search

equinor / resdata

Software for reading and writing the result files from the Eclipse reservoir simulator.
GNU General Public License v3.0
103 stars 94 forks source link

strlen is called even with a null pointer in util_alloc_filename #496

Closed blattms closed 6 years ago

blattms commented 6 years ago

I am experiencing segmentatio faults that seem to be caused in libecl when testing the 2018.10 release of OPM. The problem is in ecl_sum_set_case with input_arg being ./SPE1CASE1 for whatever reason the base variable is null after the call to util_alloc_file_components but this nullptr is passed to strlen inside of the call to util_alloc_filename.

Here is an excerpt of my gdb session:

Thread 1 received signal SIGTRAP, Trace/breakpoint trap.
0x00000000048389e2 in _vgr20070ZU_libcZdsoZa_strlen (str=0x0) at ../shared/vg_replace_strmem.c:460
460  STRLEN(VG_Z_LIBC_SONAME,          strlen)
(gdb) p strlen
$1 = {size_t (*(void))(const char *)} 0x80321b0 <strlen_ifunc>
(gdb) up
#1  0x0000000007981de9 in util_alloc_filename (path=0xf5cf060 "./SPE1CASE1", basename=0x0, extension=extension@entry=0x0) at /home/mblatt/src/dune/opm-release-6/libecl/lib/util/util.c:4812
4812      int    length = strlen(basename) + 1;
(gdb) p basename
$2 = 0x0
(gdb) up
#2  0x00000000079c0461 in ecl_sum_set_case (ecl_sum=ecl_sum@entry=0xf5cefc0, input_arg=input_arg@entry=0x1ffefff030 "./SPE1CASE1") at /home/mblatt/src/dune/opm-release-6/libecl/lib/ecl/ecl_sum.cpp:138
138     ecl_sum->ecl_case = util_alloc_filename( path, base, NULL );
(gdb) p base
$3 = 0x0
(gdb) up
#3  0x00000000079c06bc in ecl_sum_alloc__ (key_join_string=0x24a2e26 ":", input_arg=0x1ffefff030 "./SPE1CASE1") at /home/mblatt/src/dune/opm-release-6/libecl/lib/ecl/ecl_sum.cpp:166
166   ecl_sum_set_case( ecl_sum , input_arg );
(gdb) do
#2  0x00000000079c0461 in ecl_sum_set_case (ecl_sum=ecl_sum@entry=0xf5cefc0, input_arg=input_arg@entry=0x1ffefff030 "./SPE1CASE1") at /home/mblatt/src/dune/opm-release-6/libecl/lib/ecl/ecl_sum.cpp:138
138     ecl_sum->ecl_case = util_alloc_filename( path, base, NULL );
(gdb) p input_arg
$4 = 0x1ffefff030 "./SPE1CASE1"
(gdb) p path
$5 = 0xf5cf060 "./SPE1CASE1"
(gdb) bt
#0  0x00000000048389e2 in _vgr20070ZU_libcZdsoZa_strlen (str=0x0) at ../shared/vg_replace_strmem.c:460
#1  0x0000000007981de9 in util_alloc_filename (path=0xf5cf060 "./SPE1CASE1", basename=0x0, extension=extension@entry=0x0) at /home/mblatt/src/dune/opm-release-6/libecl/lib/util/util.c:4812
#2  0x00000000079c0461 in ecl_sum_set_case (ecl_sum=ecl_sum@entry=0xf5cefc0, input_arg=input_arg@entry=0x1ffefff030 "./SPE1CASE1") at /home/mblatt/src/dune/opm-release-6/libecl/lib/ecl/ecl_sum.cpp:138
#3  0x00000000079c06bc in ecl_sum_alloc__ (key_join_string=0x24a2e26 ":", input_arg=0x1ffefff030 "./SPE1CASE1") at /home/mblatt/src/dune/opm-release-6/libecl/lib/ecl/ecl_sum.cpp:166
#4  ecl_sum_alloc_writer__ (nz=3, ny=10, nx=10, time_in_days=true, sim_start=1420070400, key_join_string=0x24a2e26 ":", unified=true, fmt_output=<optimized out>, restart_step=<optimized out>, restart_case=0x0, ecl_case=0x1ffefff030 "./SPE1CASE1") at /home/mblatt/src/dune/opm-release-6/libecl/lib/ecl/ecl_sum.cpp:333
#5  ecl_sum_alloc_restart_writer2 (ecl_case=0x1ffefff030 "./SPE1CASE1", restart_case=0x0, restart_step=-1, fmt_output=<optimized out>, unified=<optimized out>, key_join_string=0x24a2e26 ":", sim_start=1420070400, time_in_days=true, nx=10, ny=10, nz=3) at /home/mblatt/src/dune/opm-release-6/libecl/lib/ecl/ecl_sum.cpp:350
#6  0x00000000021dcf51 in Opm::out::Summary::Summary (this=0xf5ceb90, st=..., sum=..., grid_arg=..., schedule=..., basename=0x1ffefff030 "./SPE1CASE1") at /home/mblatt/src/dune/opm-release-6/opm-common/src/opm/output/eclipse/Summary.cpp:986
#7  0x00000000021dcbfa in Opm::out::Summary::Summary (this=0xf5ceb90, st=..., sum=..., grid_arg=..., schedule=...) at /home/mblatt/src/dune/opm-release-6/opm-common/src/opm/output/eclipse/Summary.cpp:954
#8  0x00000000021ca13a in Opm::EclipseIO::Impl::Impl (this=0xf5ceaa0, eclipseState=..., grid_=..., schedule_=..., summary_config=...) at /home/mblatt/src/dune/opm-release-6/opm-common/src/opm/output/eclipse/EclipseIO.cpp:231
#9  0x00000000021cbce1 in Opm::EclipseIO::EclipseIO (this=0xf5cea50, es=..., grid=..., schedule=..., summary_config=...) at /home/mblatt/src/dune/opm-release-6/opm-common/src/opm/output/eclipse/EclipseIO.cpp:517
#10 0x00000000014d1128 in Ewoms::EclWriter<Ewoms::Properties::TTag::EclFlowProblem>::EclWriter (this=0xf5aea70, simulator=...) at /home/mblatt/src/dune/opm-release-6/ewoms/ebos/eclwriter.hh:115
#11 0x000000000149ab2d in Ewoms::EclProblem<Ewoms::Properties::TTag::EclFlowProblem>::EclProblem (this=0xf5ae1d0, simulator=...) at /home/mblatt/src/dune/opm-release-6/ewoms/ebos/eclproblem.hh:496
#12 0x00000000014823a1 in Ewoms::Simulator<Ewoms::Properties::TTag::EclFlowProblem>::Simulator (this=0xeb87aa0, verbose=false) at /home/mblatt/src/dune/opm-release-6/ewoms/ewoms/common/simulator.hh:134
#13 0x0000000001468a64 in Opm::FlowMainEbos<Ewoms::Properties::TTag::EclFlowProblem>::setupEbosSimulator (this=0x1ffefff970) at /home/mblatt/src/dune/opm-release-6/opm-simulators/opm/autodiff/FlowMainEbos.hpp:445
#14 0x000000000145a0f4 in Opm::FlowMainEbos<Ewoms::Properties::TTag::EclFlowProblem>::execute (this=0x1ffefff970, argc=2, argv=0x1ffeffffd8) at /home/mblatt/src/dune/opm-release-6/opm-simulators/opm/autodiff/FlowMainEbos.hpp:211
#15 0x000000000141b9dc in Opm::flowEbosBlackoilMain (argc=2, argv=0x1ffeffffd8) at /home/mblatt/src/dune/opm-release-6/opm-simulators/flow/flow_ebos_blackoil.cpp:59
#16 0x000000000132ec09 in main (argc=2, argv=0x1ffeffffd8) at /home/mblatt/src/dune/opm-release-6/opm-simulators/flow/flow.cpp:216
joakim-hove commented 6 years ago

Hmmm - not good. Will fix

blattms commented 6 years ago

With the full path I get:


Thread 1 "flow" hit Breakpoint 2, ecl_sum_set_case (ecl_sum=ecl_sum@entry=0x55555829fc70, input_arg=input_arg@entry=0x55555829ea50 "/home/mblatt/src/dune/opm/opm-data/spe1/SPE1CASE2") at /home/mblatt/src/dune/opm-release-6/libecl/lib/ecl/ecl_sum.cpp:138
138     ecl_sum->ecl_case = util_alloc_filename( path, base, NULL );
(gdb) p base
$9 = 0x0
(gdb) p path
$10 = 0x55555829d260 "/home/mblatt/src/dune/opm/opm-data/spe1/SPE1CASE2"
(gdb) p input_arg
$11 = 0x55555829ea50 "/home/mblatt/src/dune/opm/opm-data/spe1/SPE1CASE2"
(gdb)
joakim-hove commented 6 years ago

Just a question; are you doing something you have not done before in your testing? Because this code is really old - has not changed recently and "works for me"?

blattms commented 6 years ago

No, not that I know of. This is a clean checkout and build of the release branches. I get a crash for the optimized. With debugging everything runs through, but when run under valgrind I see an invalid read.

joakim-hove commented 6 years ago

No, not that I know of. This is a clean checkout build of the release branches. I get a crash for the optimized. With debugging everything runs through, but when run under valgrind I see an invalid read.

OK - thank you. Extremely weird - but have not seen this during development previously?

joakim-hove commented 6 years ago

Question about your local fs:

is_directory("/home/mblatt/src/dune/opm/opm-data/spe1/SPE1CASE2") ??

Going offline for ~2hours, will followup when I get back.

blattms commented 6 years ago

Indeed that is a directory if I rename it it works. Not sure how I produced that one (in February).

joakim-hove commented 6 years ago

Ok - then I understand what happened. Will fix

joakim-hove commented 6 years ago

I'll probably merge and backport this: https://github.com/Statoil/libecl/pull/497 tomorrow. Thank you for the input.