflow is expected here and should not cause any issues following C++ standard.

Or I'm wrong? Where undefined comes from?

tizmaylo

2019-10-11 14:10

developer   ~0088036

Last edited: 2019-10-11 14:11

 >> Where undefined comes from?

Look at the simplified example: https://wandbox.org/permlink/Oj4CT3UWS8NV2dok

#include <iostream>

int main()
{
  int anArray[] = {1, 2};
  int* aPointerTo2 = anArray + 1;
  int* aPointerTo1 = aPointerTo2 + static_cast<std::size_t>(-1); // causes pointer overflow
  (void)aPointerTo1;
}

tizmaylo

2019-10-11 14:55

developer   ~0088040

Reference to the corresponding wording in the current draft of the C++ standard: http://eel.is/c++draft/expr.add#4.2

git

2019-10-11 14:56

administrator   ~0088041

Branch CR31048 has been created by kgv.

SHA-1: 917a988b540a2c427bfb4065c03ed39227b7426c


Detailed log of new commits:

Author: kgv
Date: Fri Oct 11 14:56:03 2019 +0300

    0031048: Visualization - runtime error reported by Clang undefined behavior sanitizer in Image_AlienPixMap::Save()
    
    Image_PixMapData - use unsigned math (uintptr_t) instead of signed math with pointers for defining negative stride.

git

2019-10-11 15:11

administrator   ~0088042

Branch CR31048_1 has been created by kgv.

SHA-1: 08ddc0085ac960bd4a9c01f3f4bfd3c70afa0eda


Detailed log of new commits:

Author: kgv
Date: Fri Oct 11 14:56:03 2019 +0300

    0031048: Visualization - runtime error reported by Clang undefined behavior sanitizer in Image_AlienPixMap::Save()
    
    Image_PixMapData - use unsigned math (uintptr_t) instead of signed math with pointers for defining negative stride.

kgv

2019-10-11 18:45

developer   ~0088052

Patch is ready for review.

abv

2019-10-17 05:13

manager   ~0088207

Reviewed, please integrate

git

2019-10-23 11:51

administrator   ~0088483

Branch CR31048 has been deleted by kgv.

SHA-1: 917a988b540a2c427bfb4065c03ed39227b7426c

git

2019-10-23 11:51

administrator   ~0088484

Branch CR31048_1 has been deleted by kgv.

SHA-1: 08ddc0085ac960bd4a9c01f3f4bfd3c70afa0eda

Related Changesets

occt: master 8ba3d978

2019-10-11 11:56:03

abv


Committer: abv Details Diff		 0031048: Visualization - runtime error reported by Clang undefined behavior sanitizer in Image_AlienPixMap::Save()

Image_PixMapData - use unsigned math (uintptr_t) instead of signed math with pointers for defining negative stride.		 Affected Issues
0031048
mod - src/Image/Image_PixMapData.hxx Diff File

Issue History

Date Modified Username Field Change
2019-10-08 23:01 abv New Issue
2019-10-08 23:01 abv Assigned To => kgv
2019-10-08 23:01 abv Relationship added child of 0030557
2019-10-09 06:45 abv Steps to Reproduce Updated
2019-10-11 12:37 kgv Note Added: 0088033
2019-10-11 14:10 tizmaylo Note Added: 0088036
2019-10-11 14:11 tizmaylo Note Edited: 0088036
2019-10-11 14:55 tizmaylo Note Added: 0088040
2019-10-11 14:56 git Note Added: 0088041
2019-10-11 15:11 git Note Added: 0088042
2019-10-11 18:45 kgv Note Added: 0088052
2019-10-11 18:45 kgv Assigned To kgv => abv
2019-10-11 18:45 kgv Status new => resolved
2019-10-17 05:13 abv Note Added: 0088207
2019-10-17 05:13 abv Assigned To abv => bugmaster
2019-10-17 05:13 abv Status resolved => reviewed
2019-10-17 05:48 abv Relationship added parent of 0031073
2019-10-23 01:07 abv Changeset attached => occt master 8ba3d978
2019-10-23 01:07 abv Assigned To bugmaster => abv
2019-10-23 01:07 abv Status reviewed => verified
2019-10-23 01:07 abv Resolution open => fixed
2019-10-23 01:14 apn Test case number => Not needed
2019-10-23 11:51 git Note Added: 0088483
2019-10-23 11:51 git Note Added: 0088484
2020-12-02 16:40 emo Fixed in Version => 7.5.0
2020-12-02 17:12 emo Status verified => closed