Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

boost::python::to_python_value<bool const&> generates stack-buffer-overflow in address sanitizer #413

Open
o01eg opened this issue Feb 21, 2023 · 1 comment
Open

boost::python::to_python_value<bool const&> generates stack-buffer-overflow in address sanitizer #413

o01eg opened this issue Feb 21, 2023 · 1 comment

Comments

@o01eg
Copy link

o01eg commented Feb 21, 2023
edited
Loading 

==32076==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f49c5afa450 at pc 0x7f49cc04987a bp 0x7f49c5af8ea0 sp 0x7f49c5af8e98
READ of size 1 at 0x7f49c5afa450 thread T1
    #0 0x7f49cc049879 in boost::python::to_python_value<bool const&>::operator()(bool const&) const /usr/include/boost/python/converter/builtin_converters.hpp:113
    #1 0x7f49cc049879 in _object* boost::python::detail::invoke<boost::python::to_python_value<bool const&>, boost::python::detail::datum<bool const> >(boost::python::detail::invoke_tag_<false, false>, boost::python::to_python_value<bool const&> const&, boost::python::detail::datum<bool const>&) /usr/include/boost/python/detail/invoke.hpp:73
    #2 0x7f49cc049879 in boost::python::detail::caller_arity<0u>::impl<boost::python::detail::datum<bool const>, boost::python::return_value_policy<boost::python::return_by_value, boost::python::default_call_policies>, boost::mpl::vector1<bool const&> >::operator()(_object*, _object*) /usr/include/boost/python/detail/caller.hpp:233
    #3 0x7f49cc049879 in boost::python::objects::caller_py_function_impl<boost::python::detail::caller<boost::python::detail::datum<bool const>, boost::python::return_value_policy<boost::python::return_by_value, boost::python::default_call_policies>, boost::mpl::vector1<bool const&> > >::operator()(_object*, _object*) /usr/include/boost/python/object/py_function.hpp:38
    #4 0x7f49ce5e135c in boost::python::objects::function::call(_object*, _object*) const (/usr/lib/x86_64-linux-gnu/libboost_python311.so.1.74.0+0x2035c)
    #5 0x7f49ce5e1527  (/usr/lib/x86_64-linux-gnu/libboost_python311.so.1.74.0+0x20527)
    #6 0x7f49ce5e649a in boost::python::detail::exception_handler::operator()(boost::function0<void> const&) const (/usr/lib/x86_64-linux-gnu/libboost_python311.so.1.74.0+0x2549a)
    #7 0x7f49cc01b5a5 in operator() /usr/include/boost/python/detail/translate_exception.hpp:46
    #8 0x7f49cc01b5a5 in operator()<bool, boost::python::detail::translate_exception<(anonymous namespace)::import_error, void (*)(const (anonymous namespace)::import_error&)>, boost::_bi::rrlist2<const boost::python::detail::exception_handler&, const boost::function0<void>&> > /usr/include/boost/bind/bind.hpp:388
    #9 0x7f49cc01b5a5 in operator()<const boost::python::detail::exception_handler&, const boost::function0<void>&> /usr/include/boost/bind/bind.hpp:1318
    #10 0x7f49cc01b5a5 in invoke /usr/include/boost/function/function_template.hpp:137
    #11 0x7f49ce5e63ac in boost::python::handle_exception_impl(boost::function0<void>) (/usr/lib/x86_64-linux-gnu/libboost_python311.so.1.74.0+0x253ac)
    #12 0x7f49ce5deec1  (/usr/lib/x86_64-linux-gnu/libboost_python311.so.1.74.0+0x1dec1)
    #13 0x7f49c997baec in _PyObject_MakeTpCall (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x17baec)
    #14 0x7f49c997d568  (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x17d568)
    #15 0x7f49c997d68d in PyObject_CallFunction (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x17d68d)
    #16 0x7f49c99d0438 in _PyObject_GenericGetAttrWithDict (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x1d0438)
    #17 0x7f49c99cf977 in PyObject_GetAttr (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x1cf977)
    #18 0x7f49c990682b in _PyEval_EvalFrameDefault (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x10682b)
    #19 0x7f49c9a6a6d9  (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x26a6d9)
    #20 0x7f49c997e1ce  (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x17e1ce)
    #21 0x7f49c997e3e9 in PyObject_CallMethodObjArgs (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x17e3e9)
    #22 0x7f49c9a9637e in PyImport_ImportModuleLevelObject (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x29637e)
    #23 0x7f49c9a6185d  (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x26185d)
    #24 0x7f49c99c9c51  (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x1c9c51)
    #25 0x7f49c990a7d2 in _PyEval_EvalFrameDefault (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x10a7d2)
    #26 0x7f49c9a6a6d9  (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x26a6d9)
    #27 0x7f49c997e1ce  (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x17e1ce)
    #28 0x7f49c997e3e9 in PyObject_CallMethodObjArgs (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x17e3e9)
    #29 0x7f49c9a9637e in PyImport_ImportModuleLevelObject (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x29637e)
    #30 0x7f49c9913377 in _PyEval_EvalFrameDefault (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x113377)
    #31 0x7f49c9bcc73b  (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x3cc73b)
    #32 0x7f49c9a68420 in PyEval_EvalCode (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x268420)
    #33 0x7f49c9ab6d88  (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x2b6d88)
    #34 0x7f49c9ab7f3a in PyRun_StringFlags (/usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0+0x2b7f3a)
    #35 0x7f49ce5e9e08 in boost::python::exec(char const*, boost::python::api::object, boost::python::api::object) (/usr/lib/x86_64-linux-gnu/libboost_python311.so.1.74.0+0x28e08)
    #36 0x7f49cc02b1f1 in PythonParser::ParseFileCommon(boost::filesystem::path const&, boost::python::dict const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) const /home/oleg/devel/freeorion/parse/PythonParser.cpp:326
    #37 0x7f49cbe14bfd in parse_file<(anonymous namespace)::py_grammar_techs> /home/oleg/devel/freeorion/parse/PythonParserImpl.h:19
    #38 0x7f49cbe14bfd in std::tuple<boost::multi_index::multi_index_container<std::unique_ptr<Tech, std::default_delete<Tech> >, boost::multi_index::indexed_by<boost::multi_index::ordered_non_unique<boost::multi_index::tag<TechManager::CategoryIndex, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, boost::multi_index::const_mem_fun<Tech, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, &(Tech::Category[abi:cxx11]() const)>, mpl_::na>, boost::multi_index::ordered_unique<boost::multi_index::tag<TechManager::NameIndex, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, boost::multi_index::const_mem_fun<Tech, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, &(Tech::Name[abi:cxx11]() const)>, mpl_::na>, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, std::allocator<std::unique_ptr<Tech, std::default_delete<Tech> > > >, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::unique_ptr<TechCategory, std::default_delete<TechCategory> >, std::less<void>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::unique_ptr<TechCategory, std::default_delete<TechCategory> > > > >, std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > parse::techs<std::tuple<boost::multi_index::multi_index_container<std::unique_ptr<Tech, std::default_delete<Tech> >, boost::multi_index::indexed_by<boost::multi_index::ordered_non_unique<boost::multi_index::tag<TechManager::CategoryIndex, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, boost::multi_index::const_mem_fun<Tech, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, &(Tech::Category[abi:cxx11]() const)>, mpl_::na>, boost::multi_index::ordered_unique<boost::multi_index::tag<TechManager::NameIndex, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, boost::multi_index::const_mem_fun<Tech, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, &(Tech::Name[abi:cxx11]() const)>, mpl_::na>, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, std::allocator<std::unique_ptr<Tech, std::default_delete<Tech> > > >, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::unique_ptr<TechCategory, std::default_delete<TechCategory> >, std::less<void>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::unique_ptr<TechCategory, std::default_delete<TechCategory> > > > >, std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > >(PythonParser const&, boost::filesystem::path const&) /home/oleg/devel/freeorion/parse/TechsParser.cpp:202
    #39 0x7f49cd7d8cd0 in Pending::Pending<decltype ({parm#1}({parm#2}, {parm#3}))> Pending::ParseSynchronously<std::tuple<boost::multi_index::multi_index_container<std::unique_ptr<Tech, std::default_delete<Tech> >, boost::multi_index::indexed_by<boost::multi_index::ordered_non_unique<boost::multi_index::tag<TechManager::CategoryIndex, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, boost::multi_index::const_mem_fun<Tech, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, &(Tech::Category[abi:cxx11]() const)>, mpl_::na>, boost::multi_index::ordered_unique<boost::multi_index::tag<TechManager::NameIndex, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, boost::multi_index::const_mem_fun<Tech, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, &(Tech::Name[abi:cxx11]() const)>, mpl_::na>, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, std::allocator<std::unique_ptr<Tech, std::default_delete<Tech> > > >, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::unique_ptr<TechCategory, std::default_delete<TechCategory> >, std::less<void>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::unique_ptr<TechCategory, std::default_delete<TechCategory> > > > >, std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > (PythonParser const&, boost::filesystem::path const&), PythonParser>(std::tuple<boost::multi_index::multi_index_container<std::unique_ptr<Tech, std::default_delete<Tech> >, boost::multi_index::indexed_by<boost::multi_index::ordered_non_unique<boost::multi_index::tag<TechManager::CategoryIndex, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, boost::multi_index::const_mem_fun<Tech, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, &(Tech::Category[abi:cxx11]() const)>, mpl_::na>, boost::multi_index::ordered_unique<boost::multi_index::tag<TechManager::NameIndex, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, boost::multi_index::const_mem_fun<Tech, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, &(Tech::Name[abi:cxx11]() const)>, mpl_::na>, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, std::allocator<std::unique_ptr<Tech, std::default_delete<Tech> > > >, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::unique_ptr<TechCategory, std::default_delete<TechCategory> >, std::less<void>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, std::unique_ptr<TechCategory, std::default_delete<TechCategory> > > > >, std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > ( const&)(PythonParser const&, boost::filesystem::path const&), PythonParser const&, boost::filesystem::path const&, std::promise<void>&&) /home/oleg/devel/freeorion/util/../universe/../util/Pending.h:147
    #40 0x7f49cd7b608d in IApp::StartBackgroundParsing(PythonParser const&, std::promise<void>&&) /home/oleg/devel/freeorion/util/AppInterface.cpp:127
    #41 0x5565d5b78d3a in operator()<std::promise<void> > /home/oleg/devel/freeorion/test/system/ClientAppFixture.cpp:49
    #42 0x5565d5b79253 in __invoke_impl<void, ClientAppFixture::ClientAppFixture()::<lambda(auto:49)>, std::promise<void> > /usr/include/c++/12/bits/invoke.h:61
    #43 0x5565d5b79253 in __invoke<ClientAppFixture::ClientAppFixture()::<lambda(auto:49)>, std::promise<void> > /usr/include/c++/12/bits/invoke.h:96
    #44 0x5565d5b79253 in _M_invoke<0, 1> /usr/include/c++/12/bits/std_thread.h:252
    #45 0x5565d5b79253 in operator() /usr/include/c++/12/bits/std_thread.h:259
    #46 0x5565d5b79253 in _M_run /usr/include/c++/12/bits/std_thread.h:210
    #47 0x7f49c94d44a2  (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd44a2)
    #48 0x7f49c96a7fd3 in start_thread nptl/pthread_create.c:442
    #49 0x7f49c972866b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Address 0x7f49c5afa450 is located in stack of thread T1 at offset 1376 in frame
    #0 0x7f49cc02a77f in PythonParser::ParseFileCommon(boost::filesystem::path const&, boost::python::dict const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) const /home/oleg/devel/freeorion/parse/PythonParser.cpp:316

  This frame has 54 object(s):
    [32, 33) '<unknown>'
    [48, 49) '<unknown>'
    [64, 65) '<unknown>'
    [80, 81) '<unknown>'
    [96, 97) '<unknown>'
    [112, 113) 'lock'
    [128, 132) '<unknown>'
    [144, 148) '<unknown>'
    [160, 164) '<unknown>'
    [176, 180) '<unknown>'
    [192, 196) '<unknown>'
    [208, 212) '<unknown>'
    [224, 228) '<unknown>'
    [240, 244) '<unknown>'
    [256, 260) '<unknown>'
    [272, 276) '<unknown>'
    [288, 296) '<unknown>'
    [320, 328) '<unknown>'
    [352, 360) '<unknown>'
    [384, 392) '<unknown>'
    [416, 424) '<unknown>'
    [448, 456) '_boost_log_record_329' (line 329)
    [480, 488) '<unknown>'
    [512, 520) '<unknown>'
    [544, 552) '_boost_log_record_331' (line 331)
    [576, 584) '<unknown>'
    [608, 616) '<unknown>'
    [640, 648) '_boost_log_record_333' (line 333)
    [672, 680) '<unknown>'
    [704, 712) '<unknown>'
    [736, 744) '_boost_log_record_335' (line 335)
    [768, 776) '<unknown>'
    [800, 808) '<unknown>'
    [832, 840) '<unknown>'
    [864, 872) '<unknown>'
    [896, 904) '<unknown>'
    [928, 936) '<unknown>'
    [960, 968) '_boost_log_record_321' (line 321)
    [992, 1000) 'cleanup'
    [1024, 1040) '<unknown>'
    [1056, 1072) '<unknown>'
    [1088, 1104) '<unknown>'
    [1120, 1136) '<unknown>'
    [1152, 1168) '<unknown>'
    [1184, 1200) '<unknown>'
    [1216, 1232) '<unknown>'
    [1248, 1264) '<unknown>'
    [1280, 1296) '<unknown>'
    [1312, 1328) '<unknown>'
    [1344, 1368) '<unknown>' <== Memory access at offset 1376 overflows this variable
    [1408, 1432) '<unknown>'
    [1472, 1496) '<unknown>'
    [1536, 1560) '<unknown>'
    [1600, 1624) '<unknown>'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
Thread T1 created by T0 here:
    #0 0x7f49ce649726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
    #1 0x7f49c94d4578 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd4578)
    #2 0x5565d5caa22a in SmokeTestGame::host_server::host_server() /home/oleg/devel/freeorion/test/system/SmokeTestGame.cpp:30
    #3 0x5565d5caa22a in host_server_invoker /home/oleg/devel/freeorion/test/system/SmokeTestGame.cpp:30

SUMMARY: AddressSanitizer: stack-buffer-overflow /usr/include/boost/python/converter/builtin_converters.hpp:113 in boost::python::to_python_value<bool const&>::operator()(bool const&) const
Shadow bytes around the buggy address:
  0x0fe9b8b57430: f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2
  0x0fe9b8b57440: f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2
  0x0fe9b8b57450: f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 00
  0x0fe9b8b57460: f2 f2 00 00 f2 f2 00 00 f2 f2 00 00 f2 f2 00 00
  0x0fe9b8b57470: f2 f2 00 00 f2 f2 00 00 f2 f2 00 00 f2 f2 00 00
=>0x0fe9b8b57480: f2 f2 00 00 f2 f2 00 00 00 f2[f2]f2 f2 f2 00 00
  0x0fe9b8b57490: 00 f2 f2 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00
  0x0fe9b8b574a0: 00 f2 f2 f2 f2 f2 00 00 00 f3 f3 f3 f3 f3 00 00
  0x0fe9b8b574b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9b8b574c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9b8b574d0: 00 00 00 00 f1 f1 f1 f1 f8 f2 f8 f2 f8 f2 f8 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==32076==ABORTING

Encountered in https://github.com/freeorion/freeorion with tag v0.5-rc1 To reproduce build it with -DBUILD_TESTING=On -DBUILD_CLIENT_GG=Off -DBUILD_SERVER=Off -DBUILD_AI=Off and run ASAN_OPTIONS=detect_leaks=0 ./fo_unittest_parse --run_test=TestPythonParser/parse_techs_full

Mininified example https://github.com/o01eg/freeorion with branch test-python-sanitize-mini on CI: https://github.com/o01eg/freeorion/actions/runs/4264388156/jobs/7422403144
@o01eg
Copy link
Author

o01eg commented Feb 21, 2023
edited
Loading 

(gdb) bt full
...
#8  0x00007ffff78c23fc in __asan::__asan_report_load1 (addr=<optimized out>) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:120
        bp = 140737168513488
        pc = <optimized out>
        local_stack = 140737353891072
        sp = 140737168513480
#9  0x00007ffff38eaee4 in boost::python::to_python_value<bool const&>::operator() (this=0x7fffecef9a80, x=@0x7fffecefd2d0: 22)
    at /usr/include/boost/python/converter/builtin_converters.hpp:113
No locals.
#10 0x00007ffff3948e9e in boost::python::detail::invoke<boost::python::to_python_value<bool const&>, boost::python::detail::datum<bool const> > (rc=..., f=...)
    at /usr/include/boost/python/detail/invoke.hpp:73
No locals.
#11 0x00007ffff39423f2 in boost::python::detail::caller_arity<0u>::impl<boost::python::detail::datum<bool const>, boost::python::return_value_policy<boost::python::return_by_value, boost::python::default_call_policies>, boost::mpl::vector1<bool const&> >::operator() (this=0x602000014898, args_=0x7ffff1544db8 <_PyRuntime+58904>)
    at /usr/include/boost/python/detail/caller.hpp:233
        inner_args = 0x7ffff1544db8 <_PyRuntime+58904>
        result = 0x7fffedcf3540
#12 0x00007ffff39405ef in boost::python::objects::caller_py_function_impl<boost::python::detail::caller<boost::python::detail::datum<bool const>, boost::python::return_value_policy<boost::python::return_by_value, boost::python::default_call_policies>, boost::mpl::vector1<bool const&> > >::operator() (this=0x602000014890, args=0x7ffff1544db8 <_PyRuntime+58904>, kw=0x0)
    at /usr/include/boost/python/object/py_function.hpp:38
No locals.
#13 0x00007ffff450235d in boost::python::objects::py_function::operator() (kw=0x0, args=0x7ffff1544db8 <_PyRuntime+58904>, this=0x607000004a90) at ./boost/python/object/py_function.hpp:147
No locals.
#14 boost::python::objects::function::call (this=0x607000004a80, args=0x7ffff1544db8 <_PyRuntime+58904>, keywords=0x0) at libs/python/src/object/function.cpp:221
        inner_args = {m_p = 0x7ffff1544db8 <_PyRuntime+58904>}
        result = <optimized out>
        min_arity = <optimized out>
        max_arity = 0
        n_unnamed_actual = 0
        n_keyword_actual = 0
        n_actual = 0
        f = 0x607000004a80
#15 0x00007ffff4502528 in boost::python::objects::(anonymous namespace)::bind_return::operator() (this=<optimized out>) at libs/python/src/object/function.cpp:581
No locals.
#16 boost::detail::function::void_function_ref_invoker0<boost::python::objects::(anonymous namespace)::bind_return, void>::invoke (function_obj_ptr=...)
    at ./boost/function/function_template.hpp:193
        f = <optimized out>
#17 0x00007ffff450749b in boost::function0<void>::operator() (this=<optimized out>) at ./boost/function/function_template.hpp:763
No locals.
#18 boost::python::detail::exception_handler::operator() (this=<optimized out>, f=...) at libs/python/src/errors.cpp:74
No locals.
#19 0x00007ffff38e7a2e in boost::python::detail::translate_exception<(anonymous namespace)::import_error, void (*)((anonymous namespace)::import_error const&)>::operator() (
    this=0x604000011118, handler=..., f=..., translate=0x7ffff38d4a85 <(anonymous namespace)::translate((anonymous namespace)::import_error const&)>)
    at /usr/include/boost/python/detail/translate_exception.hpp:46
No locals.
#20 0x00007ffff38e7413 in boost::_bi::list3<boost::arg<1>, boost::arg<2>, boost::_bi::value<void (*)((anonymous namespace)::import_error const&)> >::operator()<bool, boost::python::detail::translate_exception<(anonymous namespace)::import_error, void (*)((anonymous namespace)::import_error const&)>, boost::_bi::rrlist2<boost::python::detail::exception_handler const&, boost::function0<void> const&> > (this=0x604000011120, f=..., a=...) at /usr/include/boost/bind/bind.hpp:388
No locals.
#21 0x00007ffff38e6a05 in boost::_bi::bind_t<bool, boost::python::detail::translate_exception<(anonymous namespace)::import_error, void (*)((anonymous namespace)::import_error const&)>, boost::_bi::list3<boost::arg<1>, boost::arg<2>, boost::_bi::value<void (*)((anonymous namespace)::import_error const&)> > >::operator()<boost::python::detail::exception_handler const&, boost::function0<void> const&> (this=0x604000011118, a1=..., a2=...) at /usr/include/boost/bind/bind.hpp:1318
        a = {a1_ = @0x604000011110, a2_ = @0x7fffecef9e20}
#22 0x00007ffff38e62c6 in boost::detail::function::function_obj_invoker2<boost::_bi::bind_t<bool, boost::python::detail::translate_exception<(anonymous namespace)::import_error, void (*)((anonymous namespace)::import_error const&)>, boost::_bi::list3<boost::arg<1>, boost::arg<2>, boost::_bi::value<void (*)((anonymous namespace)::import_error const&)> > >, bool, boost::python::detail::exception_handler const&, boost::function0<void> const&>::invoke (function_obj_ptr=..., a0=..., a1=...) at /usr/include/boost/function/function_template.hpp:137
        f = 0x604000011118
#23 0x00007ffff45073ad in boost::function2<bool, boost::python::detail::exception_handler const&, boost::function0<void> const&>::operator() (a1=..., a0=..., this=<optimized out>)
    at ./boost/function/function_template.hpp:763
No locals.
#24 boost::python::detail::exception_handler::handle (f=..., this=<optimized out>) at ./boost/python/detail/exception_handler.hpp:41
No locals.
#25 boost::python::handle_exception_impl (f=...) at libs/python/src/errors.cpp:24
No locals.
#26 0x00007ffff44ffec2 in boost::python::handle_exception<boost::python::objects::(anonymous namespace)::bind_return> (f=...) at ./boost/python/errors.hpp:29
No locals.
#27 boost::python::objects::function_call (func=<optimized out>, args=<optimized out>, kw=<optimized out>) at libs/python/src/object/function.cpp:622
        result = 0x0
#28 0x00007ffff0f7baed in _PyObject_MakeTpCall () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#29 0x00007ffff0f7d569 in ?? () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#30 0x00007ffff0f7d68e in PyObject_CallFunction () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#31 0x00007ffff0fd0439 in _PyObject_GenericGetAttrWithDict () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#32 0x00007ffff0fcf978 in PyObject_GetAttr () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#33 0x00007ffff0f0682c in _PyEval_EvalFrameDefault () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#34 0x00007ffff106a6da in ?? () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#35 0x00007ffff0f7e1cf in ?? () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#36 0x00007ffff0f7e3ea in PyObject_CallMethodObjArgs () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#37 0x00007ffff109637f in PyImport_ImportModuleLevelObject () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#38 0x00007ffff106185e in ?? () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#39 0x00007ffff0fc9c52 in ?? () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#40 0x00007ffff0f0a7d3 in _PyEval_EvalFrameDefault () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#41 0x00007ffff106a6da in ?? () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#42 0x00007ffff0f7e1cf in ?? () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#43 0x00007ffff0f7e3ea in PyObject_CallMethodObjArgs () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#44 0x00007ffff109637f in PyImport_ImportModuleLevelObject () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#45 0x00007ffff0f13378 in _PyEval_EvalFrameDefault () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#46 0x00007ffff11cc73c in ?? () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#47 0x00007ffff1068421 in PyEval_EvalCode () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#48 0x00007ffff10b6d89 in ?? () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#49 0x00007ffff10b7f3b in PyRun_StringFlags () from /usr/lib/x86_64-linux-gnu/libpython3.11.so.1.0
No symbol table info available.
#50 0x00007ffff450ae09 in boost::python::exec (
    string=0x61d000142880 "from common.priorities import (\n    AFTER_ALL_TARGET_MAX_METERS_PRIORITY,\n    METER_OVERRIDE_PRIORITY,\n    TARGET_AFTER_2ND_SCALING_PRIORITY,\n)\n\nTech(\n    name=\"CON_OUTPOST\",\n    description=\"CON_OUTP"..., global=..., local=...) at ./boost/python/object_core.hpp:440
        s = 0x61d000142880 "from common.priorities import (\n    AFTER_ALL_TARGET_MAX_METERS_PRIORITY,\n    METER_OVERRIDE_PRIORITY,\n    TARGET_AFTER_2ND_SCALING_PRIORITY,\n)\n\nTech(\n    name=\"CON_OUTPOST\",\n    description=\"CON_OUTP"...
        result = <optimized out>
#51 0x00007ffff38de221 in PythonParser::ParseFileCommon (this=0x7fffecefec50, path=..., globals=..., 
    filename="/home/oleg/devel/build-freeorion-rel/default/scripting/techs/construction/OUTPOST.focs.py", 
    file_contents="from common.priorities import (\n    AFTER_ALL_TARGET_MAX_METERS_PRIORITY,\n    METER_OVERRIDE_PRIORITY,\n    TARGET_AFTER_2ND_SCALING_PRIORITY,\n)\n\nTech(\n    name=\"CON_OUTPOST\",\n    description=\"CON_OUTP"...) at /home/oleg/devel/freeorion/parse/PythonParser.cpp:326
        read_success = true
...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@o01eg