Opened 6 years ago
Closed 5 years ago
#326 closed defect (fixed)
AddressSanitizer: heap-buffer-overflow
Reported by: | fbarbier | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | VTM | Version: | VTM-5.0 |
Keywords: | Cc: | vzakharc, yuwenhe, jvet@… |
Description (last modified by ksuehring)
When building with ASAN, failures may be found.
Please reproduce with the following commands :
git checkout 04d626a060dd0140ae97b7cd0e4efafd0fcf301b cd build cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_CXX_FLAGS="-fsanitize=address" -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address" make -j 8 cd .. ./bin/EncoderAppStaticd --SourceWidth=192 --SourceHeight=192 --InputChromaFormat=420 --InputBitDepth=10 --Profile=next --FrameRate=60 --FramesToBeEncoded=1 --GOPSize=4 '--Frame1=B 1 5 -6.5 0.2590 0 0 1.0 0 0 0 4 4 -1 -5 -9 -13 0' '--Frame2=B 2 4 -6.5 0.2590 0 0 1.0 0 0 0 4 4 -1 -2 -6 -10 1 -1 5 1 1 1 0 1' '--Frame3=B 3 5 -6.5 0.2590 0 0 1.0 0 0 0 4 4 -1 -3 -7 -11 1 -1 5 0 1 1 1 1' '--Frame4=B 4 1 0.0 0.0 0 0 1.0 0 0 0 4 4 -1 -4 -8 -12 1 -1 5 0 1 1 1 1' --FastSearch=2 --LCTUFast=1 --LumaLevelToDeltaQPMode=1 --MaxCUWidth=16 --MaxCUHeight=24 --CTUSize=64 --MaxPartitionDepth=5 --PCMEnabledFlag=1 --SAO=0 --LoopFilterDisable=1 --ALF=1 --DisableIntraInInter=0 --DepQuant=1 --DualITree=0 --LMChroma=1 --TransformSkip=0 --MaxDeltaQP=0 --MTS=3 --IBC=0 --IMV=1 --Affine=1 --AffineType=1 --AffineAmvr=0 --MHIntra=0 --Triangle=1 --MIP=1 --SMVD=0 --SBT=0 --RDPCM=0 -i source.yuv -b encoded.vvc
================================================================= ==3913==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x63100012ba4b at pc 0x000000925935 bp 0x7ffc02255690 sp 0x7ffc02255688 READ of size 16 at 0x63100012ba4b thread T0 ==3913==WARNING: invalid path to external symbolizer! ==3913==WARNING: Failed to use and restart external symbolizer! #0 0x925934 (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0x925934) #1 0xf622b9 (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0xf622b9) #2 0xdc1824 (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0xdc1824) #3 0xb3146b (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0xb3146b) #4 0xb8507d (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0xb8507d) #5 0x53d4d1 (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0x53d4d1) #6 0x6178cc (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0x6178cc) #7 0x7f8714c4109a (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #8 0x4540e9 (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0x4540e9) 0x63100012ba4b is located 3 bytes to the right of 78408-byte region [0x631000118800,0x63100012ba48) allocated by thread T0 here: #0 0x4fcc09 (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0x4fcc09) #1 0x638e31 (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0x638e31) #2 0x630462 (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0x630462) #3 0xf65ef7 (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0xf65ef7) #4 0xdbbf95 (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0xdbbf95) #5 0xb7735c (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0xb7735c) #6 0x53bd15 (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0x53bd15) #7 0x53c626 (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0x53c626) #8 0x6178cc (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0x6178cc) #9 0x7f8714c4109a (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/fredb/projects/vtm/bin/EncoderAppStaticd+0x925934) Shadow bytes around the buggy address: 0x0c628001d6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c628001d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c628001d710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c628001d720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c628001d730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c628001d740: 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa fa 0x0c628001d750: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c628001d760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c628001d770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c628001d780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c628001d790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc
Attachments (2)
Change history (10)
Changed 6 years ago by fbarbier
comment:1 Changed 6 years ago by fbarbier
- Component changed from 360Lib to VTM
- Version set to VVC D5 v8
comment:2 Changed 6 years ago by fbarbier
- Version changed from VVC D5 v8 to VTM-5.0
comment:3 Changed 5 years ago by ksuehring
- Description modified (diff)
comment:4 Changed 5 years ago by ksuehring
comment:5 Changed 5 years ago by fbarbier
Please find another error reported by ASAN (At decoder side) on recent version:
First build a decoder using address sanitizer:
git checkout a5e1873a90f05a2eba9598401b07b12dd291aca4 cd build cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_CXX_FLAGS="-fsanitize=address" -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address" make -j 8 cd .. ./bin/DecoderAppStaticd -b encoded.vvc -o /dev/null
This is the output at runtime :
VVCSoftware: VTM Decoder Version 5.0 [Linux][GCC 8.2.0][64 bit] [SIMD=AVX] ================================================================= ==28477==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000a34 at pc 0x55b3ee1a94f4 bp 0x7ffc52fe2c10 sp 0x7ffc52fe2c08 READ of size 4 at 0x602000000a34 thread T0 #0 0x55b3ee1a94f3 in BrickMap::getBrickIdxBsMap(unsigned int) const /home/fredb/projects/vtm/source/Lib/CommonLib/../CommonLib/Picture.h:212 #1 0x55b3ee1a3c5e in DecLib::xDecodeSlice(InputNALUnit&, int&, int) /home/fredb/projects/vtm/source/Lib/DecoderLib/DecLib.cpp:1352 #2 0x55b3ee1a57b6 in DecLib::decode(InputNALUnit&, int&, int&) /home/fredb/projects/vtm/source/Lib/DecoderLib/DecLib.cpp:1723 #3 0x55b3edde995c in DecApp::decode() /home/fredb/projects/vtm/source/App/DecoderApp/DecApp.cpp:166 #4 0x55b3eddfb62b in main /home/fredb/projects/vtm/source/App/DecoderApp/decmain.cpp:91 #5 0x7ff9ed34b09a in __libc_start_main ../csu/libc-start.c:308 #6 0x55b3edde8ae9 in _start (/home/fredb/projects/vtm/bin/DecoderAppStaticd+0x21cae9) 0x602000000a34 is located 0 bytes to the right of 4-byte region [0x602000000a30,0x602000000a34) allocated by thread T0 here: #0 0x7ff9ed947f40 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xeaf40) #1 0x55b3ede2c8c0 in BrickMap::create(SPS const&, PPS const&) /home/fredb/projects/vtm/source/Lib/CommonLib/Picture.cpp:754 #2 0x55b3ede33cfe in Picture::finalInit(SPS const&, PPS const&, APS**, APS&) /home/fredb/projects/vtm/source/Lib/CommonLib/Picture.cpp:1262 #3 0x55b3ee19eed7 in DecLib::xActivateParameterSets() /home/fredb/projects/vtm/source/Lib/DecoderLib/DecLib.cpp:887 #4 0x55b3ee1a35d3 in DecLib::xDecodeSlice(InputNALUnit&, int&, int) /home/fredb/projects/vtm/source/Lib/DecoderLib/DecLib.cpp:1308 #5 0x55b3ee1a57b6 in DecLib::decode(InputNALUnit&, int&, int&) /home/fredb/projects/vtm/source/Lib/DecoderLib/DecLib.cpp:1723 #6 0x55b3edde995c in DecApp::decode() /home/fredb/projects/vtm/source/App/DecoderApp/DecApp.cpp:166 #7 0x55b3eddfb62b in main /home/fredb/projects/vtm/source/App/DecoderApp/decmain.cpp:91 #8 0x7ff9ed34b09a in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/fredb/projects/vtm/source/Lib/CommonLib/../CommonLib/Picture.h:212 in BrickMap::getBrickIdxBsMap(unsigned int) const Shadow bytes around the buggy address: 0x0c047fff80f0: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa fd fa 0x0c047fff8100: fa fa fd fa fa fa 04 fa fa fa 04 fa fa fa fd fa 0x0c047fff8110: fa fa 04 fa fa fa 00 fa fa fa fd fa fa fa fd fa 0x0c047fff8120: fa fa fd fa fa fa fd fa fa fa fd fd fa fa 04 fa 0x0c047fff8130: fa fa 04 fa fa fa 04 fa fa fa 00 fa fa fa 00 fa =>0x0c047fff8140: fa fa 04 fa fa fa[04]fa fa fa 00 fa fa fa 00 fa 0x0c047fff8150: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa 0x0c047fff8160: fa fa 04 fa fa fa 04 fa fa fa 04 fa fa fa 04 fa 0x0c047fff8170: fa fa 04 fa fa fa 04 fa fa fa 04 fa fa fa 04 fa 0x0c047fff8180: fa fa 04 fa fa fa 04 fa fa fa 04 fa fa fa 04 fa 0x0c047fff8190: fa fa 04 fa fa fa 04 fa fa fa 04 fa fa fa 04 fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==28477==ABORTING
Changed 5 years ago by fbarbier
comment:6 Changed 5 years ago by ksuehring
The fix for accessing BrickMap::getBrickIdxBsMap was submitted as
https://vcgit.hhi.fraunhofer.de/jvet/VVCSoftware_VTM/merge_requests/780
comment:7 Changed 5 years ago by fbarbier
Thanks Karsten ! its ok now.
comment:8 Changed 5 years ago by fbarbier
- Resolution set to fixed
- Status changed from new to closed
Note: See TracTickets for help on using tickets.
Seems to be ALF SIMD code
Note: this log is from 30e73fc, which is the last hash in master before merging JVET-M0128. After that the command line needs to be changed with updated GOP parameters.