Source: linbox Version: 1.4.2-4 Severity: normal Hi,
Building the package with address sanitizer enabled triggers a buffer overflow in the test-rank-md testcase and memory leaks in the test-regression test case. This can be reproduced by using DEB_BUILD_OPTIONS="sanitize=+address" Log: > PASS: test-commentator > PASS: test-det > PASS: test-frobenius > PASS: test-rational-solver > PASS: test-rational-solver-adaptive > PASS: test-rank-u32 > PASS: test-rank-Int > /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 > -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address > -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security ../linbox/liblinbox.la -fsanitize=address > -Wl,-z,relro -Wl,-z,now -fopenmp -o test-rank-md test-rank-md.o -lntl -lmpfr > -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp -fsanitize=address > -Wl,-z,relro -Wl,-z,now -fopenmp > libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. > -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now > -fopenmp -o .libs/test-rank-md test-rank-md.o -fopenmp -fsanitize=address > -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp ../linbox/.libs/liblinbox.so -lntl > -lmpfr -liml -lblas -llapack -lgivaro -lgmpxx -lgmp -fopenmp > PASS: test-cra > FAIL: test-rank-md > /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 > -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address > -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security ../linbox/liblinbox.la -fsanitize=address > -Wl,-z,relro -Wl,-z,now -fopenmp -o test-ntl-lzz_pex test-ntl-lzz_pex.o -lntl > -lmpfr -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp > -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp > libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. > -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now > -fopenmp -o .libs/test-ntl-lzz_pex test-ntl-lzz_pex.o -fopenmp > -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp > ../linbox/.libs/liblinbox.so -lntl -lmpfr -liml -lblas -llapack -lgivaro > -lgmpxx -lgmp -fopenmp > /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 > -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address > -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security ../linbox/liblinbox.la -fsanitize=address > -Wl,-z,relro -Wl,-z,now -fopenmp -o test-charpoly test-charpoly.o -lntl > -lmpfr -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp > -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp > PASS: test-ntl-lzz_pex > libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. > -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now > -fopenmp -o .libs/test-charpoly test-charpoly.o -fopenmp -fsanitize=address > -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp ../linbox/.libs/liblinbox.so -lntl > -lmpfr -liml -lblas -llapack -lgivaro -lgmpxx -lgmp -fopenmp > PASS: test-charpoly > /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 > -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address > -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security ../linbox/liblinbox.la -fsanitize=address > -Wl,-z,relro -Wl,-z,now -fopenmp -o test-toeplitz-det test-toeplitz-det.o > -lntl -lmpfr -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp > -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp > libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. > -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now > -fopenmp -o .libs/test-toeplitz-det test-toeplitz-det.o -fopenmp > -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp > ../linbox/.libs/liblinbox.so -lntl -lmpfr -liml -lblas -llapack -lgivaro > -lgmpxx -lgmp -fopenmp > PASS: test-toeplitz-det > /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 > -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address > -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security ../linbox/liblinbox.la -fsanitize=address > -Wl,-z,relro -Wl,-z,now -fopenmp -o test-blas-matrix test-blas-matrix.o -lntl > -lmpfr -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp > -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp > libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. > -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now > -fopenmp -o .libs/test-blas-matrix test-blas-matrix.o -fopenmp > -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp > ../linbox/.libs/liblinbox.so -lntl -lmpfr -liml -lblas -llapack -lgivaro > -lgmpxx -lgmp -fopenmp > PASS: test-blas-matrix > /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 > -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address > -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security ../linbox/liblinbox.la -fsanitize=address > -Wl,-z,relro -Wl,-z,now -fopenmp -o test-regression test-regression.o -lntl > -lmpfr -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp > -fsanitize=address -Wl,-z,relro -Wl,-z,now -fopenmp > libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. > -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now > -fopenmp -o .libs/test-regression test-regression.o -fopenmp > -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now -fopenmp > ../linbox/.libs/liblinbox.so -lntl -lmpfr -liml -lblas -llapack -lgivaro > -lgmpxx -lgmp -fopenmp > FAIL: test-regression > /bin/bash ../libtool --tag=CXX --mode=link g++ -g -O2 > -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. -fsanitize=address > -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security ../linbox/liblinbox.la -fsanitize=address > -Wl,-z,relro -Wl,-z,now -fopenmp -o test-solve test-solve.o -lntl -lmpfr > -liml -fopenmp -lblas -llapack -lgivaro -lgmpxx -lgmp -fsanitize=address > -Wl,-z,relro -Wl,-z,now -fopenmp > libtool: link: g++ -g -O2 -fdebug-prefix-map=/tmp/linbox/linbox-1.4.2=. > -fsanitize=address -fno-omit-frame-pointer -fstack-protector-strong -Wformat > -Werror=format-security -fsanitize=address -Wl,-z -Wl,relro -Wl,-z -Wl,now > -fopenmp -o .libs/test-solve test-solve.o -fopenmp -fsanitize=address -Wl,-z > -Wl,relro -Wl,-z -Wl,now -fopenmp ../linbox/.libs/liblinbox.so -lntl -lmpfr > -liml -lblas -llapack -lgivaro -lgmpxx -lgmp -fopenmp > PASS: test-solve > ======================================== > LinBox 1.4.2: tests/test-suite.log > ======================================== > > # TOTAL: 15 > # PASS: 13 > # SKIP: 0 > # XFAIL: 0 > # FAIL: 2 > # XPASS: 0 > # ERROR: 0 > > .. contents:: :depth: 2 > > FAIL: test-rank-md > ================== > > ================================================================= > ==30055==ERROR: AddressSanitizer: heap-buffer-overflow on address > 0x60f00000f000 at pc 0x565091814c09 bp 0x7ffe133b3230 sp 0x7ffe133b3228 > READ of size 8 at 0x60f00000f000 thread T0 > #0 0x565091814c08 in std::vector<double, std::allocator<double> >::size() > const /usr/include/c++/6/bits/stl_vector.h:656 > #1 0x565091814c08 in LinBox::SparseMatrix<Givaro::Modular<double, > double>, LinBox::SparseMatrixFormat::CSR>::IndexedBegin() const > ../linbox/matrix/sparsematrix/sparse-csr-matrix.h:1388 > #2 0x565091814c08 in void LinBox::BlasMatrix<Givaro::Modular<double, > double>, std::vector<double, std::allocator<double> > > >::createBlasMatrix<LinBox::SparseMatrix<Givaro::Modular<double, double>, > LinBox::SparseMatrixFormat::CSR> > >(LinBox::SparseMatrix<Givaro::Modular<double, double>, > LinBox::SparseMatrixFormat::CSR> const&, > LinBox::MatrixContainerCategory::Container) > ../linbox/matrix/densematrix/blas-matrix.inl:116 > #3 0x5650918d9e4a in LinBox::BlasMatrix<Givaro::Modular<double, double>, > std::vector<double, std::allocator<double> > > >::BlasMatrix<LinBox::SparseMatrix<Givaro::Modular<double, double>, > LinBox::SparseMatrixFormat::CSR> > >(LinBox::SparseMatrix<Givaro::Modular<double, double>, > LinBox::SparseMatrixFormat::CSR> const&) > ../linbox/matrix/densematrix/blas-matrix.inl:325 > #4 0x5650918d9e4a in unsigned long& > LinBox::rank<LinBox::SparseMatrix<Givaro::Modular<double, double>, > LinBox::SparseMatrixFormat::CSR> >(unsigned long&, > LinBox::SparseMatrix<Givaro::Modular<double, double>, > LinBox::SparseMatrixFormat::CSR> const&, LinBox::RingCategories::ModularTag > const&, LinBox::BlasEliminationTraits const&) ../linbox/solutions/rank.inl:444 > #5 0x5650918d9e4a in unsigned long& > LinBox::rank<LinBox::SparseMatrix<Givaro::Modular<double, double>, > LinBox::SparseMatrixFormat::CSR>, LinBox::BlasEliminationTraits>(unsigned > long&, LinBox::SparseMatrix<Givaro::Modular<double, double>, > LinBox::SparseMatrixFormat::CSR> const&, LinBox::BlasEliminationTraits > const&) ../linbox/solutions/rank.h:112 > #6 0x5650918d9e4a in bool > testRankMethods<LinBox::SparseMatrix<Givaro::Modular<double, double>, > LinBox::SparseMatrixFormat::CSR> > >(LinBox::SparseMatrix<Givaro::Modular<double, double>, > LinBox::SparseMatrixFormat::CSR>::Field const&, unsigned long, unsigned long, > unsigned int, double) tests/test-rank.h:137 > #7 0x5650917d6003 in bool testSparseRank<Givaro::Modular<double, double> > >(Givaro::Modular<double, double> const&, unsigned long const&, unsigned > long, unsigned long const&, double const&) tests/test-rank.h:335 > #8 0x5650917d6003 in main tests/test-rank-md.C:69 > #9 0x7f77eff902b0 in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) > #10 0x5650917d6299 in _start > (/tmp/linbox/linbox-1.4.2/tests/.libs/test-rank-md+0x21299) > > 0x60f00000f000 is located 0 bytes to the right of 176-byte region > [0x60f00000ef50,0x60f00000f000) > allocated by thread T0 here: > #0 0x7f77f2da4bc0 in operator new(unsigned long) > (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2bc0) > #1 0x5650918d8a9c in __gnu_cxx::new_allocator<unsigned > long>::allocate(unsigned long, void const*) > /usr/include/c++/6/ext/new_allocator.h:104 > #2 0x5650918d8a9c in std::allocator_traits<std::allocator<unsigned long> > >::allocate(std::allocator<unsigned long>&, unsigned long) > /usr/include/c++/6/bits/alloc_traits.h:436 > #3 0x5650918d8a9c in std::_Vector_base<unsigned long, > std::allocator<unsigned long> >::_M_allocate(unsigned long) > /usr/include/c++/6/bits/stl_vector.h:170 > #4 0x5650918d8a9c in std::_Vector_base<unsigned long, > std::allocator<unsigned long> >::_M_create_storage(unsigned long) > /usr/include/c++/6/bits/stl_vector.h:185 > #5 0x5650918d8a9c in std::_Vector_base<unsigned long, > std::allocator<unsigned long> >::_Vector_base(unsigned long, > std::allocator<unsigned long> const&) /usr/include/c++/6/bits/stl_vector.h:136 > #6 0x5650918d8a9c in std::vector<unsigned long, std::allocator<unsigned > long> >::vector(unsigned long, unsigned long const&, std::allocator<unsigned > long> const&) /usr/include/c++/6/bits/stl_vector.h:293 > #7 0x5650918d8a9c in LinBox::SparseMatrix<Givaro::Modular<double, > double>, > LinBox::SparseMatrixFormat::CSR>::SparseMatrix<LinBox::RandomSparseStream<Givaro::Modular<double, > double>, std::vector<std::pair<unsigned long, double>, > std::allocator<std::pair<unsigned long, double> > >, > Givaro::ModularRandIter<Givaro::Modular<double, double> >, > LinBox::VectorCategories::SparseSequenceVectorTag> >(Givaro::Modular<double, > double> const&, LinBox::RandomSparseStream<Givaro::Modular<double, double>, > std::vector<std::pair<unsigned long, double>, > std::allocator<std::pair<unsigned long, double> > >, > Givaro::ModularRandIter<Givaro::Modular<double, double> >, > LinBox::VectorCategories::SparseSequenceVectorTag>&) > ../linbox/matrix/sparsematrix/sparse-csr-matrix.h:304 > #8 0x5650918d8a9c in bool > testRankMethods<LinBox::SparseMatrix<Givaro::Modular<double, double>, > LinBox::SparseMatrixFormat::CSR> > >(LinBox::SparseMatrix<Givaro::Modular<double, double>, > LinBox::SparseMatrixFormat::CSR>::Field const&, unsigned long, unsigned long, > unsigned int, double) tests/test-rank.h:93 > #9 0x5650917d6003 in bool testSparseRank<Givaro::Modular<double, double> > >(Givaro::Modular<double, double> const&, unsigned long const&, unsigned > long, unsigned long const&, double const&) tests/test-rank.h:335 > #10 0x5650917d6003 in main tests/test-rank-md.C:69 > #11 0x7f77eff902b0 in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) > > SUMMARY: AddressSanitizer: heap-buffer-overflow > /usr/include/c++/6/bits/stl_vector.h:656 in std::vector<double, > std::allocator<double> >::size() const > Shadow bytes around the buggy address: > 0x0c1e7fff9db0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0c1e7fff9dc0: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd > 0x0c1e7fff9dd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0c1e7fff9de0: fd fa fa fa fa fa fa fa fa fa 00 00 00 00 00 00 > 0x0c1e7fff9df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > =>0x0c1e7fff9e00:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c1e7fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c1e7fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c1e7fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c1e7fff9e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c1e7fff9e50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > Shadow byte legend (one shadow byte represents 8 application bytes): > Addressable: 00 > Partially addressable: 01 02 03 04 05 06 07 > Heap left redzone: fa > Heap right redzone: fb > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack partial redzone: f4 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > ASan internal: fe > Left alloca redzone: ca > Right alloca redzone: cb > ==30055==ABORTING > FAIL test-rank-md (exit status: 1) > > FAIL: test-regression > ===================== > > > ================================================================= > ==30601==ERROR: LeakSanitizer: detected memory leaks > > Direct leak of 120 byte(s) in 1 object(s) allocated from: > #0 0x7ff37cbecd40 in operator new[](unsigned long) > (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2d40) > #1 0x5577a445e5ed in testSolveSparseSage() tests/test-regression.C:74 > #2 0x5577a44359b4 in main tests/test-regression.C:122 > #3 0x7ff379dd82b0 in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) > > Direct leak of 12 byte(s) in 1 object(s) allocated from: > #0 0x7ff37cbecd40 in operator new[](unsigned long) > (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2d40) > #1 0x5577a445e705 in testSolveSparseSage() tests/test-regression.C:84 > #2 0x5577a44359b4 in main tests/test-regression.C:122 > #3 0x7ff379dd82b0 in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) > > Indirect leak of 72 byte(s) in 3 object(s) allocated from: > #0 0x7ff37cbecd40 in operator new[](unsigned long) > (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2d40) > #1 0x5577a445e632 in testSolveSparseSage() tests/test-regression.C:78 > #2 0x5577a44359b4 in main tests/test-regression.C:122 > #3 0x7ff379dd82b0 in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) > > Indirect leak of 36 byte(s) in 3 object(s) allocated from: > #0 0x7ff37cbecd40 in operator new[](unsigned long) > (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2d40) > #1 0x5577a445e60c in testSolveSparseSage() tests/test-regression.C:77 > #2 0x5577a44359b4 in main tests/test-regression.C:122 > #3 0x7ff379dd82b0 in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) > > SUMMARY: AddressSanitizer: 240 byte(s) leaked in 8 allocation(s). > FAIL test-regression (exit status: 1) > > ============================================================================ > Testsuite summary for LinBox 1.4.2 > ============================================================================ > # TOTAL: 15 > # PASS: 13 > # SKIP: 0 > # XFAIL: 0 > # FAIL: 2 > # XPASS: 0 > # ERROR: 0 > ============================================================================ > See tests/test-suite.log > Please report to linbox-...@googlegroups.com > ============================================================================ Thanks, James
signature.asc
Description: OpenPGP digital signature
-- debian-science-maintainers mailing list debian-science-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-science-maintainers
