<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Apr 17, 2020, at 22:39, Andreas Tille <<a href="mailto:andreas@fam-tille.de" class="">andreas@fam-tille.de</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Hi Matthew,</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">thanks a lot for your detailed investigation.</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">On Fri, Apr 17, 2020 at 04:28:23PM -0700, Matthew Fernandez wrote:</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><blockquote type="cite" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><blockquote type="cite" class="">Program received signal SIGBUS, Bus error.<br class="">0x5556a1b8 in PairDistances (distmat=0x7fff278c, mseq=0x55692a30, pairdist_type=<optimized out>, bPercID=<optimized out>, istart=0, iend=3, jstart=0, jend=3, fdist_in=0x0,<span class="Apple-converted-space"> </span><br class=""> fdist_out=0x0) at pair_dist.c:346<br class="">346 NewProgress(&prProgress, LogGetFP(&rLog, LOG_INFO),<br class=""></blockquote><br class="">OK, let me try a little harder :)<br class=""><br class=""> $ # enable debugging symbols and Address Sanitizer<br class=""> $ CFLAGS="-g -fsanitize=address" CXXFLAGS="-g -fsanitize=address" ./configure<br class=""> …<br class=""> $ make clean && make<br class=""> …<br class=""> $ ./src/clustalo -i debian/tests/biopython_testdata/f002 --guidetree-out temp_test.dnd -o temp_test.aln --outfmt clustal --force<br class=""> =================================================================<br class=""> ==30264==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffcfcbf5784 at pc 0x5620f0aa478c bp 0x7ffcfcbf56c0 sp 0x7ffcfcbf56b8<br class=""> WRITE of size 4 at 0x7ffcfcbf5784 thread T0<br class=""> #0 0x5620f0aa478b in PairDistances /home/matthew/clustal-omega-1.2.4/src/clustal/pair_dist.c:336<br class=""> #1 0x5620f0a91d9f in AlignmentOrder /home/matthew/clustal-omega-1.2.4/src/clustal-omega.c:835<br class=""> #2 0x5620f0a95c04 in Align /home/matthew/clustal-omega-1.2.4/src/clustal-omega.c:1221<br class=""> #3 0x5620f0a90d76 in MyMain /home/matthew/clustal-omega-1.2.4/src/mymain.c:1192<br class=""> #4 0x5620f0a88ca2 in main /home/matthew/clustal-omega-1.2.4/src/main.cpp:469<br class=""> #5 0x7f3773d9009a in __libc_start_main ../csu/libc-start.c:308<br class=""> #6 0x5620f0a89ad9 in _start (/home/matthew/clustal-omega-1.2.4/src/clustalo+0x2dad9)<br class=""><br class=""> Address 0x7ffcfcbf5784 is located in stack of thread T0<br class=""> SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow /home/matthew/clustal-omega-1.2.4/src/clustal/pair_dist.c:336 in PairDistances<br class=""> Shadow bytes around the buggy address:<br class=""> 0x10001f976aa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x10001f976ab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x10001f976ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x10001f976ad0: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca<br class=""> 0x10001f976ae0: 04 cb cb cb cb cb cb cb 00 00 00 00 ca ca ca ca<br class=""> =>0x10001f976af0:[04]cb cb cb cb cb cb cb 00 00 00 00 00 00 00 00<br class=""> 0x10001f976b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x10001f976b10: f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2<br class=""> 0x10001f976b20: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2<br class=""> 0x10001f976b30: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x10001f976b40: 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2<br class=""> Shadow byte legend (one shadow byte represents 8 application bytes):<br class=""> Addressable: 00<br class=""> Partially addressable: 01 02 03 04 05 06 07<br class=""> Heap left redzone: fa<br class=""> Freed heap region: fd<br class=""> Stack left redzone: f1<br class=""> Stack mid redzone: f2<br class=""> Stack right redzone: f3<br class=""> Stack after return: f5<br class=""> Stack use after scope: f8<br class=""> Global redzone: f9<br class=""> Global init order: f6<br class=""> Poisoned by user: f7<br class=""> Container overflow: fc<br class=""> Array cookie: ac<br class=""> Intra object redzone: bb<br class=""> ASan internal: fe<br class=""> Left alloca redzone: ca<br class=""> Right alloca redzone: cb<br class=""> ==30264==ABORTING<br class=""><br class="">Looking at line 336 of pair_dist.c, it looks like the bound on the containing loop is wrong. So let’s try adjusting that:<br class=""><br class=""> $ vim src/clustal/pair_dist.c<br class=""> $ git diff src/clustal/pair_dist.c<br class=""> diff --git a/src/clustal/pair_dist.c b/src/clustal/pair_dist.c<br class=""> index e6dbdc3..bb79e61 100644<br class=""> --- a/src/clustal/pair_dist.c<br class=""> +++ b/src/clustal/pair_dist.c<br class=""> @@ -321,7 +321,7 @@ PairDistances(symmatrix_t **distmat, mseq_t *mseq, int pairdist_type, bool bPerc<br class=""><br class=""> /* FIXME: can get rid of iChunkStart, iChunkEnd now that we're using the arrays */<br class=""> iChunkStart = iend;<br class=""> - for(iChunk = 0; iChunk <= iNumberOfThreads; iChunk++)<br class=""> + for(iChunk = 0; iChunk < iNumberOfThreads; iChunk++)<br class=""> {<br class=""> iChunkEnd = iChunkStart;<br class=""> if (iChunk == iNumberOfThreads - 1){<br class=""> $ make<br class=""> …<br class=""> $ ./src/clustalo -i debian/tests/biopython_testdata/f002 --guidetree-out temp_test.dnd -o temp_test.aln --outfmt clustal --force<br class=""> =================================================================<br class=""> ==30601==ERROR: AddressSanitizer: global-buffer-overflow on address 0x561188847864 at pc 0x5611886da6e7 bp 0x7fffe6d77ef0 sp 0x7fffe6d77ee8<br class=""> READ of size 4 at 0x561188847864 thread T0<br class=""> #0 0x5611886da6e6 in FullAlignment::Build(HMM&, Hit&, char*) /home/matthew/clustal-omega-1.2.4/src/hhalign/hhfullalignment-C.h:250<br class=""> #1 0x5611886df3eb in HitList::PrintAlignments(char**, char**, char*, char*, HMM&, char*, char) /home/matthew/clustal-omega-1.2.4/src/hhalign/hhhitlist-C.h:197<br class=""> #2 0x5611886f379b in hhalign /home/matthew/clustal-omega-1.2.4/src/hhalign/hhalign.cpp:1211<br class=""> #3 0x56118863f848 in HHalignWrapper /home/matthew/clustal-omega-1.2.4/src/clustal/hhalign_wrapper.c:1342<br class=""> #4 0x561188637db1 in Align /home/matthew/clustal-omega-1.2.4/src/clustal-omega.c:1250<br class=""> #5 0x561188632d76 in MyMain /home/matthew/clustal-omega-1.2.4/src/mymain.c:1192<br class=""> #6 0x56118862aca2 in main /home/matthew/clustal-omega-1.2.4/src/main.cpp:469<br class=""> #7 0x7f6d857f109a in __libc_start_main ../csu/libc-start.c:308<br class=""> #8 0x56118862bad9 in _start (/home/matthew/clustal-omega-1.2.4/src/clustalo+0x2dad9)<br class=""><br class=""> 0x561188847864 is located 60 bytes to the left of global variable 'Sim' defined in 'hhdecl-C.h:234:7' (0x5611888478a0) of size 1764<br class=""> 0x561188847864 is located 0 bytes to the right of global variable 'S' defined in 'hhdecl-C.h:235:7' (0x561188847180) of size 1764<br class=""> SUMMARY: AddressSanitizer: global-buffer-overflow /home/matthew/clustal-omega-1.2.4/src/hhalign/hhfullalignment-C.h:250 in FullAlignment::Build(HMM&, Hit&, char*)<br class=""> Shadow bytes around the buggy address:<br class=""> 0x0ac2b1100eb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x0ac2b1100ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x0ac2b1100ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x0ac2b1100ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x0ac2b1100ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> =>0x0ac2b1100f00: 00 00 00 00 00 00 00 00 00 00 00 00[04]f9 f9 f9<br class=""> 0x0ac2b1100f10: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x0ac2b1100f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x0ac2b1100f30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x0ac2b1100f40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> 0x0ac2b1100f50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br class=""> Shadow byte legend (one shadow byte represents 8 application bytes):<br class=""> Addressable: 00<br class=""> Partially addressable: 01 02 03 04 05 06 07<br class=""> Heap left redzone: fa<br class=""> Freed heap region: fd<br class=""> Stack left redzone: f1<br class=""> Stack mid redzone: f2<br class=""> Stack right redzone: f3<br class=""> Stack after return: f5<br class=""> Stack use after scope: f8<br class=""> Global redzone: f9<br class=""> Global init order: f6<br class=""> Poisoned by user: f7<br class=""> Container overflow: fc<br class=""> Array cookie: ac<br class=""> Intra object redzone: bb<br class=""> ASan internal: fe<br class=""> Left alloca redzone: ca<br class=""> Right alloca redzone: cb<br class=""> ==30601==ABORTING<br class=""><br class="">Looking at line 250 of hhfullalignment-C.h, we can see it’s reading the array ‘S’ out of bounds here. Someone has helpfully left a debugging line below this, so let’s shuffle it ahead of the faulting access and remove the part where it is also performing the faulting access:<br class=""><br class=""> $ vim src/hhalign/hhfullalignment-C.h<br class=""> $ git diff src/hhalign/hhfullalignment-C.h<br class=""> diff --git a/src/hhalign/hhfullalignment-C.h b/src/hhalign/hhfullalignment-C.h<br class=""> index 8f40fd1..fd759f9 100644<br class=""> --- a/src/hhalign/hhfullalignment-C.h<br class=""> +++ b/src/hhalign/hhfullalignment-C.h<br class=""> @@ -247,8 +247,8 @@ FullAlignment::Build(HMM& q, Hit& hit, char zcError[])<br class=""> char qc=qa->seq[ q.nfirst][ qa->m[ q.nfirst][hit.i[step]] ];<br class=""> char tc=ta->seq[hit.nfirst][ ta->m[hit.nfirst][hit.j[step]] ];<br class=""> if (qc==tc) identities++; // count identical amino acids<br class=""> + fprintf(stderr,"%3i %3i %3i %3i %3i %1c %1c %6.2f %6.2f %6.2f \n",step,hit.nsteps,hit.i[step],hit.j[step],int(state),qc,tc,score_sim,hit.P_posterior[step],hit.sum_of_probs); //DEBUG<br class=""> score_sim += S[(int)aa2i(qc)][(int)aa2i(tc)];<br class=""> - // fprintf(stderr,"%3i %3i %3i %3i %3i %1c %1c %6.2f %6.2f %6.2f %6.2f \n",step,hit.nsteps,hit.i[step],hit.j[step],int(state),qc,tc,S[(int)aa2i(qc)][(int)aa2i(tc)],score_sim,hit.P_posterior[step],hit.sum_of_probs); //DEBUG<br class=""> }<br class=""> }<br class=""><br class=""> $ make<br class=""> …<br class=""> $ ./src/clustalo -i debian/tests/biopython_testdata/f002 --guidetree-out temp_test.dnd -o temp_test.aln --outfmt clustal —force<br class=""> …<br class=""> 28 582 386 559 10 N - 127.25 0.01 2.91<br class=""> =================================================================<br class=""> ==30936==ERROR: AddressSanitizer: global-buffer-overflow on address 0x563d5b2258a4 at pc 0x563d5b0b79e8 bp 0x7ffd269e0e40 sp 0x7ffd269e0e38<br class=""> READ of size 4 at 0x563d5b2258a4 thread T0<br class=""> #0 0x563d5b0b79e7 in FullAlignment::Build(HMM&, Hit&, char*) /home/matthew/clustal-omega-1.2.4/src/hhalign/hhfullalignment-C.h:251<br class=""> …<br class=""><br class="">So the values of qc and tc at this point are 'N' and '-', respectively. This results in an access to S[20][21], which is indeed out of range as S is a 21x21 array. To go further, I think I need some guidance from a domain expert. Is aa2i() ever expected to be called with a value that maps to GAP or ANY? Maybe S is actually meant to be a 22x22 array? Maybe the loop in hhfullalignment-C.h is meant to skip any iteration for which qc or tc map to GAP?<br class=""><br class="">By the way, Andreas, I am doing this debugging on the upstream 1.2.4 release on an x86-64 machine so I still have no certainty that this is related to the root cause of your observed problem on MIPS.<br class=""></blockquote><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Upstream is in the row of this investigation. Its quite interesting</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">that the issue could also observed on amd64. So probably this is a real</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">issue which is just exposed on mipsel. I think just bumping the array</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">boundaries is cheap. If there will be no response from upstream (or</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">somebody else who is comfortable with the algorithm which I'm not) I'll</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">check again on mipsel and in case it will work I'll upload.</span></div></blockquote><br class=""></div><div>Fair enough. While we’re discussing this, here’s another patch for a memory leak that fixes a typoed ifdef and a missing free():</div><div><br class=""></div><div><div> diff --git a/src/squid/clustal.c b/src/squid/clustal.c</div><div> index 650004a..bb1fec8 100644</div><div> --- a/src/squid/clustal.c</div><div> +++ b/src/squid/clustal.c</div><div> @@ -207,7 +207,7 @@ WriteClustal(FILE *fp, MSA *msa)</div><div> int namelen; /* maximum name length used */</div><div> int pos; /* position counter */</div><div> #ifdef CLUSTALO</div><div> - char *buf; /* buffer for writing seq */</div><div> + char *buf = NULL; /* buffer for writing seq */</div><div> int cpl = msa->alen<iWrap ? msa->alen+10 : (iWrap > 0 ? iWrap : 60); /* char per line (< 64) */</div><div> #else</div><div> char buf[80]; /* buffer for writing seq */</div><div> @@ -410,8 +410,9 @@ WriteClustal(FILE *fp, MSA *msa)</div><div> #endif</div><div> }</div><div><br class=""></div><div> -#ifdef CLUSTAL</div><div> +#ifdef CLUSTALO</div><div> free(piResCnt); piResCnt = NULL;</div><div> + free(buf); buf = NULL;</div><div> #endif</div><div><br class=""></div><div> return;</div><div class=""><br class=""></div></div></body></html>