Closed pezcode closed 5 months ago
I'll take a look this weekend - I asaned on Windows, maybe missed something. Maybe it's just something with parameters so tiny...
In the meantime, can you send my your compile command line so I can match exactly?
Thanks for looking into it 😌
Not 100% sure which of these options are relevant, so I attached the entire MSVC 2022 command line.
If it makes things simpler, this a completely default MSVC project generated by CMake with the only change being /fsanitize=address
:
project(stbir2-asan-test CXX)
add_executable(${PROJECT_NAME} main.cpp)
target_compile_options(${PROJECT_NAME} PRIVATE -fsanitize=address)
If you add the repro code up top to main.cpp and copy + include stb_image_resize2.h
, you should be good.
Anyway, complete command lines:
Compiler:
/ifcOutput "stbir2-asan-test.dir\Debug\" /GS /W3 /Zc:wchar_t /Zi /Gm- /Od /Ob0 /Fd"stbir2-asan-test.dir\Debug\vc143.pdb" /Zc:inline /fp:precise /D "_MBCS" /D "WIN32" /D "_WINDOWS" /D "CMAKE_INTDIR=\"Debug\"" /errorReport:prompt /fsanitize=address /WX- /Zc:forScope /RTC1 /GR /Gd /MDd /Fa"stbir2-asan-test.dir\Debug\" /EHsc /nologo /Fo"stbir2-asan-test.dir\Debug\" /Fp"stbir2-asan-test.dir\Debug\stbir2-asan-test.pch" /diagnostics:column
Linker:
/OUT:"C:\dev\stbir2-asan\build\Debug\stbir2-asan-test.exe" /MANIFEST /NXCOMPAT /PDB:"C:/dev/stbir2-asan/build/Debug/stbir2-asan-test.pdb" /DYNAMICBASE "kernel32.lib" "user32.lib" "gdi32.lib" "winspool.lib" "shell32.lib" "ole32.lib" "oleaut32.lib" "uuid.lib" "comdlg32.lib" "advapi32.lib" /IMPLIB:"C:/dev/stbir2-asan/build/Debug/stbir2-asan-test.lib" /DEBUG /MACHINE:X64 /INCREMENTAL /PGD:"C:\dev\stbir2-asan\build\Debug\stbir2-asan-test.pgd" /SUBSYSTEM:CONSOLE /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /ManifestFile:"stbir2-asan-test.dir\Debug\stbir2-asan-test.exe.intermediate.manifest" /LTCGOUT:"stbir2-asan-test.dir\Debug\stbir2-asan-test.iobj" /ERRORREPORT:PROMPT /ILK:"stbir2-asan-test.dir\Debug\stbir2-asan-test.ilk" /NOLOGO /TLBID:1
In case it helps, it looks like the bug is on line 3700, where the loop looks like this:
stbir__contributors * contribs = contributors + num_contributors - 1;
float * coeffs = coefficents + widest * ( num_contributors - 1 );
// go until no chance of clipping (this is usually less than 8 lops)
while ( ( ( contribs->n0 + widest*2 ) >= row_width ) && ( contribs >= contributors ) )
{
...
--contribs;
coeffs -= widest;
}
contribs
iterates backwards through coefficients
; in pezcode's example above, contribs reaches the 8 bytes before the start of contributors
, and then the first clause in the while
condition tries to dereference contribs->n0
.
Since there's a range check later on, I think the fix is to swap the first and second clauses in the condition so short-circuit evaluation works correctly:
// go until no chance of clipping (this is usually less than 8 lops)
while ( (contribs >= contributors) && ( ( contribs->n0 + widest*2 ) >= row_width ) )
Yeah, I think it's something simple like that - I'll make sure and get it updated.
Since there's a range check later on, I think the fix is to swap the first and second clauses in the condition so short-circuit evaluation works correctly:
// go until no chance of clipping (this is usually less than 8 lops) while ( (contribs >= contributors) && ( ( contribs->n0 + widest*2 ) >= row_width ) )
Can confirm that this fixes the ASan error for me👍
Confirmed that this is the correct fix, will be posting fix soon. Only triggers with asan, since we use one big allocation in non-asan and it would just do the single bad read from the internal scanline buffer, heh. Also, tested all small input sizes less than 16 (most of my asan testing was on small output buffers).
Fix from https://github.com/nothings/stb/pull/1561 made it into 2.04, can confirm that fixes the issue. Thanks!
Describe the bug
We're getting Address Sanitizer errors with
stbir_resize()
in stb_image_resize v2.00. Happens both with clang on Linux as well as MSVC. I added a full error log from an MSVC run further below.To Reproduce
Compile and run this snippet with ASan enabled:
Expected behavior No ASan errors
Error log