search

rpm-software-management / dnf5

Next-generation RPM package management system
Other
253 stars 86 forks source link

run_tests_cli test failure because of a use-after-free #1692

Open asarubbo opened 1 month ago

asarubbo commented 1 month ago

I get a test failure compiling dnf5-5.2.6.0 on gentoo/guru; here is the stacktrace if compiled with asan:

 ~ $ ASAN_OPTIONS=symbolize=1,detect_odr_violation=0,detect_leaks=0 ./run_tests_cli
RepoqueryTest::test_format_set_with_simple_str (duration: 23ms) : OK
RepoqueryTest::test_format_set_with_tags (duration: 20ms) : OK
RepoqueryTest::test_format_set_with_invalid_tags (duration: 20ms) : OK
RepoqueryTest::test_format_set_with_tags_with_spacing (duration: 20ms) : OK
RepoqueryTest::test_pkg_attr_uniq_sorted (duration: 20ms) : OK
RepoqueryTest::test_requires_filelists (duration: 19ms) : OK
ArgumentParserTest::test_argument_parser (duration: 1ms) : OK
UTF8Test::test_length_en (duration: 0ms) : OK
UTF8Test::test_length_cs (duration: 0ms) : OK
UTF8Test::test_length_cn (duration: 0ms) : OK
UTF8Test::test_length_ja (duration: 0ms) : OK
UTF8Test::test_width_en (duration: 0ms) : OK
UTF8Test::test_width_cs (duration: 0ms) : OK
UTF8Test::test_width_cn (duration: 0ms) : OK
UTF8Test::test_width_ja (duration: 0ms) : OK
UTF8Test::test_substr_length_en (duration: 0ms) : OK
UTF8Test::test_substr_length_cs (duration: 0ms) : OK
UTF8Test::test_substr_length_cn (duration: 0ms) : OK
UTF8Test::test_substr_length_ja (duration: 0ms) : OK
UTF8Test::test_substr_width_en (duration: 0ms) : OK
UTF8Test::test_substr_width_cs (duration: 0ms) : OK
UTF8Test::test_substr_width_cn (duration: 0ms) : OK
UTF8Test::test_substr_width_ja (duration: 0ms) : OK
OK (23)
=================================================================
==27676==ERROR: AddressSanitizer: heap-use-after-free on address 0x507000001f48 at pc 0x63a15f705c79 bp 0x7ffc326527e0 sp 0x7ffc326527d0
READ of size 8 at 0x507000001f48 thread T0
    #0 0x63a15f705c78 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_S_right(std::_Rb_tree_node_base*) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:786
    #1 0x63a15f6deecf in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_erase(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x82decf)
    #2 0x76e8125406e9 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::~_Rb_tree() /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:982
    #3 0x76e81256faa5 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, libdnf5::sack::QueryCmp, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::~map() (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/libdnf5/libdnf5.so.2+0x8dfaa5)
    #4 0x76e812b6d750 in __cxa_finalize (/lib64/libc.so.6+0x3e750)
    #5 0x76e811f51ae6  (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/libdnf5/libdnf5.so.2+0x2c1ae6)

0x507000001f48 is located 24 bytes inside of 72-byte region [0x507000001f30,0x507000001f78)
freed by thread T0 here:
    #0 0x63a15f212858 in operator delete(void*, unsigned long) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x361858)
    #1 0x63a15f72e2fd in std::__new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::deallocate(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*, unsigned long) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x87d2fd)
    #2 0x63a15f71a609 in std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::deallocate(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*, unsigned long) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/allocator.h:208
    #3 0x63a15f71a609 in std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > > >::deallocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >&, std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*, unsigned long) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/alloc_traits.h:513
    #4 0x63a15f71a609 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_put_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:563
    #5 0x63a15f705cf3 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_drop_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:630
    #6 0x63a15f6def04 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_erase(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x82df04)
    #7 0x63a15f6a56a7 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::~_Rb_tree() /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:982
    #8 0x63a15f73b855 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, libdnf5::sack::QueryCmp, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::~map() (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x88a855)
    #9 0x76e812b6dc90  (/lib64/libc.so.6+0x3ec90)

previously allocated by thread T0 here:
    #0 0x63a15f2117b8 in operator new(unsigned long) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x3607b8)
    #1 0x63a15f73284b in std::__new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::allocate(unsigned long, void const*) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x88184b)
    #2 0x63a15f72a8c6 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_get_node() (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x8798c6)
    #3 0x63a15f72536b in std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >* std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_create_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&>(std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:609
    #4 0x63a15f71ae5d in std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >* std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_Alloc_node::operator()<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&>(std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&) const /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:527
    #5 0x63a15f70697e in std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_insert_<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&, std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_Alloc_node>(std::_Rb_tree_node_base*, std::_Rb_tree_node_base*, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&, std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_Alloc_node&) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:1827
    #6 0x63a15f6df25d in std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_insert_unique_<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&, std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_Alloc_node>(std::_Rb_tree_const_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&, std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_Alloc_node&) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x82e25d)
    #7 0x63a15f6a589f in std::enable_if<std::is_same<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::iterator_traits<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const*>::value_type>::value, void>::type std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_insert_range_unique<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const*>(std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const*, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const*) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:1100
    #8 0x63a15f672a8a in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, libdnf5::sack::QueryCmp, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::map(std::initializer_list<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > const&, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > const&) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_map.h:244
    #9 0x63a15f63a878 in __static_initialization_and_destruction_0 /var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0/libdnf5/rpm/versionlock_config.cpp:126
    #10 0x63a15f63abba in _GLOBAL__sub_I_versionlock_config.cpp /var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0/libdnf5/rpm/versionlock_config.cpp:290
    #11 0x76e812b5529d in __libc_start_main (/lib64/libc.so.6+0x2629d)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:786 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_S_right(std::_Rb_tree_node_base*)
Shadow bytes around the buggy address:
  0x507000001c80: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
  0x507000001d00: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 00 00
  0x507000001d80: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
  0x507000001e00: 00 00 00 00 00 fa fa fa fa fa fd fd fd fd fd fd
  0x507000001e80: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x507000001f00: fd fa fa fa fa fa fd fd fd[fd]fd fd fd fd fd fa
  0x507000001f80: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
  0x507000002000: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x507000002080: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fd fd
  0x507000002100: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
  0x507000002180: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==27676==ABORTING

Downstream report: https://bugs.gentoo.org/939518

ppisar commented 1 month ago

I confirm this issue when configuring current HEAD with CXXFLAGS='-O0 -g -fsanitize=address' and running the tests with ASAN_OPTIONS=detect_odr_violation=0 (otherwise the test fails sooner of one-defintion-rule violation).

Many other tests fail on the same place.