minimap2-rs icon indicating copy to clipboard operation
minimap2-rs copied to clipboard

Published 20 hours ago verified publisher icon jguhlin

Test crashes with strlen out of bounds

Open riking opened this issue 1 year ago • 2 comments

https://asan.saethlin.dev/ub?crate=minimap2&version=0.1.14%2Bminimap2.2.26

==15122==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55f1867e33ba at pc 0x55f184e15219 bp 0x7feb520f2f60 sp 0x7feb520f2728
READ of size 283 at 0x55f1867e33ba thread T31
    #0 0x55f184e15218 in strlen /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:390:5
    #1 0x55f18614e561 in mm_gen_cs_or_MD /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/minimap2-sys-0.1.16+minimap2.2.26/minimap2/format.c:257:12
    #2 0x55f18614e5f8 in mm_gen_cs /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/minimap2-sys-0.1.16+minimap2.2.26/minimap2/format.c:267:9
    #3 0x55f184edf3a6 in minimap2::Aligner::map::_$u7b$$u7b$closure$u7d$$u7d$::h3879092ea6376982 /build/src/lib.rs:855:47
    #4 0x55f184fc20ae in std::thread::local::LocalKey$LT$T$GT$::try_with::h7ea5e2dc25eae48b /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/thread/local.rs:270:16
    #5 0x55f184fc1898 in std::thread::local::LocalKey$LT$T$GT$::with::h459cc2834367141f /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/thread/local.rs:246:9
    #6 0x55f184edaff8 in minimap2::Aligner::map::h940d1c1cad537840 /build/src/lib.rs:730:24
    #7 0x55f184f0ae02 in minimap2::tests::test_with_seq::h31259bedac3a1160 /build/src/lib.rs:1447:26
    #8 0x55f184f07302 in minimap2::tests::test_with_seq::_$u7b$$u7b$closure$u7d$$u7d$::h55458511ac88f5d2 /build/src/lib.rs:1390:23

0x55f1867e33ba is located 0 bytes after global variable 'alloc_7a0bf1e77a764740263fa9b06d2613ae' defined in 'minimap2.c8f59fa16f813271-cgu.03' (0x55f1867e32a0) of size 282
SUMMARY: AddressSanitizer: global-buffer-overflow /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:390:5 in strlen
Shadow bytes around the buggy address:
  0x55f1867e3100: 00 00 00 00 00 00 00 00 00 00 00 01 f9 f9 f9 f9
  0x55f1867e3180: 00 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 00
  0x55f1867e3200: 01 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 00 00 00 05
  0x55f1867e3280: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x55f1867e3300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x55f1867e3380: 00 00 00 00 00 00 00[02]f9 f9 f9 f9 f9 f9 f9 f9
  0x55f1867e3400: 04 f9 f9 f9 00 f9 f9 f9 00 00 00 05 f9 f9 f9 f9
  0x55f1867e3480: 00 00 03 f9 f9 f9 f9 f9 00 00 02 f9 f9 f9 f9 f9
  0x55f1867e3500: 00 05 f9 f9 00 00 00 f9 f9 f9 f9 f9 00 07 f9 f9
  0x55f1867e3580: 00 04 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 01 f9 f9
  0x55f1867e3600: 00 06 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 07
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb

Thread T31 created by T0 here:
    #0 0x55f184e7139d in pthread_create /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:237:3
...
    #5 0x55f185049e23 in test::run_tests::he583ee2920920d88 /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/test/src/lib.rs:387:31
    #6 0x55f18520ec7e in test::console::run_tests_console::ha1474cb5b5e5b63c /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/test/src/console.rs:329:5
    #7 0x55f1850442df in test::test_main::he18bcb9d69a13aae /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/test/src/lib.rs:143:15
    #8 0x55f18504626c in test::test_main_static::h1f6363b0368f7808 /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/test/src/lib.rs:162:5
    #9 0x55f184ee86e2 in minimap2::main::he4d6d65aca247990 /build/src/lib.rs:1:1

riking avatar Feb 27 '24 22:02 riking

How are you getting miri to run without complaining about FFI?

Also, hard to read these logs but looks like the error is in the C implementation, which I can't fix. :/ but going to dig in and see what I can do

jguhlin avatar Mar 12 '24 19:03 jguhlin

I believe it's -Zdisable-isolation or something like that?

You're probably passing a non null terminated string.

riking avatar Mar 13 '24 01:03 riking