cling/lib/MetaProcessor/MetaParser.cpp

667 lines
21 KiB
C++
Raw Normal View History

//------------------------------------------------------------------------------
// CLING - the C++ LLVM-based InterpreterG :)
// author: Vassil Vassilev <vvasilev@cern.ch>
2014-01-07 14:08:37 +04:00
//
// This file is dual-licensed: you can choose to license it under the University
// of Illinois Open Source License or the GNU Lesser General Public License. See
// LICENSE.TXT for details.
//------------------------------------------------------------------------------
#include "cling/MetaProcessor/MetaParser.h"
#include "cling/MetaProcessor/MetaSema.h"
#include "cling/MetaProcessor/MetaLexer.h"
#include "cling/Interpreter/Interpreter.h"
#include "cling/Interpreter/InvocationOptions.h"
2014-02-27 01:37:16 +04:00
#include "cling/Interpreter/Value.h"
#include "cling/Utils/Output.h"
#include "cling/Utils/Paths.h"
#include "llvm/ADT/StringRef.h"
#include "llvm/Support/Path.h"
#include <optional>
namespace cling {
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
MetaParser::MetaParser(MetaSema &Actions, llvm::StringRef Line) :
m_Lexer(Line), m_Actions(Actions) {
const InvocationOptions& Opts = Actions.getInterpreter().getOptions();
MetaLexer metaSymbolLexer(Opts.MetaString);
Token Tok;
while(true) {
metaSymbolLexer.Lex(Tok);
if (Tok.is(tok::eof))
break;
m_MetaSymbolCache.push_back(Tok);
}
}
void MetaParser::consumeToken() {
if (m_TokenCache.size())
m_TokenCache.erase(m_TokenCache.begin());
2014-02-28 13:22:05 +04:00
lookAhead(0);
}
void MetaParser::consumeAnyStringToken(tok::TokenKind stopAt/*=tok::space*/) {
consumeToken();
// we have to merge the tokens from the queue until we reach eof token or
// space token
skipWhitespace();
// Add the new token in which we will merge the others.
Token& MergedTok = m_TokenCache.front();
2014-02-28 13:22:05 +04:00
if (MergedTok.is(stopAt) || MergedTok.is(tok::eof)
|| MergedTok.is(tok::comment))
return;
//look ahead for the next token without consuming it
Token Tok = lookAhead(1);
Token PrevTok = Tok;
while (Tok.isNot(stopAt) && Tok.isNot(tok::eof)){
//MergedTok.setLength(MergedTok.getLength() + Tok.getLength());
m_TokenCache.erase(m_TokenCache.begin() + 1);
PrevTok = Tok;
//look ahead for the next token without consuming it
Tok = lookAhead(1);
}
MergedTok.setKind(tok::raw_ident);
if (PrevTok.is(tok::space)) {
// for "id <space> eof" the merged token should contain "id", not
// "id <space>".
Tok = PrevTok;
}
MergedTok.setLength(Tok.getBufStart() - MergedTok.getBufStart());
}
const Token& MetaParser::lookAhead(unsigned N) {
if (N < m_TokenCache.size())
return m_TokenCache[N];
for (unsigned C = N+1 - m_TokenCache.size(); C > 0; --C) {
m_TokenCache.push_back(Token());
m_Lexer.Lex(m_TokenCache.back());
}
return m_TokenCache.back();
}
void MetaParser::skipWhitespace() {
while(getCurTok().is(tok::space))
consumeToken();
}
2013-06-10 17:14:36 +04:00
bool MetaParser::isMetaCommand(MetaSema::ActionResult& actionResult,
2014-02-27 01:37:16 +04:00
Value* resultValue) {
2013-06-10 17:14:36 +04:00
return isCommandSymbol() && isCommand(actionResult, resultValue);
}
2014-02-28 13:22:05 +04:00
bool MetaParser::isQuitRequested() const {
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
return m_Actions.isQuitRequested();
}
bool MetaParser::isCommandSymbol() {
for (size_t i = 0; i < m_MetaSymbolCache.size(); ++i) {
if (getCurTok().getKind() != m_MetaSymbolCache[i].getKind())
return false;
consumeToken();
}
return true;
}
2013-06-10 17:14:36 +04:00
bool MetaParser::isCommand(MetaSema::ActionResult& actionResult,
2014-02-27 01:37:16 +04:00
Value* resultValue) {
2013-06-10 17:14:36 +04:00
if (resultValue)
2014-02-27 01:37:16 +04:00
*resultValue = Value();
// Assume success; some actions don't set it.
actionResult = MetaSema::AR_Success;
return isLCommand(actionResult)
|| isXCommand(actionResult, resultValue) ||isTCommand(actionResult)
|| isAtCommand()
2013-08-13 13:06:58 +04:00
|| isqCommand() || isUCommand(actionResult) || isICommand()
|| isOCommand(actionResult) || israwInputCommand()
2015-03-20 14:39:33 +03:00
|| isdebugCommand() || isprintDebugCommand()
|| isdynamicExtensionsCommand() || ishelpCommand() || isfileExCommand()
2014-04-14 10:48:29 +04:00
|| isfilesCommand() || isClassCommand() || isNamespaceCommand() || isgCommand()
|| isTypedefCommand()
|| isShellCommand(actionResult, resultValue) || isstoreStateCommand()
|| iscompareStateCommand() || isstatsCommand() || isundoCommand()
|| isRedirectCommand(actionResult) || istraceCommand();
}
// L := 'L' FilePath Comment
// FilePath := AnyString
// AnyString := .*^('\t' Comment)
bool MetaParser::isLCommand(MetaSema::ActionResult& actionResult) {
if (getCurTok().is(tok::ident) && getCurTok().getIdent().equals("L")) {
consumeAnyStringToken(tok::comment);
llvm::StringRef filePath;
if (getCurTok().is(tok::raw_ident)) {
filePath = getCurTok().getIdent();
consumeToken();
if (getCurTok().is(tok::comment)) {
consumeAnyStringToken(tok::eof);
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnComment(getCurTok().getIdent());
}
}
actionResult = m_Actions.actOnLCommand(filePath);
return true;
}
// TODO: Some fine grained diagnostics
return false;
}
2014-05-24 17:15:28 +04:00
// T := 'T' FilePath Comment
// FilePath := AnyString
// AnyString := .*^('\t' Comment)
bool MetaParser::isTCommand(MetaSema::ActionResult& actionResult) {
bool result = false;
if (getCurTok().is(tok::ident) && getCurTok().getIdent().equals("T")) {
consumeAnyStringToken();
if (getCurTok().is(tok::raw_ident)) {
std::string inputFile = getCurTok().getIdent().str();
consumeAnyStringToken(tok::eof);
if (getCurTok().is(tok::raw_ident)) {
result = true;
std::string outputFile = getCurTok().getIdent().str();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
actionResult = m_Actions.actOnTCommand(inputFile, outputFile);
}
}
}
// TODO: Some fine grained diagnostics
return result;
}
// >RedirectCommand := '>' FilePath
2013-12-10 15:03:26 +04:00
// FilePath := AnyString
// AnyString := .*^(' ' | '\t')
bool MetaParser::isRedirectCommand(MetaSema::ActionResult& actionResult) {
2013-12-16 19:18:27 +04:00
2014-01-14 12:58:35 +04:00
unsigned constant_FD = 0;
2013-12-16 19:18:27 +04:00
// Default redirect is stdout.
2014-01-13 11:57:12 +04:00
MetaProcessor::RedirectionScope stream = MetaProcessor::kSTDOUT;
2014-01-14 12:58:35 +04:00
if (getCurTok().is(tok::constant) && lookAhead(1).is(tok::greater)) {
2013-12-10 15:03:26 +04:00
// > or 1> the redirection is for stdout stream
// 2> redirection for stderr stream
2014-01-14 12:58:35 +04:00
constant_FD = getCurTok().getConstant();
if (constant_FD == 2) {
stream = MetaProcessor::kSTDERR;
2014-01-14 12:58:35 +04:00
// Wrong constant_FD, do not redirect.
} else if (constant_FD != 1) {
cling::errs() << "cling::MetaParser::isRedirectCommand():"
<< "invalid file descriptor number " << constant_FD <<"\n";
2014-01-13 11:57:12 +04:00
return true;
2013-12-10 15:03:26 +04:00
}
2013-12-17 15:17:01 +04:00
consumeToken();
}
// &> redirection for both stdout & stderr
2013-12-17 15:17:01 +04:00
if (getCurTok().is(tok::ampersand)) {
if (constant_FD == 0) {
2014-01-14 12:58:35 +04:00
stream = MetaProcessor::kSTDBOTH;
}
2013-12-17 20:34:53 +04:00
consumeToken();
2013-12-10 15:03:26 +04:00
}
llvm::StringRef file;
2013-12-17 15:17:01 +04:00
if (getCurTok().is(tok::greater)) {
2013-12-16 19:18:27 +04:00
bool append = false;
// check whether we have >>
if (lookAhead(1).is(tok::greater)) {
consumeToken();
append = true;
}
2014-01-14 12:58:35 +04:00
// check for syntax like: 2>&1
if (lookAhead(1).is(tok::ampersand)) {
if (constant_FD == 0)
2014-01-14 12:58:35 +04:00
stream = MetaProcessor::kSTDBOTH;
const Token& Tok = lookAhead(2);
if (Tok.is(tok::constant)) {
switch (Tok.getConstant()) {
case 1: file = llvm::StringRef("&1"); break;
case 2: file = llvm::StringRef("&2"); break;
default: break;
2014-01-14 12:58:35 +04:00
}
if (!file.empty()) {
// Mark the stream name as refering to stderr or stdout, not a name
stream = MetaProcessor::RedirectionScope(stream |
MetaProcessor::kSTDSTRM);
consumeToken(); // &
consumeToken(); // 1,2
2014-01-14 12:58:35 +04:00
}
2013-12-10 15:03:26 +04:00
}
}
std::string EnvExpand;
if (!lookAhead(1).is(tok::eof) && !(stream & MetaProcessor::kSTDSTRM)) {
consumeAnyStringToken(tok::eof);
if (getCurTok().is(tok::raw_ident)) {
EnvExpand = getCurTok().getIdent().str();
// Quoted path, no expansion and strip quotes
if (EnvExpand.size() > 3 && EnvExpand.front() == '"' &&
EnvExpand.back() == '"') {
file = EnvExpand;
file = file.substr(1, file.size()-2);
} else if (!EnvExpand.empty()) {
cling::utils::ExpandEnvVars(EnvExpand);
file = EnvExpand;
}
consumeToken();
// If we had a token, we need a path; empty means to undo a redirect
if (file.empty())
return false;
}
}
// Empty file means std.
2013-12-10 15:03:26 +04:00
actionResult =
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnRedirectCommand(file/*file*/,
stream/*which stream to redirect*/,
append/*append mode*/);
2013-12-10 15:03:26 +04:00
return true;
2014-02-28 13:22:05 +04:00
}
2013-12-10 15:03:26 +04:00
return false;
}
// XCommand := 'x' FilePath[ArgList] | 'X' FilePath[ArgList]
// FilePath := AnyString
// ArgList := (ExtraArgList) ' ' [ArgList]
// ExtraArgList := AnyString [, ExtraArgList]
2013-06-10 17:14:36 +04:00
bool MetaParser::isXCommand(MetaSema::ActionResult& actionResult,
2014-02-27 01:37:16 +04:00
Value* resultValue) {
2013-06-10 17:14:36 +04:00
if (resultValue)
2014-02-27 01:37:16 +04:00
*resultValue = Value();
const Token& Tok = getCurTok();
if (Tok.is(tok::ident) && (Tok.getIdent().equals("x")
|| Tok.getIdent().equals("X"))) {
consumeToken();
skipWhitespace();
// There might be an ArgList:
int forward = 0;
std::string args;
llvm::StringRef file(getCurTok().getBufStart());
if (file.empty()) {
return false; // FIXME: Issue proper diagnostics
}
while (!lookAhead(forward).is(tok::eof))
++forward;
// Skip any trailing ';':
if (lookAhead(forward - 1).is(tok::semicolon))
--forward;
// Now track back to find the opening '('.
if (lookAhead(forward - 1).is(tok::r_paren)) {
// Trailing ')' - we interpret that as an argument.
--forward; // skip ')'
int nesting = 1;
while (--forward > 0 && nesting) {
if (lookAhead(forward).is(tok::l_paren))
--nesting;
else if (lookAhead(forward).is(tok::r_paren))
++nesting;
}
if (forward == 0) {
cling::errs() << "cling::MetaParser::isXCommand():"
"error parsing argument in " << getCurTok().getBufStart() << '\n';
// interpret everything as "the file"
} else {
while (forward--)
consumeToken();
consumeToken(); // the forward-0 token.
args = getCurTok().getBufStart();
file = file.drop_back(args.length());
}
}
if (args.empty())
args = "()";
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
actionResult = m_Actions.actOnxCommand(file, args, resultValue);
return true;
}
return false;
}
// ExtraArgList := AnyString [, ExtraArgList]
bool MetaParser::isExtraArgList() {
// This might be expanded if we need better arg parsing.
consumeAnyStringToken(tok::r_paren);
2014-02-28 13:22:05 +04:00
return getCurTok().is(tok::raw_ident);
}
bool MetaParser::isqCommand() {
bool result = false;
if (getCurTok().is(tok::ident) && getCurTok().getIdent().equals("q")) {
result = true;
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnqCommand();
}
return result;
}
bool MetaParser::isUCommand(MetaSema::ActionResult& actionResult) {
if (getCurTok().is(tok::ident) && getCurTok().getIdent().equals("U")) {
consumeAnyStringToken(tok::eof);
2014-03-28 18:37:48 +04:00
llvm::StringRef path;
if (getCurTok().is(tok::raw_ident)) {
path = getCurTok().getIdent();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
actionResult = m_Actions.actOnUCommand(path);
2014-03-28 18:37:48 +04:00
return true;
}
}
return false;
}
bool MetaParser::isICommand() {
if (getCurTok().is(tok::ident) &&
( getCurTok().getIdent().equals("I")
|| getCurTok().getIdent().equals("include"))) {
consumeAnyStringToken(tok::eof);
2013-09-19 19:03:30 +04:00
llvm::StringRef path;
if (getCurTok().is(tok::raw_ident))
path = getCurTok().getIdent();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnICommand(path);
return true;
}
return false;
}
2014-02-28 13:22:05 +04:00
bool MetaParser::isOCommand(MetaSema::ActionResult& actionResult) {
2013-08-13 13:06:58 +04:00
const Token& currTok = getCurTok();
if (currTok.is(tok::ident)) {
llvm::StringRef ident = currTok.getIdent();
if (ident.starts_with("O")) {
2013-08-13 13:06:58 +04:00
if (ident.size() > 1) {
int level = 0;
if (!ident.substr(1).getAsInteger(10, level) && level >= 0) {
consumeAnyStringToken(tok::eof);
if (getCurTok().is(tok::raw_ident))
return false;
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
actionResult = m_Actions.actOnOCommand(level);
2013-08-13 13:06:58 +04:00
return true;
}
} else {
consumeAnyStringToken(tok::eof);
const Token& lastStringToken = getCurTok();
2014-01-15 18:27:58 +04:00
if (lastStringToken.is(tok::raw_ident)
&& lastStringToken.getLength()) {
2013-08-13 13:06:58 +04:00
int level = 0;
if (!lastStringToken.getIdent().getAsInteger(10, level)
&& level >= 0) {
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
actionResult = m_Actions.actOnOCommand(level);
2013-08-13 13:06:58 +04:00
return true;
}
} else {
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnOCommand();
actionResult = MetaSema::AR_Success;
2013-08-13 13:06:58 +04:00
return true;
}
}
}
}
return false;
}
bool MetaParser::isAtCommand() {
if (getCurTok().is(tok::at) // && getCurTok().getIdent().equals("@")
) {
consumeToken();
skipWhitespace();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnAtCommand();
return true;
}
return false;
}
bool MetaParser::israwInputCommand() {
if (getCurTok().is(tok::ident) &&
getCurTok().getIdent().equals("rawInput")) {
MetaSema::SwitchMode mode = MetaSema::kToggle;
consumeToken();
skipWhitespace();
if (getCurTok().is(tok::constant))
mode = (MetaSema::SwitchMode)getCurTok().getConstantAsBool();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnrawInputCommand(mode);
return true;
}
return false;
}
2015-03-20 14:39:33 +03:00
bool MetaParser::isdebugCommand() {
if (getCurTok().is(tok::ident) &&
getCurTok().getIdent().equals("debug")) {
std::optional<int> mode;
2015-03-20 14:39:33 +03:00
consumeToken();
skipWhitespace();
if (getCurTok().is(tok::constant))
mode = getCurTok().getConstant();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOndebugCommand(mode);
2015-03-20 14:39:33 +03:00
return true;
}
return false;
}
2014-02-28 19:56:12 +04:00
bool MetaParser::isprintDebugCommand() {
if (getCurTok().is(tok::ident) &&
2014-02-28 19:56:12 +04:00
getCurTok().getIdent().equals("printDebug")) {
MetaSema::SwitchMode mode = MetaSema::kToggle;
consumeToken();
skipWhitespace();
if (getCurTok().is(tok::constant))
mode = (MetaSema::SwitchMode)getCurTok().getConstantAsBool();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnprintDebugCommand(mode);
return true;
}
return false;
}
bool MetaParser::isstoreStateCommand() {
if (getCurTok().is(tok::ident) &&
getCurTok().getIdent().equals("storeState")) {
//MetaSema::SwitchMode mode = MetaSema::kToggle;
consumeToken();
skipWhitespace();
if (!getCurTok().is(tok::stringlit))
2014-02-28 13:22:05 +04:00
return false; // FIXME: Issue proper diagnostics
std::string ident = getCurTok().getIdentNoQuotes().str();
consumeToken();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnstoreStateCommand(ident);
return true;
}
return false;
}
bool MetaParser::iscompareStateCommand() {
if (getCurTok().is(tok::ident) &&
getCurTok().getIdent().equals("compareState")) {
//MetaSema::SwitchMode mode = MetaSema::kToggle;
consumeToken();
skipWhitespace();
if (!getCurTok().is(tok::stringlit))
2014-02-28 13:22:05 +04:00
return false; // FIXME: Issue proper diagnostics
std::string ident = getCurTok().getIdentNoQuotes().str();
consumeToken();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOncompareStateCommand(ident);
return true;
}
return false;
}
bool MetaParser::isstatsCommand() {
if (getCurTok().is(tok::ident) &&
getCurTok().getIdent().equals("stats")) {
consumeToken();
skipWhitespace();
if (!getCurTok().is(tok::ident))
return false; // FIXME: Issue proper diagnostics
llvm::StringRef what = getCurTok().getIdent();
consumeToken();
skipWhitespace();
const Token& next = getCurTok();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnstatsCommand(what, next.is(tok::ident)
? next.getIdent() : llvm::StringRef());
return true;
}
return false;
}
// dumps/creates a trace of the requested representation.
bool MetaParser::istraceCommand() {
if (getCurTok().is(tok::ident) &&
getCurTok().getIdent().equals("trace")) {
consumeToken();
skipWhitespace();
if (!getCurTok().is(tok::ident))
return false;
llvm::StringRef ident = getCurTok().getIdent();
consumeToken();
skipWhitespace();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnstatsCommand(ident.equals("ast")
? llvm::StringRef("asttree") : ident,
getCurTok().is(tok::ident) ? getCurTok().getIdent() : llvm::StringRef());
consumeToken();
return true;
}
return false;
}
bool MetaParser::isundoCommand() {
if (getCurTok().is(tok::ident) &&
getCurTok().getIdent().equals("undo")) {
2014-02-28 13:22:05 +04:00
consumeToken();
skipWhitespace();
const Token& next = getCurTok();
if (next.is(tok::constant))
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnUndoCommand(next.getConstant());
else
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnUndoCommand();
return true;
}
return false;
}
bool MetaParser::isdynamicExtensionsCommand() {
if (getCurTok().is(tok::ident) &&
getCurTok().getIdent().equals("dynamicExtensions")) {
MetaSema::SwitchMode mode = MetaSema::kToggle;
consumeToken();
skipWhitespace();
if (getCurTok().is(tok::constant))
mode = (MetaSema::SwitchMode)getCurTok().getConstantAsBool();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOndynamicExtensionsCommand(mode);
return true;
}
return false;
}
bool MetaParser::ishelpCommand() {
const Token& Tok = getCurTok();
2014-02-28 13:22:05 +04:00
if (Tok.is(tok::quest_mark) ||
(Tok.is(tok::ident) && Tok.getIdent().equals("help"))) {
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnhelpCommand();
return true;
}
return false;
}
bool MetaParser::isfileExCommand() {
if (getCurTok().is(tok::ident) && getCurTok().getIdent().equals("fileEx")) {
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnfileExCommand();
return true;
}
return false;
}
bool MetaParser::isfilesCommand() {
if (getCurTok().is(tok::ident) && getCurTok().getIdent().equals("files")) {
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnfilesCommand();
return true;
}
return false;
}
bool MetaParser::isClassCommand() {
const Token& Tok = getCurTok();
if (Tok.is(tok::ident)) {
if (Tok.getIdent().equals("class") || Tok.getIdent().equals("Class")) {
const bool verbose = Tok.getIdent().equals("Class");
consumeAnyStringToken(tok::eof);
const Token& NextTok = getCurTok();
llvm::StringRef className;
if (NextTok.is(tok::raw_ident))
className = NextTok.getIdent();
m_Actions.actOnClassCommand(className, verbose);
return true;
}
}
return false;
}
2014-08-04 06:05:42 +04:00
2014-04-14 10:48:29 +04:00
bool MetaParser::isNamespaceCommand() {
const Token& Tok = getCurTok();
if (Tok.is(tok::ident)) {
if (Tok.getIdent().equals("namespace")) {
consumeAnyStringToken(tok::eof);
if (getCurTok().is(tok::raw_ident))
return false;
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnNamespaceCommand();
2014-04-14 10:48:29 +04:00
return true;
}
}
return false;
}
bool MetaParser::isgCommand() {
if (getCurTok().is(tok::ident) && getCurTok().getIdent().equals("g")) {
consumeToken();
skipWhitespace();
llvm::StringRef varName;
if (getCurTok().is(tok::ident))
varName = getCurTok().getIdent();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOngCommand(varName);
return true;
}
return false;
}
2014-02-28 13:22:05 +04:00
bool MetaParser::isTypedefCommand() {
const Token& Tok = getCurTok();
if (Tok.is(tok::ident)) {
if (Tok.getIdent().equals("typedef")) {
consumeAnyStringToken(tok::eof);
const Token& NextTok = getCurTok();
llvm::StringRef typedefName;
if (NextTok.is(tok::raw_ident))
typedefName = NextTok.getIdent();
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
m_Actions.actOnTypedefCommand(typedefName);
return true;
}
}
return false;
}
2014-02-28 13:22:05 +04:00
2013-06-10 17:14:36 +04:00
bool MetaParser::isShellCommand(MetaSema::ActionResult& actionResult,
2014-02-27 01:37:16 +04:00
Value* resultValue) {
2013-06-10 17:14:36 +04:00
if (resultValue)
2014-02-27 01:37:16 +04:00
*resultValue = Value();
const Token& Tok = getCurTok();
if (Tok.is(tok::excl_mark)) {
consumeAnyStringToken(tok::eof);
const Token& NextTok = getCurTok();
if (NextTok.is(tok::raw_ident)) {
llvm::StringRef commandLine(NextTok.getIdent());
if (!commandLine.empty())
Lifetime of MetaParser is that of its input: Before, MetaParser might have pointed to a StringRef whose storage was gone, see asan failure in roottest/cling/other/runfileClose.C below. This was caused by recursive uses of MetaParser; see stack trace below: the inner recursion returned, but as the same MetaParser object was used by both frames, the objects cursor now pointed to freed memory. Instead, create a MetaParser (and MetaLexer) object per input. That way, their lifetime corresponds to the lifetime of their input. ================================================================= ==529104==ERROR: AddressSanitizer: stack-use-after-return on address 0x7ffff3afd82a at pc 0x7fffea18df6d bp 0x7fffffff8170 sp 0x7fffffff8168 READ of size 1 at 0x7ffff3afd82a thread T0 [Detaching after fork from child process 529183] #0 0x7fffea18df6c in cling::MetaLexer::Lex(cling::Token&) src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 #1 0x7fffea190d7c in cling::MetaParser::lookAhead(unsigned int) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:89:15 #2 0x7fffea190bd5 in cling::MetaParser::consumeToken() src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:49:5 #3 0x7fffea191d4d in cling::MetaParser::isLCommand(cling::MetaSema::ActionResult&) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:147:9 #4 0x7fffea1914dd in cling::MetaParser::isCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:123:12 #5 0x7fffea191216 in cling::MetaParser::isMetaCommand(cling::MetaSema::ActionResult&, cling::Value*) src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:101:33 #6 0x7fffea14e5aa in cling::MetaProcessor::process(llvm::StringRef, cling::Interpreter::CompilationResult&, cling::Value*, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:317:24 #7 0x7fffe99b67b7 in HandleInterpreterException(cling::MetaProcessor*, char const*, cling::Interpreter::CompilationResult&, cling::Value*) src/core/metacling/src/TCling.cxx:2431:29 #8 0x7fffe99bde30 in TCling::Load(char const*, bool) src/core/metacling/src/TCling.cxx:3454:10 #9 0x7ffff7865f11 in TSystem::Load(char const*, char const*, bool) src/core/base/src/TSystem.cxx:1941:27 #10 0x7ffff7b8a0e3 in TUnixSystem::Load(char const*, char const*, bool) src/core/unix/src/TUnixSystem.cxx:2789:20 #11 0x7fffd78dd08b (<unknown module>) #12 0x7fffe9f8a5d9 in cling::IncrementalExecutor::executeWrapper(llvm::StringRef, cling::Value*) const src/interpreter/cling/lib/Interpreter/IncrementalExecutor.cpp:376:3 #13 0x7fffe9d73dc2 in cling::Interpreter::RunFunction(clang::FunctionDecl const*, cling::Value*) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1141:20 #14 0x7fffe9d6e317 in cling::Interpreter::EvaluateInternal(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::CompilationOptions, cling::Value*, cling::Transaction**, unsigned long) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1391:29 #15 0x7fffe9d6c1fe in cling::Interpreter::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, cling::Value*, cling::Transaction**, bool) src/interpreter/cling/lib/Interpreter/Interpreter.cpp:819:9 #16 0x7fffea151826 in cling::MetaProcessor::readInputFromFile(llvm::StringRef, cling::Value*, unsigned long, bool) src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:507:22 #17 0x7fffe99b585b in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2570:39 #18 0x7fffe99bbfee in TCling::ProcessLineSynch(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:3496:17 #19 0x7ffff77203d3 in TApplication::ExecuteFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1608:30 #20 0x7ffff771ebdf in TApplication::ProcessFile(char const*, int*, bool) src/core/base/src/TApplication.cxx:1480:11 #21 0x7ffff771e385 in TApplication::ProcessLine(char const*, bool, int*) src/core/base/src/TApplication.cxx:1453:14 #22 0x7ffff7f8157a in TRint::ProcessLineNr(char const*, char const*, int*) src/core/rint/src/TRint.cxx:766:11 #23 0x7ffff7f802f0 in TRint::Run(bool) src/core/rint/src/TRint.cxx:424:22 #24 0x4ff96d in main src/main/src/rmain.cxx:30:12 #25 0x7ffff6e040b2 in __libc_start_main /build/glibc-YbNSs7/glibc-2.31/csu/../csu/libc-start.c:308:16 #26 0x41f35d in _start (asan/bin/root.exe+0x41f35d) Address 0x7ffff3afd82a is located in stack of thread T0 at offset 42 in frame #0 0x7fffe99b3d8f in TCling::ProcessLine(char const*, TInterpreter::EErrorCode*) src/core/metacling/src/TCling.cxx:2456 This frame has 21 object(s): [32, 56) 'sLine' (line 2462) <== Memory access at offset 42 is inside this variable [96, 104) 'R__guard2471' (line 2471) [128, 136) 'R__guard2488' (line 2488) [160, 176) 'interpreterFlagsRAII' (line 2491) [192, 240) 'result' (line 2511) [272, 276) 'compRes' (line 2512) [288, 312) 'mod_line' (line 2517) [352, 376) 'aclicMode' (line 2518) [416, 440) 'arguments' (line 2519) [480, 504) 'io' (line 2520) [544, 568) 'fname' (line 2521) [608, 632) 'ref.tmp' (line 2547) [672, 696) 'ref.tmp145' (line 2547) [736, 768) 'code' (line 2555) [800, 832) 'codeline' (line 2556) [864, 1384) 'in' (line 2559) [1520, 1552) 'ref.tmp176' (line 2562) [1584, 1600) 'agg.tmp' [1616, 1624) 'ref.tmp198' (line 2568) [1648, 1664) 'agg.tmp207' [1680, 1696) 'autoParseRaii' (line 2588) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:58:11 in cling::MetaLexer::Lex(cling::Token&) Shadow bytes around the buggy address: 0x10007e757ab0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ac0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ad0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757ae0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757af0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x10007e757b00: f5 f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x10007e757b50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==529104==ABORTING at src/interpreter/cling/lib/MetaProcessor/MetaLexer.cpp:49 at src/interpreter/cling/lib/MetaProcessor/MetaParser.cpp:41 compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0, disableValuePrinting=false) at src/interpreter/cling/lib/MetaProcessor/MetaProcessor.cpp:314 input_line=0x7ffff3afd829 "#define XYZ 21", compRes=@0x7ffff3afd910: cling::Interpreter::kSuccess, result=0x7ffff3afd8c0) at src/core/metacling/src/TCling.cxx:2431 error=0x7fffd78cb0f4 <x>) at src/core/metacling/src/TCling.cxx:2591 sync=false, err=0x7fffd78cb0f4 <x>) at src/core/base/src/TApplication.cxx:1472 line=0x7fffd78c9000 "#define XYZ 21", error=0x7fffd78cb0f4 <x>) at src/core/base/src/TROOT.cxx:2328 from asan/roottest/cling/other/fileClose_C.so filename=0x6070000f0fd0 "asan/roottest/cling/other/fileClose_C.so", flag=257) at /home/axel/build/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:6270 at src/interpreter/cling/lib/Utils/PlatformPosix.cpp:118 permanent=false, resolved=true) at src/interpreter/cling/lib/Interpreter/DynamicLibraryManager.cpp:184 at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1444 T=0x0) at src/interpreter/cling/lib/Interpreter/Interpreter.cpp:1560 at src/interpreter/cling/lib/MetaProcessor/MetaSema.cpp:57 actionResult=@0x7ffff39532b0: cling::MetaSema::AR_Success)
2021-04-29 16:20:43 +03:00
actionResult = m_Actions.actOnShellCommand(commandLine,
resultValue);
}
return true;
}
return false;
}
} // end namespace cling