faust icon indicating copy to clipboard operation
faust copied to clipboard

Published 20 hours ago verified publisher icon grame-cncm

AddressSanitizer: SEGV on unknown address 0x000000000000

Open elManto opened this issue 4 years ago • 4 comments

I found an input that results in a null pointer deref. In my current setup, I compiled faust with clang-13 and asan. To reproduce:

./faust -o /tmp/out

where input is the file that I'm attaching here crash.tar.gz

Here you can find the stack trace along with the asan report:

AddressSanitizer:DEADLYSIGNAL

==2408450==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000119f9ea bp 0x7fffffff6970 sp 0x7fffffff66e0 T0) ==2408450==The signal is caused by a READ memory access. ==2408450==Hint: address points to the zero page. #0 0x119f9ea in isNum(CTree* const&, num&) /home/elmanto/mnt/output/faust-ddg/compiler/signals/signals.hh:266:18 #1 0x119f9ea in SinPrim::computeSigOutput(std::vector<CTree*, std::allocator<CTree*> > const&) /home/elmanto/mnt/output/faust-ddg/compiler/extended/sinprim.hh:49:13 #2 0x12be141 in simplification(CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/normalize/simplify.cpp:98:24 #3 0x12b95b5 in traced_simplification(CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/normalize/simplify.cpp:59:14 #4 0x12b95b5 in sigMap(CTree*, CTree* ()(CTree), CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/normalize/simplify.cpp:235:19 #5 0x12b8de3 in sigMap(CTree*, CTree* ()(CTree), CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/normalize/simplify.cpp:230:26 #6 0x12b8de3 in sigMap(CTree*, CTree* ()(CTree), CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/normalize/simplify.cpp:230:26 #7 0x12b8de3 in sigMap(CTree*, CTree* ()(CTree), CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/normalize/simplify.cpp:230:26 #8 0x12b8de3 in sigMap(CTree*, CTree* ()(CTree), CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/normalize/simplify.cpp:230:26 #9 0x12b8de3 in sigMap(CTree*, CTree* ()(CTree), CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/normalize/simplify.cpp:230:26 #10 0xff4a71 in InstructionsCompiler::prepare(CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/generator/instructions_compiler.cpp:251:15 #11 0xffd09d in InstructionsCompiler::compileMultiSignal(CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/generator/instructions_compiler.cpp:488:9 #12 0x12757c4 in generateCode(CTree*, int, int, bool) /home/elmanto/mnt/output/faust-ddg/compiler/libcode.cpp:1590:23 #13 0x121a377 in compileFaustFactoryAux(int, char const**, char const*, char const*, bool) /home/elmanto/mnt/output/faust-ddg/compiler/libcode.cpp:2028:5 #14 0x1216183 in compileFaustFactory(int, char const**, char const*, char const*, std::__cxx11::basic_string<char, std::char_traits, std::allocator >&, bool) /home/elmanto/mnt/output/faust-ddg/compiler/libcode.cpp:2048:9 #15 0x128fc8e in main /home/elmanto/mnt/output/faust-ddg/compiler/main.cpp:45:33 #16 0x7ffff7a6b0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 #17 0x9fb6ad in _start (/home/elmanto/mnt/output/faust-ddg/build/bin/faust+0x9fb6ad)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/elmanto/mnt/output/faust-ddg/compiler/signals/signals.hh:266:18 in isNum(CTree* const&, num&)

elManto avatar Jun 24 '21 09:06 elManto

Known problem see https://github.com/grame-cncm/faust/issues/482, @orlarey how complex would it be to fix this one?

sletz avatar Jun 24 '21 09:06 sletz

BTW, I found another segmentation fault. It seems unreported so I attach it here. Sorry if it was already reported by anyone else before. Same steps as before. I attach the triggering input crash_2.tar.gz crash_2.tar.gz

==2437628==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000c98eef bp 0x7ffff43f13b0 sp 0x7ffff43f12a0 T1) ==2437628==The signal is caused by a READ memory access.
==2437628==Hint: address points to the zero page.
#0 0xc98eef in CTree::branch(int) const /home/elmanto/mnt/output/faust-ddg/compiler/tlib/tree.hh:146:46
#1 0xc98eef in searchIdDef(CTree*, CTree*&, CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/evaluate/environment.cpp:155:22 #2 0x1340518 in apply_pattern_matcher(Automaton*, int, CTree*, CTree*&, std::vector<CTree*, std::allocator<CTree*> >&) /home/elmanto/mnt/output/faust-ddg/compiler/patternmatcher/patternmatcher.cpp:709:21 #3 0xca48ab in applyList(CTree*, CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/evaluate/eval.cpp:1079:18 #4 0xca63c2 in applyList(CTree*, CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/evaluate/eval.cpp:1083:20
#5 0xca63c2 in applyList(CTree*, CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/evaluate/eval.cpp:1083:20
#6 0xcb4be0 in realeval(CTree*, CTree*, CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/evaluate/eval.cpp:529:16 #7 0xc9c457 in eval(CTree*, CTree*, CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/evaluate/eval.cpp:294:18 #8 0xcaf19b in realeval(CTree*, CTree*, CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/evaluate/eval.cpp
#9 0xc9c457 in eval(CTree*, CTree*, CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/evaluate/eval.cpp:294:18
#10 0xcb4431 in evalIdDef(CTree*, CTree*, CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/evaluate/eval.cpp:1272:12 #11 0xcb4431 in realeval(CTree*, CTree*, CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/evaluate/eval.cpp:522:16 #12 0xc9c457 in eval(CTree*, CTree*, CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/evaluate/eval.cpp:294:18
#13 0xc9b4a2 in evalprocess(CTree*) /home/elmanto/mnt/output/faust-ddg/compiler/evaluate/eval.cpp:98:19
#14 0x126783d in evaluateBlockDiagram(CTree*, int&, int&) /home/elmanto/mnt/output/faust-ddg/compiler/libcode.cpp:1190:20 #15 0x126783d in threadEvaluateBlockDiagram(void*) /home/elmanto/mnt/output/faust-ddg/compiler/libcode.cpp:218:13 #16 0x7ffff7f9e608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
#17 0x7ffff7b66292 in __clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/elmanto/mnt/output/faust-ddg/compiler/tlib/tree.hh:146:46 in CTree::branch(int) const Thread T1 created by T0 here:
#0 0xa635bc in __interceptor_pthread_create (/home/elmanto/mnt/output/faust-ddg/build/bin/faust+0xa635bc)
#1 0x1266546 in callFun(void* ()(void)) /home/elmanto/mnt/output/faust-ddg/compiler/libcode.cpp:207:5
#2 0x12194c3 in compileFaustFactoryAux(int, char const**, char const*, char const*, bool) /home/elmanto/mnt/output/faust-ddg/compiler/libcode.cpp:1975:5 #3 0x1216183 in compileFaustFactory(int, char const**, char const*, char const*, std::__cxx11::basic_string<char, std::char_traits, std::allocator >&, bool) /home/elmanto/mnt/output/faust-ddg/compiler/libcode.cpp:2048:9 #4 0x128fc8e in main /home/elmanto/mnt/output/faust-ddg/compiler/main.cpp:45:33 #5 0x7ffff7a6b0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16

elManto avatar Jun 24 '21 13:06 elManto

Thanks for reporting. This one is new AFAICS. I've just added a faustassert to prevent the crash here https://github.com/grame-cncm/faust/commit/a80faae7cf16ac5b0ceecd16a075f5a390086c5e. @orlarey any idea on how to fix this one?

sletz avatar Jun 24 '21 13:06 sletz

No worries, thanks for the prompt reaction

elManto avatar Jun 24 '21 13:06 elManto