2012-11-30 21:26:26 +04:00
//------------------------------------------------------------------------------
// CLING - the C++ LLVM-based InterpreterG :)
// author: Vassil Vassilev <vvasilev@cern.ch>
2014-01-07 14:08:37 +04:00
//
// This file is dual-licensed: you can choose to license it under the University
// of Illinois Open Source License or the GNU Lesser General Public License. See
// LICENSE.TXT for details.
2012-11-30 21:26:26 +04:00
//------------------------------------------------------------------------------
2018-10-12 17:10:12 +03:00
# include "cling/MetaProcessor/MetaParser.h"
# include "cling/MetaProcessor/MetaSema.h"
2018-10-30 17:03:28 +03:00
# include "cling/MetaProcessor/MetaLexer.h"
2012-11-30 21:26:26 +04:00
2012-12-02 23:01:02 +04:00
# include "cling/Interpreter/Interpreter.h"
# include "cling/Interpreter/InvocationOptions.h"
2014-02-27 01:37:16 +04:00
# include "cling/Interpreter/Value.h"
2018-10-12 17:10:12 +03:00
2016-09-10 22:04:39 +03:00
# include "cling/Utils/Output.h"
2016-10-04 02:54:24 +03:00
# include "cling/Utils/Paths.h"
2012-12-02 23:01:02 +04:00
2012-11-30 21:26:26 +04:00
# include "llvm/ADT/StringRef.h"
# include "llvm/Support/Path.h"
2023-12-12 11:01:05 +03:00
# include <optional>
2012-11-30 21:26:26 +04:00
namespace cling {
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
MetaParser : : MetaParser ( MetaSema & Actions , llvm : : StringRef Line ) :
m_Lexer ( Line ) , m_Actions ( Actions ) {
const InvocationOptions & Opts = Actions . getInterpreter ( ) . getOptions ( ) ;
2012-12-02 23:01:02 +04:00
MetaLexer metaSymbolLexer ( Opts . MetaString ) ;
2012-12-02 23:05:24 +04:00
Token Tok ;
2012-12-02 23:01:02 +04:00
while ( true ) {
metaSymbolLexer . Lex ( Tok ) ;
if ( Tok . is ( tok : : eof ) )
break ;
m_MetaSymbolCache . push_back ( Tok ) ;
}
2012-11-30 21:26:26 +04:00
}
void MetaParser : : consumeToken ( ) {
if ( m_TokenCache . size ( ) )
m_TokenCache . erase ( m_TokenCache . begin ( ) ) ;
2014-02-28 13:22:05 +04:00
2012-11-30 21:26:26 +04:00
lookAhead ( 0 ) ;
}
void MetaParser : : consumeAnyStringToken ( tok : : TokenKind stopAt /*=tok::space*/ ) {
consumeToken ( ) ;
// we have to merge the tokens from the queue until we reach eof token or
// space token
2013-02-28 14:55:45 +04:00
skipWhitespace ( ) ;
2012-11-30 21:26:26 +04:00
// Add the new token in which we will merge the others.
Token & MergedTok = m_TokenCache . front ( ) ;
2014-02-28 13:22:05 +04:00
if ( MergedTok . is ( stopAt ) | | MergedTok . is ( tok : : eof )
2012-11-30 21:26:26 +04:00
| | MergedTok . is ( tok : : comment ) )
return ;
2015-03-31 11:14:48 +03:00
//look ahead for the next token without consuming it
2012-11-30 21:26:26 +04:00
Token Tok = lookAhead ( 1 ) ;
2014-04-17 16:14:00 +04:00
Token PrevTok = Tok ;
2012-12-01 04:54:25 +04:00
while ( Tok . isNot ( stopAt ) & & Tok . isNot ( tok : : eof ) ) {
2012-11-30 21:26:26 +04:00
//MergedTok.setLength(MergedTok.getLength() + Tok.getLength());
m_TokenCache . erase ( m_TokenCache . begin ( ) + 1 ) ;
2014-04-17 16:14:00 +04:00
PrevTok = Tok ;
2015-03-31 11:14:48 +03:00
//look ahead for the next token without consuming it
2012-11-30 21:26:26 +04:00
Tok = lookAhead ( 1 ) ;
}
MergedTok . setKind ( tok : : raw_ident ) ;
2014-04-17 16:14:00 +04:00
if ( PrevTok . is ( tok : : space ) ) {
// for "id <space> eof" the merged token should contain "id", not
// "id <space>".
Tok = PrevTok ;
}
2012-11-30 21:26:26 +04:00
MergedTok . setLength ( Tok . getBufStart ( ) - MergedTok . getBufStart ( ) ) ;
}
const Token & MetaParser : : lookAhead ( unsigned N ) {
if ( N < m_TokenCache . size ( ) )
return m_TokenCache [ N ] ;
for ( unsigned C = N + 1 - m_TokenCache . size ( ) ; C > 0 ; - - C ) {
m_TokenCache . push_back ( Token ( ) ) ;
2016-07-03 06:32:46 +03:00
m_Lexer . Lex ( m_TokenCache . back ( ) ) ;
2012-11-30 21:26:26 +04:00
}
return m_TokenCache . back ( ) ;
}
2013-02-28 14:55:45 +04:00
void MetaParser : : skipWhitespace ( ) {
2012-11-30 21:26:26 +04:00
while ( getCurTok ( ) . is ( tok : : space ) )
consumeToken ( ) ;
}
2013-06-10 17:14:36 +04:00
bool MetaParser : : isMetaCommand ( MetaSema : : ActionResult & actionResult ,
2014-02-27 01:37:16 +04:00
Value * resultValue ) {
2013-06-10 17:14:36 +04:00
return isCommandSymbol ( ) & & isCommand ( actionResult , resultValue ) ;
2012-11-30 21:26:26 +04:00
}
2014-02-28 13:22:05 +04:00
bool MetaParser : : isQuitRequested ( ) const {
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
return m_Actions . isQuitRequested ( ) ;
2012-12-06 15:47:24 +04:00
}
2012-11-30 21:26:26 +04:00
bool MetaParser : : isCommandSymbol ( ) {
2012-12-02 23:01:02 +04:00
for ( size_t i = 0 ; i < m_MetaSymbolCache . size ( ) ; + + i ) {
if ( getCurTok ( ) . getKind ( ) ! = m_MetaSymbolCache [ i ] . getKind ( ) )
return false ;
consumeToken ( ) ;
}
return true ;
2012-11-30 21:26:26 +04:00
}
2013-06-10 17:14:36 +04:00
bool MetaParser : : isCommand ( MetaSema : : ActionResult & actionResult ,
2014-02-27 01:37:16 +04:00
Value * resultValue ) {
2013-06-10 17:14:36 +04:00
if ( resultValue )
2014-02-27 01:37:16 +04:00
* resultValue = Value ( ) ;
2014-10-31 06:24:29 +03:00
// Assume success; some actions don't set it.
actionResult = MetaSema : : AR_Success ;
2013-05-24 19:50:13 +04:00
return isLCommand ( actionResult )
2014-05-24 16:21:02 +04:00
| | isXCommand ( actionResult , resultValue ) | | isTCommand ( actionResult )
2014-05-29 18:59:34 +04:00
| | isAtCommand ( )
2013-08-13 13:06:58 +04:00
| | isqCommand ( ) | | isUCommand ( actionResult ) | | isICommand ( )
2017-04-10 11:59:25 +03:00
| | isOCommand ( actionResult ) | | israwInputCommand ( )
2015-03-20 14:39:33 +03:00
| | isdebugCommand ( ) | | isprintDebugCommand ( )
2014-02-28 13:08:13 +04:00
| | isdynamicExtensionsCommand ( ) | | ishelpCommand ( ) | | isfileExCommand ( )
2014-04-14 10:48:29 +04:00
| | isfilesCommand ( ) | | isClassCommand ( ) | | isNamespaceCommand ( ) | | isgCommand ( )
2014-02-28 19:48:36 +04:00
| | isTypedefCommand ( )
2014-02-28 13:08:13 +04:00
| | isShellCommand ( actionResult , resultValue ) | | isstoreStateCommand ( )
| | iscompareStateCommand ( ) | | isstatsCommand ( ) | | isundoCommand ( )
2017-04-04 16:07:13 +03:00
| | isRedirectCommand ( actionResult ) | | istraceCommand ( ) ;
2012-11-30 21:26:26 +04:00
}
2014-04-16 15:02:11 +04:00
// L := 'L' FilePath Comment
2012-11-30 21:26:26 +04:00
// FilePath := AnyString
2014-04-16 15:02:11 +04:00
// AnyString := .*^('\t' Comment)
2013-05-24 19:50:13 +04:00
bool MetaParser : : isLCommand ( MetaSema : : ActionResult & actionResult ) {
2012-11-30 21:26:26 +04:00
if ( getCurTok ( ) . is ( tok : : ident ) & & getCurTok ( ) . getIdent ( ) . equals ( " L " ) ) {
2014-04-16 15:02:11 +04:00
consumeAnyStringToken ( tok : : comment ) ;
2020-10-11 00:43:37 +03:00
llvm : : StringRef filePath ;
2012-11-30 21:26:26 +04:00
if ( getCurTok ( ) . is ( tok : : raw_ident ) ) {
2020-10-11 00:43:37 +03:00
filePath = getCurTok ( ) . getIdent ( ) ;
2012-11-30 21:26:26 +04:00
consumeToken ( ) ;
if ( getCurTok ( ) . is ( tok : : comment ) ) {
2014-04-16 15:02:11 +04:00
consumeAnyStringToken ( tok : : eof ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnComment ( getCurTok ( ) . getIdent ( ) ) ;
2012-11-30 21:26:26 +04:00
}
}
2020-10-11 00:43:37 +03:00
actionResult = m_Actions . actOnLCommand ( filePath ) ;
return true ;
2012-11-30 21:26:26 +04:00
}
// TODO: Some fine grained diagnostics
2020-10-11 00:43:37 +03:00
return false ;
2012-11-30 21:26:26 +04:00
}
2014-05-24 17:15:28 +04:00
2014-05-24 16:21:02 +04:00
// T := 'T' FilePath Comment
// FilePath := AnyString
// AnyString := .*^('\t' Comment)
bool MetaParser : : isTCommand ( MetaSema : : ActionResult & actionResult ) {
bool result = false ;
if ( getCurTok ( ) . is ( tok : : ident ) & & getCurTok ( ) . getIdent ( ) . equals ( " T " ) ) {
2014-07-22 17:36:48 +04:00
consumeAnyStringToken ( ) ;
2014-05-24 16:21:02 +04:00
if ( getCurTok ( ) . is ( tok : : raw_ident ) ) {
2021-09-11 21:12:30 +03:00
std : : string inputFile = getCurTok ( ) . getIdent ( ) . str ( ) ;
2014-07-22 17:36:48 +04:00
consumeAnyStringToken ( tok : : eof ) ;
if ( getCurTok ( ) . is ( tok : : raw_ident ) ) {
result = true ;
2021-09-11 21:12:30 +03:00
std : : string outputFile = getCurTok ( ) . getIdent ( ) . str ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
actionResult = m_Actions . actOnTCommand ( inputFile , outputFile ) ;
2014-05-24 16:21:02 +04:00
}
}
}
// TODO: Some fine grained diagnostics
return result ;
}
2013-12-18 18:51:27 +04:00
// >RedirectCommand := '>' FilePath
2013-12-10 15:03:26 +04:00
// FilePath := AnyString
// AnyString := .*^(' ' | '\t')
bool MetaParser : : isRedirectCommand ( MetaSema : : ActionResult & actionResult ) {
2013-12-16 19:18:27 +04:00
2014-01-14 12:58:35 +04:00
unsigned constant_FD = 0 ;
2013-12-16 19:18:27 +04:00
// Default redirect is stdout.
2014-01-13 11:57:12 +04:00
MetaProcessor : : RedirectionScope stream = MetaProcessor : : kSTDOUT ;
2014-01-14 12:58:35 +04:00
2017-03-22 22:58:08 +03:00
if ( getCurTok ( ) . is ( tok : : constant ) & & lookAhead ( 1 ) . is ( tok : : greater ) ) {
2013-12-10 15:03:26 +04:00
// > or 1> the redirection is for stdout stream
// 2> redirection for stderr stream
2014-01-14 12:58:35 +04:00
constant_FD = getCurTok ( ) . getConstant ( ) ;
if ( constant_FD = = 2 ) {
2013-12-18 18:51:27 +04:00
stream = MetaProcessor : : kSTDERR ;
2014-01-14 12:58:35 +04:00
// Wrong constant_FD, do not redirect.
} else if ( constant_FD ! = 1 ) {
2016-09-10 22:04:39 +03:00
cling : : errs ( ) < < " cling::MetaParser::isRedirectCommand(): "
< < " invalid file descriptor number " < < constant_FD < < " \n " ;
2014-01-13 11:57:12 +04:00
return true ;
2013-12-10 15:03:26 +04:00
}
2013-12-17 15:17:01 +04:00
consumeToken ( ) ;
}
2013-12-18 18:51:27 +04:00
// &> redirection for both stdout & stderr
2013-12-17 15:17:01 +04:00
if ( getCurTok ( ) . is ( tok : : ampersand ) ) {
2016-08-31 00:06:03 +03:00
if ( constant_FD = = 0 ) {
2014-01-14 12:58:35 +04:00
stream = MetaProcessor : : kSTDBOTH ;
}
2013-12-17 20:34:53 +04:00
consumeToken ( ) ;
2013-12-10 15:03:26 +04:00
}
2016-08-31 00:06:03 +03:00
llvm : : StringRef file ;
2013-12-17 15:17:01 +04:00
if ( getCurTok ( ) . is ( tok : : greater ) ) {
2013-12-16 19:18:27 +04:00
bool append = false ;
2016-08-31 00:06:03 +03:00
// check whether we have >>
2016-11-29 02:04:32 +03:00
if ( lookAhead ( 1 ) . is ( tok : : greater ) ) {
2016-08-31 00:06:03 +03:00
consumeToken ( ) ;
2016-11-29 02:04:32 +03:00
append = true ;
2016-08-31 00:06:03 +03:00
}
2014-01-14 12:58:35 +04:00
// check for syntax like: 2>&1
2016-11-29 02:04:32 +03:00
if ( lookAhead ( 1 ) . is ( tok : : ampersand ) ) {
if ( constant_FD = = 0 )
2014-01-14 12:58:35 +04:00
stream = MetaProcessor : : kSTDBOTH ;
2016-11-29 02:04:32 +03:00
const Token & Tok = lookAhead ( 2 ) ;
2016-08-31 00:06:03 +03:00
if ( Tok . is ( tok : : constant ) ) {
switch ( Tok . getConstant ( ) ) {
case 1 : file = llvm : : StringRef ( " &1 " ) ; break ;
case 2 : file = llvm : : StringRef ( " &2 " ) ; break ;
default : break ;
2014-01-14 12:58:35 +04:00
}
2016-08-31 00:06:03 +03:00
if ( ! file . empty ( ) ) {
// Mark the stream name as refering to stderr or stdout, not a name
stream = MetaProcessor : : RedirectionScope ( stream |
MetaProcessor : : kSTDSTRM ) ;
2016-11-29 02:04:32 +03:00
consumeToken ( ) ; // &
consumeToken ( ) ; // 1,2
2014-01-14 12:58:35 +04:00
}
2013-12-10 15:03:26 +04:00
}
}
2016-10-04 02:54:24 +03:00
std : : string EnvExpand ;
2016-11-29 02:04:32 +03:00
if ( ! lookAhead ( 1 ) . is ( tok : : eof ) & & ! ( stream & MetaProcessor : : kSTDSTRM ) ) {
2016-08-31 00:06:03 +03:00
consumeAnyStringToken ( tok : : eof ) ;
if ( getCurTok ( ) . is ( tok : : raw_ident ) ) {
2021-09-11 21:12:30 +03:00
EnvExpand = getCurTok ( ) . getIdent ( ) . str ( ) ;
2016-10-04 02:54:24 +03:00
// Quoted path, no expansion and strip quotes
if ( EnvExpand . size ( ) > 3 & & EnvExpand . front ( ) = = ' " ' & &
EnvExpand . back ( ) = = ' " ' ) {
file = EnvExpand ;
file = file . substr ( 1 , file . size ( ) - 2 ) ;
} else if ( ! EnvExpand . empty ( ) ) {
cling : : utils : : ExpandEnvVars ( EnvExpand ) ;
file = EnvExpand ;
}
2016-08-31 00:06:03 +03:00
consumeToken ( ) ;
2016-10-04 02:54:24 +03:00
// If we had a token, we need a path; empty means to undo a redirect
if ( file . empty ( ) )
return false ;
2016-08-31 00:06:03 +03:00
}
}
2013-12-18 18:51:27 +04:00
// Empty file means std.
2013-12-10 15:03:26 +04:00
actionResult =
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnRedirectCommand ( file /*file*/ ,
stream /*which stream to redirect*/ ,
append /*append mode*/ ) ;
2013-12-10 15:03:26 +04:00
return true ;
2014-02-28 13:22:05 +04:00
}
2013-12-10 15:03:26 +04:00
return false ;
}
2012-12-01 20:48:33 +04:00
// XCommand := 'x' FilePath[ArgList] | 'X' FilePath[ArgList]
2012-11-30 21:26:26 +04:00
// FilePath := AnyString
// ArgList := (ExtraArgList) ' ' [ArgList]
// ExtraArgList := AnyString [, ExtraArgList]
2013-06-10 17:14:36 +04:00
bool MetaParser : : isXCommand ( MetaSema : : ActionResult & actionResult ,
2014-02-27 01:37:16 +04:00
Value * resultValue ) {
2013-06-10 17:14:36 +04:00
if ( resultValue )
2014-02-27 01:37:16 +04:00
* resultValue = Value ( ) ;
2012-12-01 20:48:33 +04:00
const Token & Tok = getCurTok ( ) ;
if ( Tok . is ( tok : : ident ) & & ( Tok . getIdent ( ) . equals ( " x " )
| | Tok . getIdent ( ) . equals ( " X " ) ) ) {
2012-11-30 21:26:26 +04:00
consumeToken ( ) ;
2019-05-14 15:05:01 +03:00
skipWhitespace ( ) ;
// There might be an ArgList:
int forward = 0 ;
std : : string args ;
llvm : : StringRef file ( getCurTok ( ) . getBufStart ( ) ) ;
2022-08-28 00:58:43 +03:00
if ( file . empty ( ) ) {
return false ; // FIXME: Issue proper diagnostics
}
2019-05-14 15:05:01 +03:00
while ( ! lookAhead ( forward ) . is ( tok : : eof ) )
+ + forward ;
2019-05-14 19:06:46 +03:00
// Skip any trailing ';':
if ( lookAhead ( forward - 1 ) . is ( tok : : semicolon ) )
- - forward ;
2019-05-14 15:05:01 +03:00
// Now track back to find the opening '('.
if ( lookAhead ( forward - 1 ) . is ( tok : : r_paren ) ) {
// Trailing ')' - we interpret that as an argument.
- - forward ; // skip ')'
int nesting = 1 ;
while ( - - forward > 0 & & nesting ) {
if ( lookAhead ( forward ) . is ( tok : : l_paren ) )
- - nesting ;
else if ( lookAhead ( forward ) . is ( tok : : r_paren ) )
+ + nesting ;
}
if ( forward = = 0 ) {
cling : : errs ( ) < < " cling::MetaParser::isXCommand(): "
" error parsing argument in " < < getCurTok ( ) . getBufStart ( ) < < ' \n ' ;
// interpret everything as "the file"
} else {
while ( forward - - )
consumeToken ( ) ;
consumeToken ( ) ; // the forward-0 token.
args = getCurTok ( ) . getBufStart ( ) ;
file = file . drop_back ( args . length ( ) ) ;
}
}
2013-05-24 19:50:13 +04:00
2015-03-31 11:30:06 +03:00
if ( args . empty ( ) )
args = " () " ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
actionResult = m_Actions . actOnxCommand ( file , args , resultValue ) ;
2013-06-07 16:09:13 +04:00
return true ;
2012-11-30 21:26:26 +04:00
}
2013-06-07 16:09:13 +04:00
return false ;
2012-11-30 21:26:26 +04:00
}
// ExtraArgList := AnyString [, ExtraArgList]
bool MetaParser : : isExtraArgList ( ) {
// This might be expanded if we need better arg parsing.
consumeAnyStringToken ( tok : : r_paren ) ;
2014-02-28 13:22:05 +04:00
2012-11-30 21:26:26 +04:00
return getCurTok ( ) . is ( tok : : raw_ident ) ;
}
bool MetaParser : : isqCommand ( ) {
bool result = false ;
if ( getCurTok ( ) . is ( tok : : ident ) & & getCurTok ( ) . getIdent ( ) . equals ( " q " ) ) {
result = true ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnqCommand ( ) ;
2012-11-30 21:26:26 +04:00
}
return result ;
}
2013-05-24 19:50:13 +04:00
bool MetaParser : : isUCommand ( MetaSema : : ActionResult & actionResult ) {
2012-12-02 23:31:08 +04:00
if ( getCurTok ( ) . is ( tok : : ident ) & & getCurTok ( ) . getIdent ( ) . equals ( " U " ) ) {
2014-04-16 15:02:11 +04:00
consumeAnyStringToken ( tok : : eof ) ;
2014-03-28 18:37:48 +04:00
llvm : : StringRef path ;
if ( getCurTok ( ) . is ( tok : : raw_ident ) ) {
path = getCurTok ( ) . getIdent ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
actionResult = m_Actions . actOnUCommand ( path ) ;
2014-03-28 18:37:48 +04:00
return true ;
}
2012-11-30 21:26:26 +04:00
}
return false ;
}
bool MetaParser : : isICommand ( ) {
2014-05-30 18:24:06 +04:00
if ( getCurTok ( ) . is ( tok : : ident ) & &
( getCurTok ( ) . getIdent ( ) . equals ( " I " )
| | getCurTok ( ) . getIdent ( ) . equals ( " include " ) ) ) {
2014-04-16 15:02:11 +04:00
consumeAnyStringToken ( tok : : eof ) ;
2013-09-19 19:03:30 +04:00
llvm : : StringRef path ;
2012-11-30 21:26:26 +04:00
if ( getCurTok ( ) . is ( tok : : raw_ident ) )
path = getCurTok ( ) . getIdent ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnICommand ( path ) ;
2012-11-30 21:26:26 +04:00
return true ;
}
return false ;
}
2014-02-28 13:22:05 +04:00
2017-04-10 11:59:25 +03:00
bool MetaParser : : isOCommand ( MetaSema : : ActionResult & actionResult ) {
2013-08-13 13:06:58 +04:00
const Token & currTok = getCurTok ( ) ;
if ( currTok . is ( tok : : ident ) ) {
llvm : : StringRef ident = currTok . getIdent ( ) ;
2024-02-02 13:11:47 +03:00
if ( ident . starts_with ( " O " ) ) {
2013-08-13 13:06:58 +04:00
if ( ident . size ( ) > 1 ) {
int level = 0 ;
if ( ! ident . substr ( 1 ) . getAsInteger ( 10 , level ) & & level > = 0 ) {
consumeAnyStringToken ( tok : : eof ) ;
if ( getCurTok ( ) . is ( tok : : raw_ident ) )
return false ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
actionResult = m_Actions . actOnOCommand ( level ) ;
2013-08-13 13:06:58 +04:00
return true ;
}
} else {
consumeAnyStringToken ( tok : : eof ) ;
const Token & lastStringToken = getCurTok ( ) ;
2014-01-15 18:27:58 +04:00
if ( lastStringToken . is ( tok : : raw_ident )
& & lastStringToken . getLength ( ) ) {
2013-08-13 13:06:58 +04:00
int level = 0 ;
2017-04-10 11:59:25 +03:00
if ( ! lastStringToken . getIdent ( ) . getAsInteger ( 10 , level )
& & level > = 0 ) {
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
actionResult = m_Actions . actOnOCommand ( level ) ;
2013-08-13 13:06:58 +04:00
return true ;
}
} else {
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnOCommand ( ) ;
2017-04-10 11:59:25 +03:00
actionResult = MetaSema : : AR_Success ;
2013-08-13 13:06:58 +04:00
return true ;
}
}
}
}
return false ;
}
2012-11-30 21:26:26 +04:00
2014-05-29 18:59:34 +04:00
bool MetaParser : : isAtCommand ( ) {
if ( getCurTok ( ) . is ( tok : : at ) // && getCurTok().getIdent().equals("@")
) {
consumeToken ( ) ;
skipWhitespace ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnAtCommand ( ) ;
2014-05-29 18:59:34 +04:00
return true ;
}
return false ;
}
2012-11-30 21:26:26 +04:00
bool MetaParser : : israwInputCommand ( ) {
if ( getCurTok ( ) . is ( tok : : ident ) & &
getCurTok ( ) . getIdent ( ) . equals ( " rawInput " ) ) {
MetaSema : : SwitchMode mode = MetaSema : : kToggle ;
consumeToken ( ) ;
2013-02-28 14:55:45 +04:00
skipWhitespace ( ) ;
2012-11-30 21:26:26 +04:00
if ( getCurTok ( ) . is ( tok : : constant ) )
2013-10-29 07:13:39 +04:00
mode = ( MetaSema : : SwitchMode ) getCurTok ( ) . getConstantAsBool ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnrawInputCommand ( mode ) ;
2012-11-30 21:26:26 +04:00
return true ;
}
return false ;
}
2015-03-20 14:39:33 +03:00
bool MetaParser : : isdebugCommand ( ) {
if ( getCurTok ( ) . is ( tok : : ident ) & &
getCurTok ( ) . getIdent ( ) . equals ( " debug " ) ) {
2023-12-12 11:01:05 +03:00
std : : optional < int > mode ;
2015-03-20 14:39:33 +03:00
consumeToken ( ) ;
skipWhitespace ( ) ;
if ( getCurTok ( ) . is ( tok : : constant ) )
mode = getCurTok ( ) . getConstant ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOndebugCommand ( mode ) ;
2015-03-20 14:39:33 +03:00
return true ;
}
return false ;
}
2014-02-28 19:56:12 +04:00
bool MetaParser : : isprintDebugCommand ( ) {
2012-11-30 21:26:26 +04:00
if ( getCurTok ( ) . is ( tok : : ident ) & &
2014-02-28 19:56:12 +04:00
getCurTok ( ) . getIdent ( ) . equals ( " printDebug " ) ) {
2012-11-30 21:26:26 +04:00
MetaSema : : SwitchMode mode = MetaSema : : kToggle ;
consumeToken ( ) ;
2013-02-28 14:55:45 +04:00
skipWhitespace ( ) ;
2012-11-30 21:26:26 +04:00
if ( getCurTok ( ) . is ( tok : : constant ) )
2013-10-29 07:13:39 +04:00
mode = ( MetaSema : : SwitchMode ) getCurTok ( ) . getConstantAsBool ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnprintDebugCommand ( mode ) ;
2012-11-30 21:26:26 +04:00
return true ;
}
return false ;
}
2013-08-21 14:25:48 +04:00
bool MetaParser : : isstoreStateCommand ( ) {
if ( getCurTok ( ) . is ( tok : : ident ) & &
getCurTok ( ) . getIdent ( ) . equals ( " storeState " ) ) {
//MetaSema::SwitchMode mode = MetaSema::kToggle;
consumeToken ( ) ;
skipWhitespace ( ) ;
2015-04-04 21:15:21 +03:00
if ( ! getCurTok ( ) . is ( tok : : stringlit ) )
2014-02-28 13:22:05 +04:00
return false ; // FIXME: Issue proper diagnostics
2021-09-11 21:12:30 +03:00
std : : string ident = getCurTok ( ) . getIdentNoQuotes ( ) . str ( ) ;
2013-08-21 14:25:48 +04:00
consumeToken ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnstoreStateCommand ( ident ) ;
2013-08-21 14:25:48 +04:00
return true ;
}
return false ;
}
bool MetaParser : : iscompareStateCommand ( ) {
if ( getCurTok ( ) . is ( tok : : ident ) & &
getCurTok ( ) . getIdent ( ) . equals ( " compareState " ) ) {
//MetaSema::SwitchMode mode = MetaSema::kToggle;
consumeToken ( ) ;
skipWhitespace ( ) ;
2015-04-04 21:15:21 +03:00
if ( ! getCurTok ( ) . is ( tok : : stringlit ) )
2014-02-28 13:22:05 +04:00
return false ; // FIXME: Issue proper diagnostics
2021-09-11 21:12:30 +03:00
std : : string ident = getCurTok ( ) . getIdentNoQuotes ( ) . str ( ) ;
2013-08-21 14:25:48 +04:00
consumeToken ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOncompareStateCommand ( ident ) ;
2013-08-21 14:25:48 +04:00
return true ;
}
return false ;
}
2014-02-28 13:08:13 +04:00
bool MetaParser : : isstatsCommand ( ) {
if ( getCurTok ( ) . is ( tok : : ident ) & &
getCurTok ( ) . getIdent ( ) . equals ( " stats " ) ) {
consumeToken ( ) ;
skipWhitespace ( ) ;
if ( ! getCurTok ( ) . is ( tok : : ident ) )
return false ; // FIXME: Issue proper diagnostics
2016-07-04 23:20:28 +03:00
llvm : : StringRef what = getCurTok ( ) . getIdent ( ) ;
2014-02-28 13:08:13 +04:00
consumeToken ( ) ;
2016-07-04 23:20:28 +03:00
skipWhitespace ( ) ;
const Token & next = getCurTok ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnstatsCommand ( what , next . is ( tok : : ident )
2016-07-04 23:20:28 +03:00
? next . getIdent ( ) : llvm : : StringRef ( ) ) ;
2014-02-28 13:08:13 +04:00
return true ;
}
return false ;
}
2017-04-04 16:07:13 +03:00
// dumps/creates a trace of the requested representation.
bool MetaParser : : istraceCommand ( ) {
if ( getCurTok ( ) . is ( tok : : ident ) & &
getCurTok ( ) . getIdent ( ) . equals ( " trace " ) ) {
consumeToken ( ) ;
skipWhitespace ( ) ;
if ( ! getCurTok ( ) . is ( tok : : ident ) )
return false ;
llvm : : StringRef ident = getCurTok ( ) . getIdent ( ) ;
consumeToken ( ) ;
skipWhitespace ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnstatsCommand ( ident . equals ( " ast " )
2017-04-04 16:07:13 +03:00
? llvm : : StringRef ( " asttree " ) : ident ,
getCurTok ( ) . is ( tok : : ident ) ? getCurTok ( ) . getIdent ( ) : llvm : : StringRef ( ) ) ;
consumeToken ( ) ;
return true ;
}
return false ;
}
2013-10-29 08:19:37 +04:00
bool MetaParser : : isundoCommand ( ) {
if ( getCurTok ( ) . is ( tok : : ident ) & &
getCurTok ( ) . getIdent ( ) . equals ( " undo " ) ) {
2014-02-28 13:22:05 +04:00
consumeToken ( ) ;
2013-10-29 08:19:37 +04:00
skipWhitespace ( ) ;
const Token & next = getCurTok ( ) ;
if ( next . is ( tok : : constant ) )
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnUndoCommand ( next . getConstant ( ) ) ;
2013-10-29 08:23:02 +04:00
else
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnUndoCommand ( ) ;
2013-10-29 08:19:37 +04:00
return true ;
}
return false ;
}
2012-11-30 21:26:26 +04:00
bool MetaParser : : isdynamicExtensionsCommand ( ) {
if ( getCurTok ( ) . is ( tok : : ident ) & &
getCurTok ( ) . getIdent ( ) . equals ( " dynamicExtensions " ) ) {
MetaSema : : SwitchMode mode = MetaSema : : kToggle ;
consumeToken ( ) ;
2013-02-28 14:55:45 +04:00
skipWhitespace ( ) ;
2012-11-30 21:26:26 +04:00
if ( getCurTok ( ) . is ( tok : : constant ) )
2013-10-29 07:13:39 +04:00
mode = ( MetaSema : : SwitchMode ) getCurTok ( ) . getConstantAsBool ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOndynamicExtensionsCommand ( mode ) ;
2012-11-30 21:26:26 +04:00
return true ;
}
return false ;
}
bool MetaParser : : ishelpCommand ( ) {
2013-01-15 14:11:52 +04:00
const Token & Tok = getCurTok ( ) ;
2014-02-28 13:22:05 +04:00
if ( Tok . is ( tok : : quest_mark ) | |
2013-01-15 14:11:52 +04:00
( Tok . is ( tok : : ident ) & & Tok . getIdent ( ) . equals ( " help " ) ) ) {
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnhelpCommand ( ) ;
2012-11-30 21:26:26 +04:00
return true ;
}
return false ;
}
bool MetaParser : : isfileExCommand ( ) {
if ( getCurTok ( ) . is ( tok : : ident ) & & getCurTok ( ) . getIdent ( ) . equals ( " fileEx " ) ) {
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnfileExCommand ( ) ;
2012-11-30 21:26:26 +04:00
return true ;
}
return false ;
}
bool MetaParser : : isfilesCommand ( ) {
if ( getCurTok ( ) . is ( tok : : ident ) & & getCurTok ( ) . getIdent ( ) . equals ( " files " ) ) {
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnfilesCommand ( ) ;
2012-11-30 21:26:26 +04:00
return true ;
}
return false ;
}
2012-12-01 17:46:50 +04:00
bool MetaParser : : isClassCommand ( ) {
const Token & Tok = getCurTok ( ) ;
if ( Tok . is ( tok : : ident ) ) {
2022-04-07 16:43:59 +03:00
if ( Tok . getIdent ( ) . equals ( " class " ) | | Tok . getIdent ( ) . equals ( " Class " ) ) {
const bool verbose = Tok . getIdent ( ) . equals ( " Class " ) ;
2012-12-05 20:36:42 +04:00
consumeAnyStringToken ( tok : : eof ) ;
2012-12-01 17:46:50 +04:00
const Token & NextTok = getCurTok ( ) ;
llvm : : StringRef className ;
if ( NextTok . is ( tok : : raw_ident ) )
2012-12-05 20:36:42 +04:00
className = NextTok . getIdent ( ) ;
2022-04-07 16:43:59 +03:00
m_Actions . actOnClassCommand ( className , verbose ) ;
2012-12-01 17:46:50 +04:00
return true ;
}
}
return false ;
}
2014-08-04 06:05:42 +04:00
2014-04-14 10:48:29 +04:00
bool MetaParser : : isNamespaceCommand ( ) {
const Token & Tok = getCurTok ( ) ;
if ( Tok . is ( tok : : ident ) ) {
if ( Tok . getIdent ( ) . equals ( " namespace " ) ) {
consumeAnyStringToken ( tok : : eof ) ;
if ( getCurTok ( ) . is ( tok : : raw_ident ) )
return false ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnNamespaceCommand ( ) ;
2014-04-14 10:48:29 +04:00
return true ;
}
}
return false ;
}
2012-12-01 17:46:50 +04:00
2012-12-03 00:14:02 +04:00
bool MetaParser : : isgCommand ( ) {
if ( getCurTok ( ) . is ( tok : : ident ) & & getCurTok ( ) . getIdent ( ) . equals ( " g " ) ) {
consumeToken ( ) ;
2013-02-28 14:55:45 +04:00
skipWhitespace ( ) ;
2012-12-03 00:14:02 +04:00
llvm : : StringRef varName ;
if ( getCurTok ( ) . is ( tok : : ident ) )
varName = getCurTok ( ) . getIdent ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOngCommand ( varName ) ;
2012-12-03 00:14:02 +04:00
return true ;
}
return false ;
}
2014-02-28 13:22:05 +04:00
2012-12-05 17:20:58 +04:00
bool MetaParser : : isTypedefCommand ( ) {
const Token & Tok = getCurTok ( ) ;
if ( Tok . is ( tok : : ident ) ) {
if ( Tok . getIdent ( ) . equals ( " typedef " ) ) {
2012-12-11 13:19:50 +04:00
consumeAnyStringToken ( tok : : eof ) ;
2012-12-05 17:20:58 +04:00
const Token & NextTok = getCurTok ( ) ;
llvm : : StringRef typedefName ;
if ( NextTok . is ( tok : : raw_ident ) )
typedefName = NextTok . getIdent ( ) ;
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions . actOnTypedefCommand ( typedefName ) ;
2012-12-05 17:20:58 +04:00
return true ;
}
}
return false ;
}
2014-02-28 13:22:05 +04:00
2013-06-10 17:14:36 +04:00
bool MetaParser : : isShellCommand ( MetaSema : : ActionResult & actionResult ,
2014-02-27 01:37:16 +04:00
Value * resultValue ) {
2013-06-10 17:14:36 +04:00
if ( resultValue )
2014-02-27 01:37:16 +04:00
* resultValue = Value ( ) ;
2012-12-11 13:19:50 +04:00
const Token & Tok = getCurTok ( ) ;
if ( Tok . is ( tok : : excl_mark ) ) {
consumeAnyStringToken ( tok : : eof ) ;
const Token & NextTok = getCurTok ( ) ;
if ( NextTok . is ( tok : : raw_ident ) ) {
llvm : : StringRef commandLine ( NextTok . getIdent ( ) ) ;
if ( ! commandLine . empty ( ) )
Lifetime of MetaParser is that of its input:
Before, MetaParser might have pointed to a StringRef whose storage
was gone, see asan failure in roottest/cling/other/runfileClose.C below.
This was caused by recursive uses of MetaParser; see stack trace below:
the inner recursion returned, but as the same MetaParser object was used
by both frames, the objects cursor now pointed to freed memory.
Instead, create a MetaParser (and MetaLexer) object per input. That way,
their lifetime corresponds to the lifetime of their input.
=================================================================
==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168
READ of size 1 at 0x7ffff3afd82a thread T0
[Detaching after fork from child process 529183]
#0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11
#1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15
#2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5
#3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9
#4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12
#5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33
#6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24
#7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29
#8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10
#9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27
#10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20
#11 0x7fffd78dd08b (<unknown module>)
#12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3
#13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20
#14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29
#15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9
#16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22
#17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39
#18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17
#19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30
#20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11
#21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14
#22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11
#23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22
#24 0x4ff96d in main src/main/src/rmain.cxx:30:12
#25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16
#26 0x41f35d in _start (asan/bin/root.exe+0x41f35d)
Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame
#0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456
This frame has 21 object(s):
[32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable
[96, 104) 'R__guard2471' (line 2471)
[128, 136) 'R__guard2488' (line 2488)
[160, 176) 'interpreterFlagsRAII' (line 2491)
[192, 240) 'result' (line 2511)
[272, 276) 'compRes' (line 2512)
[288, 312) 'mod_line' (line 2517)
[352, 376) 'aclicMode' (line 2518)
[416, 440) 'arguments' (line 2519)
[480, 504) 'io' (line 2520)
[544, 568) 'fname' (line 2521)
[608, 632) 'ref.tmp' (line 2547)
[672, 696) 'ref.tmp145' (line 2547)
[736, 768) 'code' (line 2555)
[800, 832) 'codeline' (line 2556)
[864, 1384) 'in' (line 2559)
[1520, 1552) 'ref.tmp176' (line 2562)
[1584, 1600) 'agg.tmp'
[1616, 1624) 'ref.tmp198' (line 2568)
[1648, 1664) 'agg.tmp207'
[1680, 1696) 'autoParseRaii' (line 2588)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&)
Shadow bytes around the buggy address:
0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==529104==ABORTING
at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49
at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41
compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false)
at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314
input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess,
result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431
error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591
sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472
line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>)
at src/core/base/src/TROOT.cxx:2328
from asan/roottest/cling/other/fileClose_C.so
filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257)
at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270
at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118
permanent=false, resolved=true)
at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184
at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444
T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560
at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57
actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
actionResult = m_Actions . actOnShellCommand ( commandLine ,
2013-05-24 19:50:13 +04:00
resultValue ) ;
2012-12-11 13:19:50 +04:00
}
return true ;
}
return false ;
}
2012-12-03 00:14:02 +04:00
2012-11-30 21:26:26 +04:00
} // end namespace cling