Bug#869794: linbox: testsuite fails if ASan is enabled
James Cowgill
jcowgill at debian.org
Wed Jul 26 13:39:22 UTC 2017
Source: linbox
Version: 1.4.2-4
Severity: normal
Hi,
Building the package with address sanitizer enabled triggers a buffer
overflow in the test-rank-md testcase and memory leaks in the
test-regression test case.
This can be reproduced by using DEB_BUILD_OPTIONS="sanitize=+address"
Log:
> PASS: test-commentator
> PASS: test-det
> PASS: test-frobenius
> PASS: test-rational-solver
> PASS: test-rational-solver-adaptive
> PASS: test-rank-u32
> PASS: test-rank-Int
> /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security ../linbox/liblinbox.la -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp -o test-rank-md test-rank-md.o -lntl -lmpfr -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp
> libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp -o .libs/test-rank-md test-rank-md.o -fopenmp -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp ../linbox/.libs/liblinbox.so -lntl -lmpfr -liml -lblas -llapack -lgivaro -lgmpxx -lgmp -fopenmp
> PASS: test-cra
> FAIL: test-rank-md
> /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security ../linbox/liblinbox.la -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp -o test-ntl-lzz_pex test-ntl-lzz_pex.o -lntl -lmpfr -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp
> libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp -o .libs/test-ntl-lzz_pex test-ntl-lzz_pex.o -fopenmp -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp ../linbox/.libs/liblinbox.so -lntl -lmpfr -liml -lblas -llapack -lgivaro -lgmpxx -lgmp -fopenmp
> /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security ../linbox/liblinbox.la -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp -o test-charpoly test-charpoly.o -lntl -lmpfr -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp
> PASS: test-ntl-lzz_pex
> libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp -o .libs/test-charpoly test-charpoly.o -fopenmp -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp ../linbox/.libs/liblinbox.so -lntl -lmpfr -liml -lblas -llapack -lgivaro -lgmpxx -lgmp -fopenmp
> PASS: test-charpoly
> /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security ../linbox/liblinbox.la -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp -o test-toeplitz-det test-toeplitz-det.o -lntl -lmpfr -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp
> libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp -o .libs/test-toeplitz-det test-toeplitz-det.o -fopenmp -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp ../linbox/.libs/liblinbox.so -lntl -lmpfr -liml -lblas -llapack -lgivaro -lgmpxx -lgmp -fopenmp
> PASS: test-toeplitz-det
> /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security ../linbox/liblinbox.la -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp -o test-blas-matrix test-blas-matrix.o -lntl -lmpfr -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp
> libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp -o .libs/test-blas-matrix test-blas-matrix.o -fopenmp -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp ../linbox/.libs/liblinbox.so -lntl -lmpfr -liml -lblas -llapack -lgivaro -lgmpxx -lgmp -fopenmp
> PASS: test-blas-matrix
> /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security ../linbox/liblinbox.la -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp -o test-regression test-regression.o -lntl -lmpfr -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp
> libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp -o .libs/test-regression test-regression.o -fopenmp -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp ../linbox/.libs/liblinbox.so -lntl -lmpfr -liml -lblas -llapack -lgivaro -lgmpxx -lgmp -fopenmp
> FAIL: test-regression
> /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security ../linbox/liblinbox.la -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp -o test-solve test-solve.o -lntl -lmpfr -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp
> libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp -o .libs/test-solve test-solve.o -fopenmp -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp ../linbox/.libs/liblinbox.so -lntl -lmpfr -liml -lblas -llapack -lgivaro -lgmpxx -lgmp -fopenmp
> PASS: test-solve
> ========================================
> LinBox 1.4.2: tests/test-suite.log
> ========================================
>
> # TOTAL: 15
> # PASS: 13
> # SKIP: 0
> # XFAIL: 0
> # FAIL: 2
> # XPASS: 0
> # ERROR: 0
>
> .. contents:: :depth: 2
>
> FAIL: test-rank-md
> ==================
>
> =================================================================
> ==30055==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60f00000f000 at pc 0x565091814c09 bp 0x7ffe133b3230 sp 0x7ffe133b3228
> READ of size 8 at 0x60f00000f000 thread T0
> #0 0x565091814c08 in std::vector<double, std::allocator<double> >::size() const /usr/include/c++/6/bits/stl_vector.h:656
> #1 0x565091814c08 in LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR>::IndexedBegin() const ../linbox/matrix/sparsematrix/sparse-csr-matrix.h:1388
> #2 0x565091814c08 in void LinBox::BlasMatrix<Givaro::Modular<double, double>, std::vector<double, std::allocator<double> > >::createBlasMatrix<LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR> >(LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR> const&, LinBox::MatrixContainerCategory::Container) ../linbox/matrix/densematrix/blas-matrix.inl:116
> #3 0x5650918d9e4a in LinBox::BlasMatrix<Givaro::Modular<double, double>, std::vector<double, std::allocator<double> > >::BlasMatrix<LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR> >(LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR> const&) ../linbox/matrix/densematrix/blas-matrix.inl:325
> #4 0x5650918d9e4a in unsigned long& LinBox::rank<LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR> >(unsigned long&, LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR> const&, LinBox::RingCategories::ModularTag const&, LinBox::BlasEliminationTraits const&) ../linbox/solutions/rank.inl:444
> #5 0x5650918d9e4a in unsigned long& LinBox::rank<LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR>, LinBox::BlasEliminationTraits>(unsigned long&, LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR> const&, LinBox::BlasEliminationTraits const&) ../linbox/solutions/rank.h:112
> #6 0x5650918d9e4a in bool testRankMethods<LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR> >(LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR>::Field const&, unsigned long, unsigned long, unsigned int, double) tests/test-rank.h:137
> #7 0x5650917d6003 in bool testSparseRank<Givaro::Modular<double, double> >(Givaro::Modular<double, double> const&, unsigned long const&, unsigned long, unsigned long const&, double const&) tests/test-rank.h:335
> #8 0x5650917d6003 in main tests/test-rank-md.C:69
> #9 0x7f77eff902b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
> #10 0x5650917d6299 in _start (/tmp/linbox/linbox-1.4.2/tests/.libs/test-rank-md+0x21299)
>
> 0x60f00000f000 is located 0 bytes to the right of 176-byte region [0x60f00000ef50,0x60f00000f000)
> allocated by thread T0 here:
> #0 0x7f77f2da4bc0 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2bc0)
> #1 0x5650918d8a9c in __gnu_cxx::new_allocator<unsigned long>::allocate(unsigned long, void const*) /usr/include/c++/6/ext/new_allocator.h:104
> #2 0x5650918d8a9c in std::allocator_traits<std::allocator<unsigned long> >::allocate(std::allocator<unsigned long>&, unsigned long) /usr/include/c++/6/bits/alloc_traits.h:436
> #3 0x5650918d8a9c in std::_Vector_base<unsigned long, std::allocator<unsigned long> >::_M_allocate(unsigned long) /usr/include/c++/6/bits/stl_vector.h:170
> #4 0x5650918d8a9c in std::_Vector_base<unsigned long, std::allocator<unsigned long> >::_M_create_storage(unsigned long) /usr/include/c++/6/bits/stl_vector.h:185
> #5 0x5650918d8a9c in std::_Vector_base<unsigned long, std::allocator<unsigned long> >::_Vector_base(unsigned long, std::allocator<unsigned long> const&) /usr/include/c++/6/bits/stl_vector.h:136
> #6 0x5650918d8a9c in std::vector<unsigned long, std::allocator<unsigned long> >::vector(unsigned long, unsigned long const&, std::allocator<unsigned long> const&) /usr/include/c++/6/bits/stl_vector.h:293
> #7 0x5650918d8a9c in LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR>::SparseMatrix<LinBox::RandomSparseStream<Givaro::Modular<double, double>, std::vector<std::pair<unsigned long, double>, std::allocator<std::pair<unsigned long, double> > >, Givaro::ModularRandIter<Givaro::Modular<double, double> >, LinBox::VectorCategories::SparseSequenceVectorTag> >(Givaro::Modular<double, double> const&, LinBox::RandomSparseStream<Givaro::Modular<double, double>, std::vector<std::pair<unsigned long, double>, std::allocator<std::pair<unsigned long, double> > >, Givaro::ModularRandIter<Givaro::Modular<double, double> >, LinBox::VectorCategories::SparseSequenceVectorTag>&) ../linbox/matrix/sparsematrix/sparse-csr-matrix.h:304
> #8 0x5650918d8a9c in bool testRankMethods<LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR> >(LinBox::SparseMatrix<Givaro::Modular<double, double>, LinBox::SparseMatrixFormat::CSR>::Field const&, unsigned long, unsigned long, unsigned int, double) tests/test-rank.h:93
> #9 0x5650917d6003 in bool testSparseRank<Givaro::Modular<double, double> >(Givaro::Modular<double, double> const&, unsigned long const&, unsigned long, unsigned long const&, double const&) tests/test-rank.h:335
> #10 0x5650917d6003 in main tests/test-rank-md.C:69
> #11 0x7f77eff902b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
>
> SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/include/c++/6/bits/stl_vector.h:656 in std::vector<double, std::allocator<double> >::size() const
> Shadow bytes around the buggy address:
> 0x0c1e7fff9db0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 0x0c1e7fff9dc0: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
> 0x0c1e7fff9dd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 0x0c1e7fff9de0: fd fa fa fa fa fa fa fa fa fa 00 00 00 00 00 00
> 0x0c1e7fff9df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> =>0x0c1e7fff9e00:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c1e7fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c1e7fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c1e7fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c1e7fff9e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c1e7fff9e50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
> Addressable: 00
> Partially addressable: 01 02 03 04 05 06 07
> Heap left redzone: fa
> Heap right redzone: fb
> Freed heap region: fd
> Stack left redzone: f1
> Stack mid redzone: f2
> Stack right redzone: f3
> Stack partial redzone: f4
> Stack after return: f5
> Stack use after scope: f8
> Global redzone: f9
> Global init order: f6
> Poisoned by user: f7
> Container overflow: fc
> Array cookie: ac
> Intra object redzone: bb
> ASan internal: fe
> Left alloca redzone: ca
> Right alloca redzone: cb
> ==30055==ABORTING
> FAIL test-rank-md (exit status: 1)
>
> FAIL: test-regression
> =====================
>
>
> =================================================================
> ==30601==ERROR: LeakSanitizer: detected memory leaks
>
> Direct leak of 120 byte(s) in 1 object(s) allocated from:
> #0 0x7ff37cbecd40 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2d40)
> #1 0x5577a445e5ed in testSolveSparseSage() tests/test-regression.C:74
> #2 0x5577a44359b4 in main tests/test-regression.C:122
> #3 0x7ff379dd82b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
>
> Direct leak of 12 byte(s) in 1 object(s) allocated from:
> #0 0x7ff37cbecd40 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2d40)
> #1 0x5577a445e705 in testSolveSparseSage() tests/test-regression.C:84
> #2 0x5577a44359b4 in main tests/test-regression.C:122
> #3 0x7ff379dd82b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
>
> Indirect leak of 72 byte(s) in 3 object(s) allocated from:
> #0 0x7ff37cbecd40 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2d40)
> #1 0x5577a445e632 in testSolveSparseSage() tests/test-regression.C:78
> #2 0x5577a44359b4 in main tests/test-regression.C:122
> #3 0x7ff379dd82b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
>
> Indirect leak of 36 byte(s) in 3 object(s) allocated from:
> #0 0x7ff37cbecd40 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2d40)
> #1 0x5577a445e60c in testSolveSparseSage() tests/test-regression.C:77
> #2 0x5577a44359b4 in main tests/test-regression.C:122
> #3 0x7ff379dd82b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
>
> SUMMARY: AddressSanitizer: 240 byte(s) leaked in 8 allocation(s).
> FAIL test-regression (exit status: 1)
>
> ============================================================================
> Testsuite summary for LinBox 1.4.2
> ============================================================================
> # TOTAL: 15
> # PASS: 13
> # SKIP: 0
> # XFAIL: 0
> # FAIL: 2
> # XPASS: 0
> # ERROR: 0
> ============================================================================
> See tests/test-suite.log
> Please report to linbox-use at googlegroups.com
> ============================================================================
Thanks,
James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20170726/6ba84d60/attachment-0001.sig>
More information about the debian-science-maintainers
mailing list