search

GodotECS / godex

Godex is a Godot Engine ECS library.
MIT License
1.2k stars 68 forks source link

Unit tests cause invalid read #272

Open qarmin opened 2 years ago

qarmin commented 2 years ago

Compiling Godex with use_ubsan=yes use_asan=yes test=yes on Linux and running tests cause this invalid read

 =================================================================
==15399==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060000132a0 at pc 0x000004494b39 bp 0x7ffef7b79940 sp 0x7ffef7b79930
READ of size 8 at 0x6060000132a0 thread T0
    #0 0x4494b38 in List<ExecutionGraph::StageNode, DefaultAllocator>::Element::next() core/templates/list.h:71
    #1 0x449086e in PipelineBuilder::optimize_stages(ExecutionGraph*) /home/runner/work/godex/godex/modules/godex/pipeline/pipeline_builder.cpp:932
    #2 0x447b2c0 in PipelineBuilder::build_graph(Vector<StringName> const&, Vector<StringName> const&, ExecutionGraph*, bool) /home/runner/work/godex/godex/modules/godex/pipeline/pipeline_builder.cpp:254
    #3 0x447b75a in PipelineBuilder::build_pipeline(Vector<StringName> const&, Vector<StringName> const&, Pipeline*) /home/runner/work/godex/godex/modules/godex/pipeline/pipeline_builder.cpp:267
    #4 0x2a88e5a in _DOCTEST_ANON_FUNC_4170 /home/runner/work/godex/godex/modules/godex/tests/test_ecs_pipeline_builder.h:1300
    #5 0x338639e in doctest::Context::run() thirdparty/doctest/doctest.h:6291
    #6 0x2c39672 in test_main(int, char**) tests/test_main.cpp:147
    #7 0x24d88f5 in Main::test_entrypoint(int, char**, bool&) main/main.cpp:495
    #8 0x23a6ec8 in main platform/linuxbsd/godot_linuxbsd.cpp:45
    #9 0x7f02abc8b0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #10 0x23a6cbd in _start (/home/runner/work/godex/godex/godot/bin/godot.linuxbsd.tools.64s+0x23a6cbd)

0x6060000132a0 is located 32 bytes inside of 56-byte region [0x606000013280,0x6060000132b8)
freed by thread T0 here:
    #0 0x7f02acbcd7cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
    #1 0x17e32b2e in Memory::free_static(void*, bool) core/os/memory.cpp:168
    #2 0x23ab268 in DefaultAllocator::free(void*) core/os/memory.h:66
    #3 0x44a0e3b in void memdelete_allocator<List<ExecutionGraph::StageNode, DefaultAllocator>::Element, DefaultAllocator>(List<ExecutionGraph::StageNode, DefaultAllocator>::Element*) core/os/memory.h:124
    #4 0x449e830 in List<ExecutionGraph::StageNode, DefaultAllocator>::_Data::erase(List<ExecutionGraph::StageNode, DefaultAllocator>::Element const*) core/templates/list.h:241
    #5 0x449b070 in List<ExecutionGraph::StageNode, DefaultAllocator>::Element::erase() (/home/runner/work/godex/godex/godot/bin/godot.linuxbsd.tools.64s+0x449b070)
    #6 0x449083d in PipelineBuilder::optimize_stages(ExecutionGraph*) /home/runner/work/godex/godex/modules/godex/pipeline/pipeline_builder.cpp:934
    #7 0x447b2c0 in PipelineBuilder::build_graph(Vector<StringName> const&, Vector<StringName> const&, ExecutionGraph*, bool) /home/runner/work/godex/godex/modules/godex/pipeline/pipeline_builder.cpp:254
    #8 0x447b75a in PipelineBuilder::build_pipeline(Vector<StringName> const&, Vector<StringName> const&, Pipeline*) /home/runner/work/godex/godex/modules/godex/pipeline/pipeline_builder.cpp:267
    #9 0x2a88e5a in _DOCTEST_ANON_FUNC_4170 /home/runner/work/godex/godex/modules/godex/tests/test_ecs_pipeline_builder.h:1300
    #10 0x338639e in doctest::Context::run() thirdparty/doctest/doctest.h:6291
    #11 0x2c39672 in test_main(int, char**) tests/test_main.cpp:147
    #12 0x24d88f5 in Main::test_entrypoint(int, char**, bool&) main/main.cpp:495
    #13 0x23a6ec8 in main platform/linuxbsd/godot_linuxbsd.cpp:45
    #14 0x7f02abc8b0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

previously allocated by thread T0 here:
    #0 0x7f02acbcdbc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
    #1 0x17e31aeb in Memory::alloc_static(unsigned long, bool) core/os/memory.cpp:75
    #2 0x23ab245 in DefaultAllocator::alloc(unsigned long) core/os/memory.h:65
    #3 0x17e31a1f in operator new(unsigned long, void* (*)(unsigned long)) core/os/memory.cpp:44
    #4 0x449a653 in List<ExecutionGraph::StageNode, DefaultAllocator>::push_back(ExecutionGraph::StageNode const&) (/home/runner/work/godex/godex/godot/bin/godot.linuxbsd.tools.64s+0x449a653)
    #5 0x448ebd7 in internal_build_stages(Ref<ExecutionGraph::Dispatcher>) /home/runner/work/godex/godex/modules/godex/pipeline/pipeline_builder.cpp:819
    #6 0x448f813 in PipelineBuilder::build_stages(ExecutionGraph*) /home/runner/work/godex/godex/modules/godex/pipeline/pipeline_builder.cpp:844
    #7 0x447b2b1 in PipelineBuilder::build_graph(Vector<StringName> const&, Vector<StringName> const&, ExecutionGraph*, bool) /home/runner/work/godex/godex/modules/godex/pipeline/pipeline_builder.cpp:253
    #8 0x447b75a in PipelineBuilder::build_pipeline(Vector<StringName> const&, Vector<StringName> const&, Pipeline*) /home/runner/work/godex/godex/modules/godex/pipeline/pipeline_builder.cpp:267
    #9 0x2a88e5a in _DOCTEST_ANON_FUNC_4170 /home/runner/work/godex/godex/modules/godex/tests/test_ecs_pipeline_builder.h:1300
    #10 0x338639e in doctest::Context::run() thirdparty/doctest/doctest.h:6291
    #11 0x2c39672 in test_main(int, char**) tests/test_main.cpp:147
    #12 0x24d88f5 in Main::test_entrypoint(int, char**, bool&) main/main.cpp:495
    #13 0x23a6ec8 in main platform/linuxbsd/godot_linuxbsd.cpp:45
    #14 0x7f02abc8b0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

SUMMARY: AddressSanitizer: heap-use-after-free core/templates/list.h:71 in List<ExecutionGraph::StageNode, DefaultAllocator>::Element::next()