https://bugs.kde.org/show_bug.cgi?id=372165
Milian Wolff <m...@milianw.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CONFIRMED |RESOLVED
Resolution|--- |FIXED
--- Comment #10 from Milian Wolff <m...@milianw.de> ---
commit 9590221b9b035a5fa7cf407228a69fa1f91b20a8
Author: Milian Wolff <milian.wo...@kdab.com>
Date: Thu Mar 8 23:16:16 2018 +0100
Don't hand pointer to temporary strings to libbacktrace API
Fixes errors in the form of:
Module backtrace error (code -1): failed to read executable information
Valgrind reported:
==27827== Syscall param openat(filename) points to unaddressable byte(s)
==27827== at 0x580A0EE: open (in /usr/lib/libc-2.26.so)
==27827== by 0x11AD03: backtrace_open (posix.c:67)
==27827== by 0x11AA76: fileline_initialize (fileline.c:117)
==27827== by 0x11AC0A: backtrace_pcinfo (fileline.c:183)
==27827== by 0x10DA52: resolveAddress (heaptrack_interpret.cpp:129)
==27827== by 0x10DA52: resolve (heaptrack_interpret.cpp:245)
==27827== by 0x10DA52: addIp (heaptrack_interpret.cpp:304)
==27827== by 0x10DA52: main (heaptrack_interpret.cpp:435)
==27827== Address 0x15164b90 is 0 bytes inside a block of size 31 free'd
==27827== at 0x4C2E60B: operator delete(void*) (vg_replace_malloc.c:576)
==27827== by 0x10CEF5: deallocate (new_allocator.h:125)
==27827== by 0x10CEF5: deallocate (alloc_traits.h:462)
==27827== by 0x10CEF5: _M_destroy (basic_string.h:226)
==27827== by 0x10CEF5: _M_dispose (basic_string.h:221)
==27827== by 0x10CEF5: ~basic_string (basic_string.h:647)
==27827== by 0x10CEF5: main (heaptrack_interpret.cpp:413)
==27827== Block was alloc'd at
==27827== at 0x4C2D54F: operator new(unsigned long)
(vg_replace_malloc.c:334)
==27827== by 0x4F5E76F: std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char>
>::_M_assign(std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&) (basic_string.tcc:265)
==27827== by 0x10D76D: assign (basic_string.h:1347)
==27827== by 0x10D76D: operator= (basic_string.h:685)
==27827== by 0x10D76D: intern (heaptrack_interpret.cpp:269)
==27827== by 0x10D76D: main (heaptrack_interpret.cpp:414)
The issue was that we copied the interned string to a temporary,
and then handed a pointer to the data of the temporary to
libbacktrace. It is actually a wonder that this isn't blowing up
more often... Now we don't copy to a temporary and hand out
the pointer to the interned string data directly, preventing
this error from arising.
BUG: 372165
--
You are receiving this mail because:
You are watching all bug changes.
