container overflow

[conradjones]

built from source 10 minutes ago

`================================================================= ==50180==ERROR: AddressSanitizer: container-overflow on address 0x6170000f9528 at pc 0x0001079d0637 bp 0x7ffee833d490 sp 0x7ffee833d488 READ of size 8 at 0x6170000f9528 thread T0

0 0x1079d0636 in profiler_gui::EasyBlockItem::left() const common_types.h:94

#1 0x107b849dd in GraphicsBlockItem::intersect(QPointF const&, unsigned int&) const::$_6::operator()(profiler_gui::EasyBlockItem const&, double) const graphics_block_item.cpp:1278
#2 0x107b84851 in std::__1::__wrap_iter<profiler_gui::EasyBlockItem const*> std::__1::__lower_bound<GraphicsBlockItem::intersect(QPointF const&, unsigned int&) const::$_6&, std::__1::__wrap_iter<profiler_gui::EasyBlockItem const*>, double>(std::__1::__wrap_iter<profiler_gui::EasyBlockItem const*>, std::__1::__wrap_iter<profiler_gui::EasyBlockItem const*>, double const&, GraphicsBlockItem::intersect(QPointF const&, unsigned int&) const::$_6&) algorithm:4102
#3 0x107b77116 in std::__1::__wrap_iter<profiler_gui::EasyBlockItem const*> std::__1::lower_bound<std::__1::__wrap_iter<profiler_gui::EasyBlockItem const*>, double, GraphicsBlockItem::intersect(QPointF const&, unsigned int&) const::$_6>(std::__1::__wrap_iter<profiler_gui::EasyBlockItem const*>, std::__1::__wrap_iter<profiler_gui::EasyBlockItem const*>, double const&, GraphicsBlockItem::intersect(QPointF const&, unsigned int&) const::$_6) algorithm:4119
#4 0x107b75801 in GraphicsBlockItem::intersect(QPointF const&, unsigned int&) const graphics_block_item.cpp:1276
#5 0x1079ea4d6 in BlocksGraphicsView::onIdleTimeout() blocks_graphics_view.cpp:2407
#6 0x107a26438 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (BlocksGraphicsView::*)()>::call(void (BlocksGraphicsView::*)(), BlocksGraphicsView*, void**) qobjectdefs_impl.h:152
#7 0x107a26135 in void QtPrivate::FunctionPointer<void (BlocksGraphicsView::*)()>::call<QtPrivate::List<>, void>(void (BlocksGraphicsView::*)(), BlocksGraphicsView*, void**) qobjectdefs_impl.h:185
#8 0x107a25ce1 in QtPrivate::QSlotObject<void (BlocksGraphicsView::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) qobjectdefs_impl.h:414
#9 0x10cdb9384 in QtPrivate::QSlotObjectBase::call(QObject*, void**) qobjectdefs_impl.h:394
#10 0x10ce97a3a in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3789
#11 0x10ce9662c in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) qobject.cpp:3660
#12 0x10cec8b05 in QTimer::timeout(QTimer::QPrivateSignal) moc_qtimer.cpp:205
#13 0x10cec896c in QTimer::timerEvent(QTimerEvent*) qtimer.cpp:255
#14 0x10ce7e499 in QObject::event(QEvent*) qobject.cpp:1241
#15 0x1085bd737 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3703
#16 0x1085c3fbb in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3059
#17 0x10cd87345 in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1095
#18 0x10cd89a9a in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1490
#19 0x10cf9f02c in QTimerInfoList::activateTimers() qtimerinfo_unix.cpp:643
#20 0x1147a2874 in QCocoaEventDispatcherPrivate::processTimers() qcocoaeventdispatcher.mm:129
#21 0x1147a283c in QCocoaEventDispatcherPrivate::activateTimersSourceCallback(void*) qcocoaeventdispatcher.mm:123
#22 0x7fff2f7e4e32 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (CoreFoundation:x86_64h+0x57e32)
#23 0x7fff2f7e4dd8 in __CFRunLoopDoSource0 (CoreFoundation:x86_64h+0x57dd8)
#24 0x7fff2f7c879a in __CFRunLoopDoSources0 (CoreFoundation:x86_64h+0x3b79a)
#25 0x7fff2f7c7d64 in __CFRunLoopRun (CoreFoundation:x86_64h+0x3ad64)
#26 0x7fff2f7c766d in CFRunLoopRunSpecific (CoreFoundation:x86_64h+0x3a66d)
#27 0x7fff2ea261aa in RunCurrentEventLoopInMode (HIToolbox:x86_64+0xb1aa)
#28 0x7fff2ea25ee4 in ReceiveNextEventCommon (HIToolbox:x86_64+0xaee4)
#29 0x7fff2ea25c75 in _BlockUntilNextEventMatchingListInModeWithFilter (HIToolbox:x86_64+0xac75)
#30 0x7fff2cdbd77c in _DPSNextEvent (AppKit:x86_64+0x1a77c)
#31 0x7fff2cdbc46a in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (AppKit:x86_64+0x1946a)
#32 0x7fff2cdb6587 in -[NSApplication run] (AppKit:x86_64+0x13587)
#33 0x1147a4fed in QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) qcocoaeventdispatcher.mm:429
#34 0x10cd759a4 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) qeventloop.cpp:138
#35 0x10cd760b9 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) qeventloop.cpp:225
#36 0x10cd89225 in QCoreApplication::exec() qcoreapplication.cpp:1403
#37 0x10abdd445 in QGuiApplication::exec() qguiapplication.cpp:1788
#38 0x1085c2268 in QApplication::exec() qapplication.cpp:2859
#39 0x1078d1c95 in main main.cpp:77
#40 0x7fff5b74f3d4 in start (libdyld.dylib:x86_64+0x163d4)

0x6170000f9528 is located 552 bytes inside of 768-byte region [0x6170000f9300,0x6170000f9600) allocated by thread T0 here:

0 0x10dba2502 in wrap__Znwm (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x6e502)

#1 0x107b83108 in std::__1::__libcpp_allocate(unsigned long, unsigned long) new:239
#2 0x107b8d4e1 in std::__1::allocator<profiler_gui::EasyBlockItem>::allocate(unsigned long, void const*) memory:1814
#3 0x107b8d370 in std::__1::allocator_traits<std::__1::allocator<profiler_gui::EasyBlockItem> >::allocate(std::__1::allocator<profiler_gui::EasyBlockItem>&, unsigned long) memory:1547
#4 0x107b8d129 in std::__1::__split_buffer<profiler_gui::EasyBlockItem, std::__1::allocator<profiler_gui::EasyBlockItem>&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator<profiler_gui::EasyBlockItem>&) __split_buffer:311
#5 0x107b8cd9c in std::__1::__split_buffer<profiler_gui::EasyBlockItem, std::__1::allocator<profiler_gui::EasyBlockItem>&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator<profiler_gui::EasyBlockItem>&) __split_buffer:310
#6 0x107b8e0e3 in void std::__1::vector<profiler_gui::EasyBlockItem, std::__1::allocator<profiler_gui::EasyBlockItem> >::__emplace_back_slow_path<>() vector:1668
#7 0x107b79540 in void std::__1::vector<profiler_gui::EasyBlockItem, std::__1::allocator<profiler_gui::EasyBlockItem> >::emplace_back<>() vector:1695
#8 0x107b79274 in GraphicsBlockItem::addItem(unsigned char) graphics_block_item.cpp:1478
#9 0x1079ce1fa in BlocksGraphicsView::setTree(GraphicsBlockItem*, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&, double&, unsigned int&, double, short) blocks_graphics_view.cpp:1137
#10 0x1079ce72c in BlocksGraphicsView::setTree(GraphicsBlockItem*, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&, double&, unsigned int&, double, short) blocks_graphics_view.cpp:1159
#11 0x1079ce72c in BlocksGraphicsView::setTree(GraphicsBlockItem*, std::__1::vector<unsigned int, std::__1::allocator<unsigned int> > const&, double&, unsigned int&, double, short) blocks_graphics_view.cpp:1159
#12 0x1079ca297 in BlocksGraphicsView::setTree(std::__1::unordered_map<unsigned long long, profiler::BlocksTreeRoot, estd::hash<unsigned long long>, std::__1::equal_to<unsigned long long>, std::__1::allocator<std::__1::pair<unsigned long long const, profiler::BlocksTreeRoot> > > const&) blocks_graphics_view.cpp:972
#13 0x107a2de7b in BlocksGraphicsView::initMode()::$_6::operator()() const blocks_graphics_view.cpp:2117
#14 0x107a2dd6b in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, BlocksGraphicsView::initMode()::$_6>::call(BlocksGraphicsView::initMode()::$_6&, void**) qobjectdefs_impl.h:146
#15 0x107a2dc50 in void QtPrivate::Functor<BlocksGraphicsView::initMode()::$_6, 0>::call<QtPrivate::List<>, void>(BlocksGraphicsView::initMode()::$_6&, void*, void**) qobjectdefs_impl.h:256
#16 0x107a2dbfc in QtPrivate::QFunctorSlotObject<BlocksGraphicsView::initMode()::$_6, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) qobjectdefs_impl.h:439
#17 0x10cdb9384 in QtPrivate::QSlotObjectBase::call(QObject*, void**) qobjectdefs_impl.h:394
#18 0x10ce97a3a in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3789
#19 0x10ce9662c in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) qobject.cpp:3660
#20 0x1078c5af4 in profiler_gui::GlobalSignals::fileOpened() moc_globals_qobjects.cpp:512
#21 0x107c2c995 in MainWindow::onFileReaderTimeout() main_window.cpp:2374
#22 0x107c7aea8 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (MainWindow::*)()>::call(void (MainWindow::*)(), MainWindow*, void**) qobjectdefs_impl.h:152
#23 0x107c7aba5 in void QtPrivate::FunctionPointer<void (MainWindow::*)()>::call<QtPrivate::List<>, void>(void (MainWindow::*)(), MainWindow*, void**) qobjectdefs_impl.h:185
#24 0x107c7a751 in QtPrivate::QSlotObject<void (MainWindow::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) qobjectdefs_impl.h:414
#25 0x10cdb9384 in QtPrivate::QSlotObjectBase::call(QObject*, void**) qobjectdefs_impl.h:394
#26 0x10ce97a3a in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3789
#27 0x10ce9662c in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) qobject.cpp:3660
#28 0x10cec8b05 in QTimer::timeout(QTimer::QPrivateSignal) moc_qtimer.cpp:205
#29 0x10cec896c in QTimer::timerEvent(QTimerEvent*) qtimer.cpp:255

HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0. If you suspect a false positive see also: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow. SUMMARY: AddressSanitizer: container-overflow common_types.h:94 in profiler_gui::EasyBlockItem::left() const Shadow bytes around the buggy address: 0x1c2e0001f250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c2e0001f260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c2e0001f270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c2e0001f280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c2e0001f290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x1c2e0001f2a0: 00 00 fc fc fc[fc]fc fc fc fc fc fc fc fc fc fc 0x1c2e0001f2b0: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 0x1c2e0001f2c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c2e0001f2d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c2e0001f2e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c2e0001f2f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==50180==ABORTING [1] 50180 abort
`

[conradjones]

graphics_block_item.cpp

you are getting the size of a vector called level0 and using that added to the begin iterator of a different vector and these two vectors are not the same size.

surely it would be easy to just use std::end anyway..? Not sure why it's referencing a different vector are they supposed to be in sync ?