OpenFEC LDPC bad free - Githubissues

gavv commented 5 years ago
Can be reproduced with "full_repair_payload_sizes" test. Reproducible only on LDPC and on some small payload sizes, e.g. 13.
==15759==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x602000012ad0 in thread T0
    #0 0x4f6d12 in free (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x4f6d12)
    #1 0x6411cf in of_free /home/victor/dev/roc-project/roc/3rdparty/x86_64-pc-linux-gnu/build/openfec-1.4.2.2/src/openfec-1.4.2.2/src/lib_common/of_mem.c:62:3
    #2 0x64fe0c in of_linear_binary_code_finish_decoding_with_ml /home/victor/dev/roc-project/roc/3rdparty/x86_64-pc-linux-gnu/build/openfec-1.4.2.2/src/openfec-1.4.2.2/src/lib_common/linear_binary_codes_utils/ml_decoding/of_ml_decoding.c:272:5
    #3 0x6459ef in of_ldpc_staircase_finish_decoding /home/victor/dev/roc-project/roc/3rdparty/x86_64-pc-linux-gnu/build/openfec-1.4.2.2/src/openfec-1.4.2.2/src/lib_stable/ldpc_staircase/of_ldpc_staircase_api.c:465:9
    #4 0x642517 in of_finish_decoding /home/victor/dev/roc-project/roc/3rdparty/x86_64-pc-linux-gnu/build/openfec-1.4.2.2/src/openfec-1.4.2.2/src/lib_common/of_openfec_api.c:568:14
    #5 0x61e34d in roc::fec::OFDecoder::decode_() /home/victor/dev/roc-project/roc/src/modules/roc_fec/target_openfec/roc_fec/of_decoder.cpp:220:9
    #6 0x61ba93 in roc::fec::OFDecoder::update_() /home/victor/dev/roc-project/roc/src/modules/roc_fec/target_openfec/roc_fec/of_decoder.cpp:194:5
    #7 0x61b611 in roc::fec::OFDecoder::repair(unsigned long) /home/victor/dev/roc-project/roc/src/modules/roc_fec/target_openfec/roc_fec/of_decoder.cpp:137:9
    #8 0x5f8693 in roc::fec::Codec::decode(unsigned long, unsigned long) /home/victor/dev/roc-project/roc/src/tests/roc_fec/target_openfec/test_encoder_decoder.cpp:55:53
    #9 0x5f6100 in roc::fec::TEST_encoder_decoder_full_repair_payload_sizes_Test::testBody() /home/victor/dev/roc-project/roc/src/tests/roc_fec/target_openfec/test_encoder_decoder.cpp:215:18
    #10 0x66787f in helperDoTestBody (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x66787f)
    #11 0x66a185 in PlatformSpecificSetJmp (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x66a185)
    #12 0x6696f5 in Utest::run() (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x6696f5)
    #13 0x667d1e in UtestShell::runOneTestInCurrentProcess(TestPlugin*, TestResult&) (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x667d1e)
    #14 0x667900 in helperDoRunOneTestInCurrentProcess (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x667900)
    #15 0x66a185 in PlatformSpecificSetJmp (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x66a185)
    #16 0x667beb in UtestShell::runOneTest(TestPlugin*, TestResult&) (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x667beb)
    #17 0x6669c7 in TestRegistry::runAllTests(TestResult&) (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x6669c7)
    #18 0x65e3c4 in CommandLineTestRunner::runAllTests() (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x65e3c4)
    #19 0x65e089 in CommandLineTestRunner::runAllTestsMain() (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x65e089)
    #20 0x65dea6 in CommandLineTestRunner::RunAllTests(int, char const**) (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x65dea6)
    #21 0x5fbc47 in main /home/victor/dev/roc-project/roc/src/tests/test_main.cpp:29:22
    #22 0x7f820b5b0e5a in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.29-r2/work/glibc-2.29/csu/../csu/libc-start.c:308:16
    #23 0x458e89 in _start (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x458e89)

0x602000012ad0 is located 0 bytes inside of 13-byte region [0x602000012ad0,0x602000012add)
allocated by thread T0 here:
    #0 0x4f7053 in __interceptor_malloc (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x4f7053)
    #1 0x641164 in of_malloc /home/victor/dev/roc-project/roc/3rdparty/x86_64-pc-linux-gnu/build/openfec-1.4.2.2/src/openfec-1.4.2.2/src/lib_common/of_mem.c:40:9
    #2 0x6504e0 in of_linear_binary_code_simplify_linear_system_with_a_symbol /home/victor/dev/roc-project/roc/3rdparty/x86_64-pc-linux-gnu/build/openfec-1.4.2.2/src/openfec-1.4.2.2/src/lib_common/linear_binary_codes_utils/ml_decoding/of_ml_decoding.c:406:45
    #3 0x64f9ef in of_linear_binary_code_finish_decoding_with_ml /home/victor/dev/roc-project/roc/3rdparty/x86_64-pc-linux-gnu/build/openfec-1.4.2.2/src/openfec-1.4.2.2/src/lib_common/linear_binary_codes_utils/ml_decoding/of_ml_decoding.c:170:8
    #4 0x6459ef in of_ldpc_staircase_finish_decoding /home/victor/dev/roc-project/roc/3rdparty/x86_64-pc-linux-gnu/build/openfec-1.4.2.2/src/openfec-1.4.2.2/src/lib_stable/ldpc_staircase/of_ldpc_staircase_api.c:465:9
    #5 0x642517 in of_finish_decoding /home/victor/dev/roc-project/roc/3rdparty/x86_64-pc-linux-gnu/build/openfec-1.4.2.2/src/openfec-1.4.2.2/src/lib_common/of_openfec_api.c:568:14
    #6 0x61e34d in roc::fec::OFDecoder::decode_() /home/victor/dev/roc-project/roc/src/modules/roc_fec/target_openfec/roc_fec/of_decoder.cpp:220:9
    #7 0x61ba93 in roc::fec::OFDecoder::update_() /home/victor/dev/roc-project/roc/src/modules/roc_fec/target_openfec/roc_fec/of_decoder.cpp:194:5
    #8 0x61b611 in roc::fec::OFDecoder::repair(unsigned long) /home/victor/dev/roc-project/roc/src/modules/roc_fec/target_openfec/roc_fec/of_decoder.cpp:137:9
    #9 0x5f8693 in roc::fec::Codec::decode(unsigned long, unsigned long) /home/victor/dev/roc-project/roc/src/tests/roc_fec/target_openfec/test_encoder_decoder.cpp:55:53
    #10 0x5f6100 in roc::fec::TEST_encoder_decoder_full_repair_payload_sizes_Test::testBody() /home/victor/dev/roc-project/roc/src/tests/roc_fec/target_openfec/test_encoder_decoder.cpp:215:18
    #11 0x66787f in helperDoTestBody (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x66787f)
    #12 0x66a185 in PlatformSpecificSetJmp (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x66a185)
    #13 0x6696f5 in Utest::run() (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x6696f5)
    #14 0x667d1e in UtestShell::runOneTestInCurrentProcess(TestPlugin*, TestResult&) (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x667d1e)
    #15 0x667900 in helperDoRunOneTestInCurrentProcess (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x667900)
    #16 0x66a185 in PlatformSpecificSetJmp (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x66a185)
    #17 0x667beb in UtestShell::runOneTest(TestPlugin*, TestResult&) (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x667beb)
    #18 0x6669c7 in TestRegistry::runAllTests(TestResult&) (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x6669c7)
    #19 0x65e3c4 in CommandLineTestRunner::runAllTests() (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x65e3c4)
    #20 0x65e089 in CommandLineTestRunner::runAllTestsMain() (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x65e089)
    #21 0x65dea6 in CommandLineTestRunner::RunAllTests(int, char const**) (/home/victor/dev/roc-project/roc/bin/x86_64-pc-linux-gnu/roc-test-fec+0x65dea6)
    #22 0x5fbc47 in main /home/victor/dev/roc-project/roc/src/tests/test_main.cpp:29:22
    #23 0x7f820b5b0e5a in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.29-r2/work/glibc-2.29/csu/../csu/libc-start.c:308:16
gavv commented 5 years ago
Repro:
gavv commented 5 years ago
Reported to upstream.
gavv commented 5 years ago
I was able to reproduce the bug by this small test: https://gist.github.com/gavv/4a0fa01c401c480db2b24fa2f50e49db
The problem was in 64-bit version of of_add_to_multiple_symbols() function which corrupted the memory. This corruption was the reason for both #196 and #197.
I've fixed it in out fork: https://github.com/roc-project/openfec/commit/983d14eeb2f2dd05e4ddc081d42c358881362756
Our test works now: 822194308d98d7d6d0868cfb7162a6caf4d50510
roc-streaming / roc-toolkit

OpenFEC LDPC bad free #196
