Address/memory issues reported

dschlaep commented 1 year ago

@N1ckP3rsl3y found memory issues when running STEPWAT2 on an ubuntu box. I find address errors on my macOS with a suitable compiler if I add a few additional flags when compiling. We find the same errors on all branches, including current master branch, Seed_Dispersal branches (as well as on the feature branch on which Nicholas is currently working on).

The clang compiler that comes with macOS is not suitable because it does not include an address sanitizers; the gcc that I have doesn't have address sanitizers either; clang15 or similar works well for me.

When the makefile is modified by

commenting out the hard-coded lines CC = gcc and CXX = g++ (so that we can pass in a suitable compiler)

adding the following flags, e.g., append to CFLAGS = ...:

-Wall \
-Wextra \
-Wpedantic \
-fsanitize=undefined \
-fsanitize=address \

Then, we get for CC=clang CXX=clang++ make clean bint_testing_nongridded

=================================================================
==74620==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x000104a01d1e at pc 0x0001014d87a4 bp 0x00016efc2fc0 sp 0x00016efc2fb8
READ of size 2 at 0x000104a01d1e thread T0
    #0 0x1014d87a0 in killAnnuals ST_mortality.c:1161
    #1 0x1014b6628 in main ST_main.c:266
    #2 0x101fdd088 in start+0x204 (dyld:arm64+0x5088) (BuildId: a2ee361189123e1dbf8bfed54862d4c932000000200000000100000000060c00)
    #3 0xb7697ffffffffffc  (<unknown module>)

0x000104a01d1e is located 2 bytes to the left of 20-byte region [0x000104a01d20,0x000104a01d34)
allocated by thread T0 here:
    #0 0x1023ed588 in wrap_malloc+0x88 (libclang_rt.asan_osx_dynamic.dylib:arm64+0x3d588) (BuildId: 2eab4aa2d0c031328b6f2a65a8e5287732000000200000000100000000000b00)
    #1 0x101610d14 in Mem_Calloc mymemory.c:157
    #2 0x101528f08 in _create ST_resgroups.c:960
    #3 0x101528b3c in RGroup_New ST_resgroups.c:990
    #4 0x10150651c in _rgroup_add1 ST_params.c:880
    #5 0x1014f1ed4 in _rgroup_init ST_params.c:798
    #6 0x1014e93c4 in parm_Initialize ST_params.c:98
    #7 0x1014b5d78 in main ST_main.c:197
    #8 0x101fdd088 in start+0x204 (dyld:arm64+0x5088) (BuildId: a2ee361189123e1dbf8bfed54862d4c932000000200000000100000000060c00)
    #9 0xb7697ffffffffffc  (<unknown module>)

SUMMARY: AddressSanitizer: heap-buffer-overflow ST_mortality.c:1161 in killAnnuals
...
==74620==ABORTING
make: *** [bint_testing_nongridded] Abort trap: 6

There are additional address issues popping up after addressing killAnnuals():

=================================================================
==75423==ERROR: AddressSanitizer: heap-use-after-free on address 0x000104e03f3c at pc 0x0001013a2dbc bp 0x00016f0dee40 sp 0x00016f0dee38
READ of size 2 at 0x000104e03f3c thread T0
    #0 0x1013a2db8 in deallocate_Globals ST_main.c:504
    #1 0x10139b4d8 in main ST_main.c:336
    #2 0x101d4d088 in start+0x204 (dyld:arm64+0x5088) (BuildId: a2ee361189123e1dbf8bfed54862d4c932000000200000000100000000060c00)
    #3 0xf5167ffffffffffc  (<unknown module>)

0x000104e03f3c is located 124 bytes inside of 232-byte region [0x000104e03ec0,0x000104e03fa8)
freed by thread T0 here:
    #0 0x10215d6b8 in wrap_free+0x8c (libclang_rt.asan_osx_dynamic.dylib:arm64+0x3d6b8) (BuildId: 2eab4aa2d0c031328b6f2a65a8e5287732000000200000000100000000000b00)
    #1 0x1013a2c70 in deallocate_Globals ST_main.c:498
    #2 0x10139b4d8 in main ST_main.c:336
    #3 0x101d4d088 in start+0x204 (dyld:arm64+0x5088) (BuildId: a2ee361189123e1dbf8bfed54862d4c932000000200000000100000000060c00)
    #4 0xf5167ffffffffffc  (<unknown module>)

previously allocated by thread T0 here:
    #0 0x10215d588 in wrap_malloc+0x88 (libclang_rt.asan_osx_dynamic.dylib:arm64+0x3d588) (BuildId: 2eab4aa2d0c031328b6f2a65a8e5287732000000200000000100000000000b00)
    #1 0x1014f4cf4 in Mem_Calloc mymemory.c:157
    #2 0x10139e8dc in allocate_Globals ST_main.c:485
    #3 0x10139a16c in main ST_main.c:195
    #4 0x101d4d088 in start+0x204 (dyld:arm64+0x5088) (BuildId: a2ee361189123e1dbf8bfed54862d4c932000000200000000100000000060c00)
    #5 0xf5167ffffffffffc  (<unknown module>)

SUMMARY: AddressSanitizer: heap-use-after-free ST_main.c:504 in deallocate_Globals

alexisBelt commented 9 months ago

The problem in killAnnuals ST_mortality.c:1161 seems to be the sp variable receiving a new value inside the for loop parameters. It's causing the RGroup[rg]->est_spp[] array to read into an index that doesn't exist. Setting the value in the for loop itself seems to fix the issue: for(i=RGroup[rg]->est_count; i>0; --i){ sp=RGroup[rg]->est_spp[i-1] Species_Annual_Kill(sp, 4); sp=RGroup[rg]->est_spp[(--i) - 1] }

I'll try to look into the additional issues!

alexisBelt commented 4 months ago

killAnnuals() was trying to access outside of the RGroup[rg]->est_spp[] array. Most of the other memory errors were related to deallocate_Globals. Moving:

if(!isGriddedMode){
            Mem_Free(Env);
            Mem_Free(Succulent);
            Mem_Free(Globals);
            Mem_Free(Plot);
            Mem_Free(_SomeKillage);
        }

to the bottom of the function instead of at the top fixed them.

DrylandEcology / STEPWAT2

Address/memory issues reported #549