Comments (3)
markos
commented on August 12, 2024
2
Thank you, these are really helpful, I was planning to add ASAN myself but it seems there is important reason to do that sooner rather than later. I am not sure these are false positives, so will need to investigate further.
from vectorscan.
danlark1
commented on August 12, 2024
A couple more
[ RUN ] regression.UE_2798
==3279==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f1f4cf65fd1 at pc 0x7f1f4bbdea90 bp 0x7ffe7122f2f0 sp 0x7ffe7122f2e8
READ of size 16 at 0x7f1f4cf65fd1 thread T0
#0 0x7f1f4bbdea8f in loadu_maskz src/util/supervector/arch/x86/impl.cpp:518:21
#1 0x7f1f4bbdea8f in nvermicelliExecReal<(unsigned short)16> src/nfa/vermicelli_simd.cpp:173:31
#2 0x7f1f4bbdea8f in nvermicelliExec src/nfa/vermicelli_simd.cpp:499:12
#3 0x7f1f4bb66140 in limitByReach src/nfa/mpv.c:262:16
#4 0x7f1f4bb66140 in handleTopN src/nfa/mpv.c:391:16
#5 0x7f1f4bb5ce32 in nfaExecMpv_Q_i src/nfa/mpv.c:1002:13
#6 0x7f1f4bb5ce32 in nfaExecMpv_QueueExecRaw src/nfa/mpv.c:1069:15
#7 0x7f1f4bf796ab in roseCatchUpMPV_i src/rose/catchup.c:403:26
#8 0x7f1f4bff1bfc in roseCatchUpTo src/rose/catchup.h:158:14
#9 0x7f1f4bff1bfc in roseRunProgram src/rose/program_runtime.c:2500:21
#10 0x7f1f4bfbcec4 in roseProcessMatchInline src/rose/match.c:244:16
#11 0x7f1f4bfbcec4 in roseCallback_i src/rose/match.c:512:10
#12 0x7f1f4bfbcec4 in roseFloatingCallback src/rose/match.c:533:12
#13 0x7f1f4b849c4c in confWithBit src/fdr/fdr_confirm_runtime.h:96:20
#14 0x7f1f4b849c4c in do_confWithBit_teddy src/fdr/teddy_runtime_common.h:438:9
#15 0x7f1f4b849c4c in fdr_exec_teddy_msks3 src/fdr/teddy.c:1097:5
#16 0x7f1f4b7e47f0 in fdrExecStreaming src/fdr/fdr.c:851:15
#17 0x7f1f4b8886ca in hwlmExecStreaming src/hwlm/hwlm.c:246:12
#18 0x7f1f4c33cf1b in roseStreamExec src/rose/stream.c:663:9
#19 0x7f1f4c354e32 in rawStreamExec src/runtime.c:792:5
#20 0x7f1f4c354e32 in hs_scan_stream_internal src/runtime.c:945:9
#21 0x7f1f4c35450f in hs_scan_stream src/runtime.c:992:21
#22 0x7f1f4d137b36 in (anonymous namespace)::regression_UE_2798_Test::TestBody() unit/hyperscan/behaviour.cpp:1490:11
#23 0x7f1effed39d4 in testing::Test::Run() third_party/googletest/googletest/src/gtest.cc:2731:5
#24 0x7f1effed64bb in testing::TestInfo::Run() third_party/googletest/googletest/src/gtest.cc:2910:11
#25 0x7f1effed882b in testing::TestSuite::Run() third_party/googletest/googletest/src/gtest.cc:3069:30
#26 0x7f1efff0a124 in testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/googletest/src/gtest.cc:5942:44
#27 0x7f1efff08fe9 in testing::UnitTest::Run() third_party/googletest/googletest/src/gtest.cc:5511:10
#28 0x55bf5a7bf84f in RUN_ALL_TESTS third_party/googletest/googletest/include/gtest/gtest.h:2326:46
#29 0x55bf5a7bf84f in main testing/base/internal/gunit_main.cc:83:10
0x7f1f4cf65fd1 is located 47 bytes to the left of global variable '<string literal>' defined in 'unit/hyperscan/behaviour.cpp:1498:5' (0x7f1f4cf66000) of size 79
'<string literal>' is ascii string 'find(c.matches.begin(), c.matches.end(), MatchRecord(7, 1)) != c.matches.end()'
0x7f1f4cf65fd1 is located 15 bytes to the left of global variable '<string literal>' defined in 'unit/hyperscan/behaviour.cpp:1497:5' (0x7f1f4cf65fe0) of size 3
'<string literal>' is ascii string '4U'
0x7f1f4cf65fd1 is located 8 bytes to the right of global variable 'dataA' defined in 'unit/hyperscan/behaviour.cpp:1484:16' (0x7f1f4cf65fc0) of size 9
'dataA' is ascii string 'ab_baab
'
SUMMARY: AddressSanitizer: global-buffer-overflow src/util/supervector/arch/x86/impl.cpp:518:21 in loadu_maskz
Shadow bytes around the buggy address:
0x0fe4699e4ba0: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
0x0fe4699e4bb0: 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 07 f9 f9 f9
0x0fe4699e4bc0: 03 f9 f9 f9 00 00 00 00 00 00 00 00 00 07 f9 f9
0x0fe4699e4bd0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 f9 f9
0x0fe4699e4be0: f9 f9 f9 f9 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9
=>0x0fe4699e4bf0: 00 06 f9 f9 00 03 f9 f9 00 01[f9]f9 03 f9 f9 f9
0x0fe4699e4c00: 00 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9
0x0fe4699e4c10: 00 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9
0x0fe4699e4c20: 00 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9
0x0fe4699e4c30: 00 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9
0x0fe4699e4c40: 00 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3279==ABORTING
[ RUN ] HyperscanTestBehaviour.ScanSeveralGigabytesNoMatch
==3279==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f282ba037bf at pc 0x7f28b45dfab9 bp 0x7ffcc7768bb0 sp 0x7ffcc7768ba8
READ of size 16 at 0x7f282ba037bf thread T0
#0 0x7f28b45dfab8 in loadu_maskz src/util/supervector/arch/x86/impl.cpp:518:21
#1 0x7f28b45dfab8 in vermicelliDoubleExecReal<(unsigned short)16> src/nfa/vermicelli_simd.cpp:338:31
#2 0x7f28b45dfab8 in vermicelliDoubleExec src/nfa/vermicelli_simd.cpp:531:12
#3 0x7f28b4288d18 in run_hwlm_accel src/hwlm/hwlm.c
#4 0x7f28b4288d18 in do_accel_streaming src/hwlm/hwlm.c:147:31
#5 0x7f28b428868a in hwlmExecStreaming src/hwlm/hwlm.c:244:5
#6 0x7f28b4d3cf1b in roseStreamExec src/rose/stream.c:663:9
#7 0x7f28b4d54e32 in rawStreamExec src/runtime.c:792:5
#8 0x7f28b4d54e32 in hs_scan_stream_internal src/runtime.c:945:9
#9 0x7f28b4d5450f in hs_scan_stream src/runtime.c:992:21
#10 0x7f28b5acc9e9 in (anonymous namespace)::HyperscanTestBehaviour_ScanSeveralGigabytesNoMatch_Test::TestBody() unit/hyperscan/behaviour.cpp:112:15
#11 0x7f28688d39d4 in testing::Test::Run() third_party/googletest/googletest/src/gtest.cc:2731:5
#12 0x7f28688d64bb in testing::TestInfo::Run() third_party/googletest/googletest/src/gtest.cc:2910:11
#13 0x7f28688d882b in testing::TestSuite::Run() third_party/googletest/googletest/src/gtest.cc:3069:30
#14 0x7f286890a124 in testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/googletest/src/gtest.cc:5942:44
#15 0x7f2868908fe9 in testing::UnitTest::Run() third_party/googletest/googletest/src/gtest.cc:5511:10
#16 0x55a3519bf84f in RUN_ALL_TESTS third_party/googletest/googletest/include/gtest/gtest.h:2326:46
#17 0x55a3519bf84f in main testing/base/internal/gunit_main.cc:83:10
Address 0x7f282ba037bf is located in stack of thread T0 at offset 63 in frame
#0 0x7f28b42887af in do_accel_streaming src/hwlm/hwlm.c:116
This frame has 1 object(s):
[32, 49) 'temp' (line 139) <== Memory access at offset 63 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow src/util/supervector/arch/x86/impl.cpp:518:21 in loadu_maskz
Shadow bytes around the buggy address:
0x0fe5857386a0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe5857386b0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe5857386c0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe5857386d0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe5857386e0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x0fe5857386f0: f1 f1 f1 f1 00 00 01[f3]f3 f3 f3 f3 00 00 00 00
0x0fe585738700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe585738710: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe585738720: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe585738730: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe585738740: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3279==ABORTING
[ RUN ] LogicalCombination.MultiCombStream1
=================================================================
==3279==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f1e79a4f63f at pc 0x7f1f025cd58d bp 0x7ffdd439ac30 sp 0x7ffdd439ac28
READ of size 16 at 0x7f1e79a4f63f thread T0
#0 0x7f1f025cd58c in loadu_maskz src/util/supervector/arch/x86/impl.cpp:518:21
#1 0x7f1f025cd58c in unsigned char const* shuftiExecReal<(unsigned short)16>(long long vector[2], long long vector[2], unsigned char const*, unsigned char const*) src/nfa/shufti_simd.hpp:131:32
#2 0x7f1f02288d5f in run_hwlm_accel src/hwlm/hwlm.c:73:16
#3 0x7f1f02288d5f in do_accel_streaming src/hwlm/hwlm.c:147:31
#4 0x7f1f0228868a in hwlmExecStreaming src/hwlm/hwlm.c:244:5
#5 0x7f1f02d5548a in pureLiteralStreamExec src/runtime.c:823:5
#6 0x7f1f02d5548a in hs_scan_stream_internal src/runtime.c:948:9
#7 0x7f1f02d5450f in hs_scan_stream src/runtime.c:992:21
#8 0x7f1f03c04ad9 in LogicalCombination_MultiCombStream1_Test::TestBody() unit/hyperscan/logical_combination.cpp:899:15
#9 0x7f1eb68d39d4 in testing::Test::Run() third_party/googletest/googletest/src/gtest.cc:2731:5
#10 0x7f1eb68d64bb in testing::TestInfo::Run() third_party/googletest/googletest/src/gtest.cc:2910:11
#11 0x7f1eb68d882b in testing::TestSuite::Run() third_party/googletest/googletest/src/gtest.cc:3069:30
#12 0x7f1eb690a124 in testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/googletest/src/gtest.cc:5942:44
#13 0x7f1eb6908fe9 in testing::UnitTest::Run() third_party/googletest/googletest/src/gtest.cc:5511:10
#14 0x5591583bf84f in RUN_ALL_TESTS third_party/googletest/googletest/include/gtest/gtest.h:2326:46
#15 0x5591583bf84f in main testing/base/internal/gunit_main.cc:83:10
Address 0x7f1e79a4f63f is located in stack of thread T0 at offset 63 in frame
#0 0x7f1f022887af in do_accel_streaming src/hwlm/hwlm.c:116
This frame has 1 object(s):
[32, 49) 'temp' (line 139) <== Memory access at offset 63 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow src/util/supervector/arch/x86/impl.cpp:518:21 in loadu_maskz
Shadow bytes around the buggy address:
0x0fe44f341e70: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe44f341e80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe44f341e90: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe44f341ea0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe44f341eb0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x0fe44f341ec0: f1 f1 f1 f1 00 00 01[f3]f3 f3 f3 f3 00 00 00 00
0x0fe44f341ed0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe44f341ee0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe44f341ef0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe44f341f00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe44f341f10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3279==ABORTING
from vectorscan.
markos
commented on August 12, 2024
Merged #93 so closing this.
from vectorscan.
Related Issues (20)
- Unexpected behavior in aarch64 HOT 4
- vectorscan/5.4.7 fails to enable SVE2 with gcc 10.3.0 HOT 12
- FAT_RUNTIME, shared library only builds, and various other distro related requirements. HOT 5
- Why vectorscan require GCC9+ while hyperscan require only GCC4.8? HOT 1
- 'Illegal instruction' error on x86_64 CentOS 7.9 HOT 12
- Building fails on macos/x64 with 'mktemp: illegal option -- p' HOT 4
- Port recent fixes from hyperscan HOT 2
- Build fails with glibc >= 2.34 HOT 2
- build with mingw-w64? HOT 4
- New release with recent perf improvements? HOT 4
- vectorscan 5.4.8 error: cannot use 'char' with '__vector bool' on alpine ppc64le HOT 3
- Build fails on x86 HOT 1
- different content of build/bin folder on x86 and aarch64 HOT 3
- assume_aligned vs. std::assume_aligned HOT 5
- HS_FLAG_UTF8 flag doesn't seem to work as expected on aarch64 platforms HOT 8
- Installation HOT 4
- Vectorscan 5.4.9 reports its version as 5.4.8 HOT 2
- Allow to cancel hs_scan*() HOT 5
- the actual type of char is different on different platforms HOT 4
- Different behavior on x64 and aarch64 HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vectorscan.