ifener / javachromiumembedded

Automatically exported from code.google.com/p/javachromiumembedded
0 stars 0 forks source link

Linux: 2171 branch: Crash on startup #137

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Ubuntu 13.10 64-bit
Mesa v9.2.1

What steps will reproduce the problem?
1. Run jcef sample application on Linux.

What is the expected output? What do you see instead?
The application should run successfully. Instead, get the following crash:

memory allocation bug: object at 0x7fffd92163e0 has never been allocated

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff59a6d700 (LWP 10518)]
tcmalloc::Abort () at ../../third_party/tcmalloc/chromium/src/base/abort.cc:15
15    *(reinterpret_cast<volatile char*>(NULL) + 57) = 0x21;
(gdb) bt
#0  tcmalloc::Abort () at 
../../third_party/tcmalloc/chromium/src/base/abort.cc:15
#1  0x00007fff99bf4098 in LogPrintf (severity=<optimized out>, pat=<optimized 
out>, ap=<optimized out>)
    at ../../third_party/tcmalloc/chromium/src/base/logging.h:241
#2  0x00007fff99c001fa in RAW_LOG (lvl=2, 
    pat=0x7fff59a6b640 "memory allocation bug: object at 0x7fffd92163e0 has never been allocated\n")
    at ../../third_party/tcmalloc/chromium/src/base/logging.h:261
#3  0x00007fff99c1a33a in MallocBlock::CheckLocked (this=<optimized out>, 
type=<optimized out>)
    at ../../third_party/tcmalloc/chromium/src/debugallocation.cc:416
#4  0x00007fff99c1a5c7 in MallocBlock::CheckAndClear (this=<optimized out>, 
type=<optimized out>)
    at ../../third_party/tcmalloc/chromium/src/debugallocation.cc:398
#5  0x00007fff99c1a4c1 in MallocBlock::Deallocate (this=<optimized out>, 
type=<optimized out>)
    at ../../third_party/tcmalloc/chromium/src/debugallocation.cc:541
#6  0x00007fff99c16130 in DebugDeallocate (ptr=<optimized out>, type=<optimized 
out>)
    at ../../third_party/tcmalloc/chromium/src/debugallocation.cc:1004
#7  0x00007fff999b45fd in __gnu_cxx::new_allocator<char>::deallocate 
(this=0x7fff59a6bef0, 
    __p=0x7fffd92163e0 <std::string::_Rep::_S_empty_rep_storage> "")
    at /usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/ext/new_allocator.h:110
#8  0x00007fff999b45d1 in std::string::_Rep::_M_destroy (this=0x7fffd92163e0 
<std::string::_Rep::_S_empty_rep_storage>, 
    __a=...) at /usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/bits/basic_string.tcc:449
#9  0x00007fffd8fce1f9 in std::string::assign(std::string const&) () from 
/usr/lib/x86_64-linux-gnu/libstdc++.so.6
#10 0x00007fff466a8144 in ?? () from /usr/lib/x86_64-linux-gnu/libLLVM-3.3.so.1
#11 0x00007ffff7de9856 in call_init (l=l@entry=0x7fff4c01b050, 
argc=argc@entry=5, argv=argv@entry=0x7fffffffde48, 
    env=env@entry=0x7ffff007bdf0) at dl-init.c:84
#12 0x00007ffff7de9910 in call_init (env=<optimized out>, argv=<optimized out>, 
argc=<optimized out>, l=0x7fff4c01b050)
    at dl-init.c:55
#13 _dl_init (main_map=main_map@entry=0x7fff4c01a190, argc=5, 
argv=0x7fffffffde48, env=0x7ffff007bdf0) at dl-init.c:133
#14 0x00007ffff7dedfdf in dl_open_worker (a=a@entry=0x7fff59a6c238) at 
dl-open.c:577
#15 0x00007ffff7de96e6 in _dl_catch_error 
(objname=objname@entry=0x7fff59a6c228, 
    errstring=errstring@entry=0x7fff59a6c230, mallocedp=mallocedp@entry=0x7fff59a6c220, 
    operate=operate@entry=0x7ffff7dedc00 <dl_open_worker>, args=args@entry=0x7fff59a6c238) at dl-error.c:177
#16 0x00007ffff7ded809 in _dl_open (file=0x7fff59a6c490 
"/usr/lib/x86_64-linux-gnu/dri/vmwgfx_dri.so", 
    mode=-2147483390, caller_dlopen=<optimized out>, nsid=-2, argc=5, argv=0x7fffffffde48, env=0x7ffff007bdf0)
    at dl-open.c:667
#17 0x00007ffff77a3026 in dlopen_doit (a=a@entry=0x7fff59a6c440) at dlopen.c:66
#18 0x00007ffff7de96e6 in _dl_catch_error (objname=0x7fff4c00d8d0, 
errstring=0x7fff4c00d8d8, mallocedp=0x7fff4c00d8c8, 
    operate=0x7ffff77a2fc0 <dlopen_doit>, args=0x7fff59a6c440) at dl-error.c:177
---Type <return> to continue, or q <return> to quit---
#19 0x00007ffff77a363c in _dlerror_run (operate=operate@entry=0x7ffff77a2fc0 
<dlopen_doit>, 
    args=args@entry=0x7fff59a6c440) at dlerror.c:163
#20 0x00007ffff77a30c1 in __dlopen (file=<optimized out>, mode=<optimized out>) 
at dlopen.c:87
#21 0x00007fff5a7a1fa7 in ?? () from /usr/lib/x86_64-linux-gnu/mesa/libGL.so.1
#22 0x00007fff5a7a5973 in ?? () from /usr/lib/x86_64-linux-gnu/mesa/libGL.so.1
#23 0x00007fff5a782609 in ?? () from /usr/lib/x86_64-linux-gnu/mesa/libGL.so.1
#24 0x00007fff5a77ef8b in ?? () from /usr/lib/x86_64-linux-gnu/mesa/libGL.so.1
#25 0x00007fff5a77f0a4 in glXQueryServerString () from 
/usr/lib/x86_64-linux-gnu/mesa/libGL.so.1
#26 0x00007fff59afd260 in 
Java_jogamp_opengl_x11_glx_GLX_dispatch_1glXQueryServerString0(__complex 
int0_t) ()
   from /tmp/jogamp_0000/file_cache/jln438520304889956528/jln2722286830384114322/libjogl_desktop.so

Please use labels and text to provide additional information.
This crash does not occur with 1916 branch or with off-screen rendering in 
cefclient.

Original issue reported on code.google.com by magreenb...@gmail.com on 25 Nov 2014 at 6:08

GoogleCodeExporter commented 9 years ago
Same crash occurs with Ubuntu 14.04.1 and mesa 10.1.3.

Original comment by magreenb...@gmail.com on 25 Nov 2014 at 10:18

GoogleCodeExporter commented 9 years ago
Updated call stack from Ubuntu 14.04.1 with jogamp 2.2.4:

memory allocation bug: object at 0x7fff9e0f03e0 has never been allocated

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7fd9700 (LWP 2971)]
tcmalloc::Abort () at ../../third_party/tcmalloc/chromium/src/base/abort.cc:15
15    *(reinterpret_cast<volatile char*>(NULL) + 57) = 0x21;
(gdb) bt
#0  tcmalloc::Abort () at 
../../third_party/tcmalloc/chromium/src/base/abort.cc:15
#1  0x00007fffa1bf5ec8 in LogPrintf (severity=<optimized out>, pat=<optimized 
out>, ap=<optimized out>)
    at ../../third_party/tcmalloc/chromium/src/base/logging.h:241
#2  0x00007fffa1c0202a in RAW_LOG (lvl=2, 
    pat=0x7ffff7fd5af0 "memory allocation bug: object at 0x7fff9e0f03e0 has never been allocated\n")
    at ../../third_party/tcmalloc/chromium/src/base/logging.h:261
#3  0x00007fffa1c1c16a in MallocBlock::CheckLocked (this=<optimized out>, 
type=<optimized out>)
    at ../../third_party/tcmalloc/chromium/src/debugallocation.cc:416
#4  0x00007fffa1c1c3f7 in MallocBlock::CheckAndClear (this=<optimized out>, 
type=<optimized out>)
    at ../../third_party/tcmalloc/chromium/src/debugallocation.cc:398
#5  0x00007fffa1c1c2f1 in MallocBlock::Deallocate (this=<optimized out>, 
type=<optimized out>)
    at ../../third_party/tcmalloc/chromium/src/debugallocation.cc:541
#6  0x00007fffa1c17f60 in DebugDeallocate (ptr=<optimized out>, type=<optimized 
out>)
    at ../../third_party/tcmalloc/chromium/src/debugallocation.cc:1004
#7  0x00007fffa19b65ad in __gnu_cxx::new_allocator<char>::deallocate 
(this=0x7ffff7fd63a0, 
    __p=0x7fff9e0f03e0 <std::string::_Rep::_S_empty_rep_storage> "")
    at /usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/ext/new_allocator.h:110
#8  0x00007fffa19b6581 in std::string::_Rep::_M_destroy (
    this=0x7fff9e0f03e0 <std::string::_Rep::_S_empty_rep_storage>, __a=...)
    at /usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/bits/basic_string.tcc:449
#9  0x00007fff9dea8699 in std::string::assign(std::string const&) () from 
/usr/lib/x86_64-linux-gnu/libstdc++.so.6
#10 0x00007fff48ed00c2 in ?? () from /usr/lib/x86_64-linux-gnu/libLLVM-3.4.so.1
#11 0x00007ffff7dea13a in call_init (l=<optimized out>, argc=argc@entry=5, 
argv=argv@entry=0x7fffffffde38, 
    env=env@entry=0x7ffff0073d20) at dl-init.c:78
#12 0x00007ffff7dea223 in call_init (env=<optimized out>, argv=<optimized out>, 
argc=<optimized out>, 
    l=<optimized out>) at dl-init.c:36
#13 _dl_init (main_map=main_map@entry=0x7ffff0467250, argc=5, 
argv=0x7fffffffde38, env=0x7ffff0073d20)
    at dl-init.c:126
#14 0x00007ffff7deec70 in dl_open_worker (a=a@entry=0x7ffff7fd6748) at 
dl-open.c:577
#15 0x00007ffff7de9ff4 in _dl_catch_error 
(objname=objname@entry=0x7ffff7fd6738, 
    errstring=errstring@entry=0x7ffff7fd6740, mallocedp=mallocedp@entry=0x7ffff7fd6730, 
    operate=operate@entry=0x7ffff7dee9a0 <dl_open_worker>, args=args@entry=0x7ffff7fd6748) at dl-error.c:187
#16 0x00007ffff7dee3bb in _dl_open (file=0x7ffff0467010 
"/usr/lib/x86_64-linux-gnu/egl/egl_gallium.so", 
---Type <return> to continue, or q <return> to quit---
    mode=-2147483647, caller_dlopen=<optimized out>, nsid=-2, argc=5, argv=0x7fffffffde38, env=0x7ffff0073d20)
    at dl-open.c:661
#17 0x00007ffff77a202b in dlopen_doit (a=a@entry=0x7ffff7fd6960) at dlopen.c:66
#18 0x00007ffff7de9ff4 in _dl_catch_error (objname=0x7ffff0000950, 
errstring=0x7ffff0000958, 
    mallocedp=0x7ffff0000948, operate=0x7ffff77a1fd0 <dlopen_doit>, args=0x7ffff7fd6960) at dl-error.c:187
#19 0x00007ffff77a262d in _dlerror_run (operate=operate@entry=0x7ffff77a1fd0 
<dlopen_doit>, 
    args=args@entry=0x7ffff7fd6960) at dlerror.c:163
#20 0x00007ffff77a20c1 in __dlopen (file=<optimized out>, mode=<optimized out>) 
at dlopen.c:87
#21 0x00007fff5c840da4 in ?? () from 
/usr/lib/x86_64-linux-gnu/mesa-egl/libEGL.so.1
#22 0x00007fff5c841184 in ?? () from 
/usr/lib/x86_64-linux-gnu/mesa-egl/libEGL.so.1
#23 0x00007fff5c8412ed in ?? () from 
/usr/lib/x86_64-linux-gnu/mesa-egl/libEGL.so.1
#24 0x00007fff5c83df48 in eglGetProcAddress () from 
/usr/lib/x86_64-linux-gnu/mesa-egl/libEGL.so.1
#25 0x00007fff4bdecb58 in 
Java_jogamp_opengl_egl_EGL_dispatch_1eglGetProcAddress0__Ljava_lang_String_2J ()
   from /tmp/jogamp_0000/file_cache/jln8523565824923867566/jln7256964632691980350/libjogl_mobile.so

Original comment by magreenb...@gmail.com on 26 Nov 2014 at 8:11

GoogleCodeExporter commented 9 years ago
This could be related to the use of tcmalloc in Chromium. See for example 
https://code.google.com/p/chromium/issues/detail?id=38692#c1 and the comment at 
the end of http://goog-perftools.sourceforge.net/doc/tcmalloc.html:

"Don't try to load tcmalloc into a running binary (e.g., using JNI in Java 
programs). The binary will have allocated some objects using the system malloc, 
and may try to pass them to TCMalloc for deallocation. TCMalloc will not be 
able to handle such objects."

I'm not sure why this is suddenly a problem with 2171 branch. It's possible to 
create a CEF build without tcmalloc by setting GYP_DEFINES='use_allocator=none' 
before running cef_create_projects.sh.

Original comment by magreenb...@gmail.com on 26 Nov 2014 at 10:30

GoogleCodeExporter commented 9 years ago
@#3: This same crash occurs when using a CEF build with tcmalloc disabled. It 
may be possible to create an AddressSanitizer build that works with Java for 
further debugging the problem. Discussion at 
https://groups.google.com/a/chromium.org/d/msg/chromium-dev/FTt-My1gJcE/C475IUPl
cVEJ.

Original comment by magreenb...@gmail.com on 27 Nov 2014 at 2:52

GoogleCodeExporter commented 9 years ago
Running with an AddressSanitizer build (follow instructions from the link in 
#4, copy libcef.so, libc++.so and libclang_rt.asan-x86_64.so to the JCEF 
out/Debug directory, then modify the java command-line in tools/run.sh):

LD_PRELOAD=$LIB_PATH/libclang_rt.asan-x86_64.so java -cp "$CLS_PATH" 
-Djava.library.path=$LIB_PATH tests.$RUN_TYPE.MainFrame "$@" 2>&1 | 
/home/marshall/code/chromium_git/chromium/src/tools/valgrind/asan/asan_symbolize
.py

The output is as follows:

==5408==AddressSanitizer CHECK failed: 
/home/marshall/code/chromium_git/chromium/src/third_party/llvm/compiler-rt/lib/a
san/asan_globals.cc:117 "((AddrIsAlignedByGranularity(g->beg))) != (0)" (0x0, 
0x0)
    #0 0x7fd63f4023de in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) _asan_rtl_:0
    #1 0x7fd63f4079c3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /home/marshall/code/chromium_git/chromium/src/third_party/llvm/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:74:0
    #2 0x7fd63f38ba40 in RegisterGlobal _asan_rtl_:0
    #3 0x7fd63f38ba40 in __asan_register_globals _asan_rtl_:0
    #4 0x7fd62a3bb186 in asan.module_ctor ??:0:0
    #5 0x7fd6400cf139 in call_init /build/buildd/eglibc-2.19/elf/dl-init.c:78:0
    #6 0x7fd6400cf222 in call_init /build/buildd/eglibc-2.19/elf/dl-init.c:36:0
    #7 0x7fd6400cf222 in _dl_init /build/buildd/eglibc-2.19/elf/dl-init.c:126:0
    #8 0x7fd6400c0309 in ?? ??:0

CefApp: INITIALIZED
==5423==AddressSanitizer CHECK failed: 
/home/marshall/code/chromium_git/chromium/src/third_party/llvm/compiler-rt/lib/a
san/asan_globals.cc:117 "((AddrIsAlignedByGranularity(g->beg))) != (0)" (0x0, 
0x0)
    #0 0x7fc5ed8ac3de in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) _asan_rtl_:0
    #1 0x7fc5ed8b19c3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /home/marshall/code/chromium_git/chromium/src/third_party/llvm/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:74:0
    #2 0x7fc5ed835a40 in RegisterGlobal _asan_rtl_:0
    #3 0x7fc5ed835a40 in __asan_register_globals _asan_rtl_:0
    #4 0x7fc5d8865186 in asan.module_ctor ??:0:0
    #5 0x7fc5ee579139 in call_init /build/buildd/eglibc-2.19/elf/dl-init.c:78:0
    #6 0x7fc5ee579222 in call_init /build/buildd/eglibc-2.19/elf/dl-init.c:36:0
    #7 0x7fc5ee579222 in _dl_init /build/buildd/eglibc-2.19/elf/dl-init.c:126:0
    #8 0x7fc5ee56a309 in ?? ??:0

=================================================================
==5387==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000031072 
at pc 0x7fe9f162b785 bp 0x7fe9f24dcfd0 sp 0x7fe9f24dc790
READ of size 1 at 0x602000031072 thread T1
    #0 0x7fe9f162b784 in __interceptor_strcmp.part.24 /home/marshall/code/chromium_git/chromium/src/third_party/llvm/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:177:0
    #1 0x7fe93549cdef in stub_find_dynamic ??:0:0
    #2 0x7fe93549cc5d in _glapi_get_proc_address ??:0:0
    #3 0x7fe933f34295 in _eglReleaseDisplayResources ??:?
    #4 0x7fe933f30f47 in eglGetProcAddress ??:0:0
    #5 0x7fe9334e6b57 in Java_jogamp_opengl_egl_EGL_dispatch_1eglGetProcAddress0__Ljava_lang_String_2J ??:0:0
    #6 0x7fe9e9103d97 (<unknown module>)

0x602000031072 is located 2 bytes inside of 16-byte region 
[0x602000031070,0x602000031080)
freed by thread T1 here:
    #0 0x7fe9f1669a91 in free _asan_rtl_:0
    #1 0x7fe9ed9a0b98 in os::free(void*, unsigned short) ??:0:0
    #2 0x7fe9334e6b81 in Java_jogamp_opengl_egl_EGL_dispatch_1eglGetProcAddress0__Ljava_lang_String_2J ??:0:0
    #3 0x7fe9e9103d97 (<unknown module>)
    #4 0x7fe9e90f7174 (<unknown module>)
    #5 0x7fe9e90f7174 (<unknown module>)
    #6 0x7fe9e90f7822 (<unknown module>)
    #7 0x7fe9e90f7174 (<unknown module>)
    #8 0x7fe9e90f7822 (<unknown module>)
    #9 0x7fe9e90f7822 (<unknown module>)
    #10 0x7fe9e90f7057 (<unknown module>)
    #11 0x7fe9e90f7057 (<unknown module>)
    #12 0x7fe9e90f14e6 (<unknown module>)
    #3 0x7fe9ed7890f4 in JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*) ??:0:0
    #4 0x7fe9ed787b57 in JavaCalls::call(JavaValue*, methodHandle, JavaCallArguments*, Thread*) ??:0:0
    #5 0x7fe9ed80e7f3 in JVM_DoPrivileged ??:0:0
    #16 0x7fe9e9103d97 (<unknown module>)
    #17 0x7fe9e90f7232 (<unknown module>)
    #18 0x7fe9e90f7057 (<unknown module>)
    #19 0x7fe9e90f734f (<unknown module>)
    #20 0x7fe9e90f734f (<unknown module>)
    #21 0x7fe9e90f71d3 (<unknown module>)
    #22 0x7fe9e90f71d3 (<unknown module>)
    #23 0x7fe9e90f71d3 (<unknown module>)
    #24 0x7fe9e90f734f (<unknown module>)
    #25 0x7fe9e90f7232 (<unknown module>)
    #26 0x7fe9e90f7232 (<unknown module>)
    #27 0x7fe9e90f7232 (<unknown module>)
    #28 0x7fe9e90f7232 (<unknown module>)
    #29 0x7fe9e90f734f (<unknown module>)

previously allocated by thread T1 here:
    #0 0x7fe9f1669d69 in malloc _asan_rtl_:0
    #1 0x7fe9ed9a0ca8 in os::malloc(unsigned long, unsigned short, unsigned char*) ??:0:0
    #2 0x7fe9ed43544b in AllocateHeap(unsigned long, unsigned short, unsigned char*, AllocFailStrategy::AllocFailEnum) ??:0:0
    #3 0x7fe9ed7def51 in jni_GetStringUTFChars ??:0:0
    #4 0x7fe9334e6af4 in Java_jogamp_opengl_egl_EGL_dispatch_1eglGetProcAddress0__Ljava_lang_String_2J ??:0:0
    #5 0x7fe9e9103d97 (<unknown module>)
    #6 0x7fe9e90f7174 (<unknown module>)
    #7 0x7fe9e90f7174 (<unknown module>)
    #8 0x7fe9e90f7822 (<unknown module>)
    #9 0x7fe9e90f7174 (<unknown module>)
    #10 0x7fe9e90f7822 (<unknown module>)
    #11 0x7fe9e90f7822 (<unknown module>)
    #12 0x7fe9e90f7057 (<unknown module>)
    #13 0x7fe9e90f7057 (<unknown module>)
    #14 0x7fe9e90f14e6 (<unknown module>)
    #5 0x7fe9ed7890f4 in JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*) ??:0:0
    #6 0x7fe9ed787b57 in JavaCalls::call(JavaValue*, methodHandle, JavaCallArguments*, Thread*) ??:0:0
    #7 0x7fe9ed80e7f3 in JVM_DoPrivileged ??:0:0
    #18 0x7fe9e9103d97 (<unknown module>)
    #19 0x7fe9e90f7232 (<unknown module>)
    #20 0x7fe9e90f7057 (<unknown module>)
    #21 0x7fe9e90f734f (<unknown module>)
    #22 0x7fe9e90f734f (<unknown module>)
    #23 0x7fe9e90f71d3 (<unknown module>)
    #24 0x7fe9e90f71d3 (<unknown module>)
    #25 0x7fe9e90f71d3 (<unknown module>)
    #26 0x7fe9e90f734f (<unknown module>)
    #27 0x7fe9e90f7232 (<unknown module>)
    #28 0x7fe9e90f7232 (<unknown module>)
    #29 0x7fe9e90f7232 (<unknown module>)

Thread T1 created by T0 here:
    #0 0x7fe9f16089ee in __interceptor_pthread_create _asan_rtl_:0
    #1 0x7fe9f11a44c8 in ContinueInNewThread0 ??:0:0
    #2 0x7fe9f1199589 in ContinueInNewThread ??:0:0
    #3 0x7fe9f119c0df in JLI_Launch ??:0:0
    #4 0x400685 in main ??:0:0
    #5 0x7fe9f0beeec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287:0

SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
  0x0c047fffe1b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fffe1c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fffe1d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fffe1e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fffe1f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fffe200: fa fa fa fa fa fa 00 00 fa fa fd fd fa fa[fd]fd
  0x0c047fffe210: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
  0x0c047fffe220: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fd
  0x0c047fffe230: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
  0x0c047fffe240: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
  0x0c047fffe250: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  ASan internal:           fe
==5387==ABORTING

Original comment by magreenb...@gmail.com on 28 Nov 2014 at 3:45

GoogleCodeExporter commented 9 years ago
Issue 147 has been merged into this issue.

Original comment by magreenb...@gmail.com on 15 Jan 2015 at 3:16

GoogleCodeExporter commented 9 years ago

Original comment by magreenb...@gmail.com on 15 Jan 2015 at 3:18