Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
Impala 3.2.0
-
ghx-label-8
Description
The llvm-codegen-test backend test is failing under ASAN with the following output:
18:12:34 [ RUN ] LlvmCodeGenTest.StringValue 18:12:34 ================================================================= 18:12:34 ==124917==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc0f39e86c at pc 0x0000017ea479 bp 0x7ffc0f39e550 sp 0x7ffc0f39e548 18:12:34 READ of size 4 at 0x7ffc0f39e86c thread T0 18:12:34 #0 0x17ea478 in testing::AssertionResult testing::internal::CmpHelperEQ<int, int>(char const*, char const*, int const&, int const&) /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/gtest-1.6.0/include/gtest/gtest.h:1316:19 18:12:34 #1 0x17d3a8d in _ZN7testing8internal8EqHelperILb1EE7CompareIiiEENS_15AssertionResultEPKcS6_RKT_RKT0_PNS0_8EnableIfIXntsr10is_pointerISA_EE5valueEE4typeE /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/gtest-1.6.0/include/gtest/gtest.h:1392:12 18:12:34 #2 0x17c656b in impala::LlvmCodeGenTest_StringValue_Test::TestBody() /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/codegen/llvm-codegen-test.cc:379:3 18:12:34 #3 0x4d55af2 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/data0/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/codegen/llvm-codegen-test+0x4d55af2) 18:12:34 #4 0x4d4c669 in testing::Test::Run() (/data0/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/codegen/llvm-codegen-test+0x4d4c669) 18:12:34 #5 0x4d4c7b7 in testing::TestInfo::Run() (/data0/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/codegen/llvm-codegen-test+0x4d4c7b7) 18:12:34 #6 0x4d4c894 in testing::TestCase::Run() (/data0/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/codegen/llvm-codegen-test+0x4d4c894) 18:12:34 #7 0x4d4db17 in testing::internal::UnitTestImpl::RunAllTests() (/data0/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/codegen/llvm-codegen-test+0x4d4db17) 18:12:34 #8 0x4d4ddf2 in testing::UnitTest::Run() (/data0/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/codegen/llvm-codegen-test+0x4d4ddf2) 18:12:34 #9 0x17ce16e in main /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/codegen/llvm-codegen-test.cc:569:10 18:12:34 #10 0x7fc221bd5c04 in __libc_start_main (/lib64/libc.so.6+0x21c04) 18:12:34 #11 0x16b63c6 in _start (/data0/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/codegen/llvm-codegen-test+0x16b63c6) 18:12:34 18:12:34 Address 0x7ffc0f39e86c is located in stack of thread T0 at offset 492 in frame 18:12:34 #0 0x17c567f in impala::LlvmCodeGenTest_StringValue_Test::TestBody() /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/codegen/llvm-codegen-test.cc:343 18:12:34 18:12:34 This frame has 57 object(s): 18:12:34 [32, 40) 'codegen' (line 344) 18:12:34 [64, 72) 'ref.tmp' (line 345) 18:12:34 [96, 104) 'ref.tmp2' (line 345) 18:12:34 [128, 129) 'ref.tmp3' (line 345) 18:12:34 [144, 160) 'gtest_ar_' (line 345) 18:12:34 [176, 184) 'temp.lvalue' 18:12:34 [208, 216) 'ref.tmp6' (line 345) 18:12:34 [240, 248) 'temp.lvalue8' 18:12:34 [272, 288) 'ref.tmp9' (line 345) 18:12:34 [304, 320) 'gtest_ar_12' (line 346) 18:12:34 [336, 344) 'ref.tmp15' (line 346) 18:12:34 [368, 376) 'temp.lvalue16' 18:12:34 [400, 416) 'ref.tmp17' (line 346) 18:12:34 [432, 440) 'str' (line 348) 18:12:34 [464, 465) 'ref.tmp19' (line 348) 18:12:34 [480, 492) 'str_val' (line 350) <== Memory access at offset 492 overflows this variable 18:12:34 [512, 528) 'gtest_ar_24' (line 357) 18:12:34 [544, 552) 'ref.tmp27' (line 357) 18:12:34 [576, 584) 'temp.lvalue28' 18:12:34 [608, 624) 'ref.tmp29' (line 357) 18:12:34 [640, 648) 'jitted_fn' (line 360) 18:12:34 [672, 680) 'ref.tmp33' (line 362) 18:12:34 [704, 720) 'gtest_ar_35' (line 362) 18:12:34 [736, 744) 'temp.lvalue38' 18:12:34 [768, 776) 'ref.tmp40' (line 362) 18:12:34 [800, 808) 'temp.lvalue42' 18:12:34 [832, 848) 'ref.tmp43' (line 362) 18:12:34 [864, 880) 'gtest_ar_47' (line 363) 18:12:34 [896, 904) 'ref.tmp50' (line 363) 18:12:34 [928, 936) 'temp.lvalue51' 18:12:34 [960, 976) 'ref.tmp52' (line 363) 18:12:34 [992, 996) 'result' (line 368) 18:12:34 [1008, 1024) 'gtest_ar' (line 371) 18:12:34 [1040, 1048) 'ref.tmp56' (line 371) 18:12:34 [1072, 1080) 'ref.tmp59' (line 371) 18:12:34 [1104, 1112) 'temp.lvalue60' 18:12:34 [1136, 1152) 'gtest_ar62' (line 372) 18:12:34 [1168, 1169) 'ref.tmp63' (line 372) 18:12:34 [1184, 1192) 'ref.tmp66' (line 372) 18:12:34 [1216, 1224) 'temp.lvalue67' 18:12:34 [1248, 1264) 'gtest_ar69' (line 373) 18:12:34 [1280, 1284) 'ref.tmp70' (line 373) 18:12:34 [1296, 1304) 'ref.tmp73' (line 373) 18:12:34 [1328, 1336) 'temp.lvalue74' 18:12:34 [1360, 1376) 'gtest_ar76' (line 374) 18:12:34 [1392, 1400) 'ref.tmp77' (line 374) 18:12:34 [1424, 1432) 'ref.tmp79' (line 374) 18:12:34 [1456, 1464) 'ref.tmp82' (line 374) 18:12:34 [1488, 1496) 'temp.lvalue83' 18:12:34 [1520, 1536) 'gtest_ar85' (line 378) 18:12:34 [1552, 1556) 'ref.tmp86' (line 378) 18:12:34 [1568, 1576) 'ref.tmp89' (line 378) 18:12:34 [1600, 1608) 'temp.lvalue90' 18:12:34 [1632, 1648) 'gtest_ar92' (line 379) 18:12:34 [1664, 1668) 'ref.tmp93' (line 379) 18:12:34 [1680, 1688) 'ref.tmp96' (line 379) 18:12:34 [1712, 1720) 'temp.lvalue97' 18:12:34 HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext 18:12:34 (longjmp and C++ exceptions *are* supported) 18:12:34 SUMMARY: AddressSanitizer: stack-buffer-overflow /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/gtest-1.6.0/include/gtest/gtest.h:1316:19 in testing::AssertionResult testing::internal::CmpHelperEQ<int, int>(char const*, char const*, int const&, int const&) 18:12:34 Shadow bytes around the buggy address: 18:12:34 0x100001e6bcb0: f8 f8 f2 f2 f8 f8 f3 f3 00 00 00 00 00 00 00 00 18:12:34 0x100001e6bcc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18:12:34 0x100001e6bcd0: f1 f1 f1 f1 00 f2 f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 18:12:34 0x100001e6bce0: f8 f2 f8 f8 f2 f2 00 f2 f2 f2 f8 f2 f2 f2 00 f2 18:12:34 0x100001e6bcf0: f2 f2 f8 f8 f2 f2 f8 f8 f2 f2 f8 f2 f2 f2 00 f2 18:12:34 =>0x100001e6bd00: f2 f2 f8 f8 f2 f2 00 f2 f2 f2 f8 f2 00[04]f2 f2 18:12:34 0x100001e6bd10: f8 f8 f2 f2 f8 f2 f2 f2 00 f2 f2 f2 f8 f8 f2 f2 18:12:34 0x100001e6bd20: 00 f2 f2 f2 f8 f2 f2 f2 f8 f8 f2 f2 00 f2 f2 f2 18:12:34 0x100001e6bd30: f8 f2 f2 f2 00 f2 f2 f2 f8 f8 f2 f2 f8 f8 f2 f2 18:12:34 0x100001e6bd40: f8 f2 f2 f2 00 f2 f2 f2 f8 f8 f2 f2 04 f2 f8 f8 18:12:34 0x100001e6bd50: f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 00 f2 f2 f2 f8 f8 18:12:34 Shadow byte legend (one shadow byte represents 8 application bytes): 18:12:34 Addressable: 00 18:12:34 Partially addressable: 01 02 03 04 05 06 07 18:12:34 Heap left redzone: fa 18:12:34 Freed heap region: fd 18:12:34 Stack left redzone: f1 18:12:34 Stack mid redzone: f2 18:12:34 Stack right redzone: f3 18:12:34 Stack after return: f5 18:12:34 Stack use after scope: f8 18:12:34 Global redzone: f9 18:12:34 Global init order: f6 18:12:34 Poisoned by user: f7 18:12:34 Container overflow: fc 18:12:34 Array cookie: ac 18:12:34 Intra object redzone: bb 18:12:34 ASan internal: fe 18:12:34 Left alloca redzone: ca 18:12:34 Right alloca redzone: cb 18:12:34 ==124917==ABORTING
I confirmed this on my development system.