Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add Klocwork scanning workflows #10

Merged
merged 1 commit into from
Nov 12, 2021
Merged

Add Klocwork scanning workflows #10

merged 1 commit into from
Nov 12, 2021

Conversation

pcolberg
Copy link
Contributor

@pcolberg pcolberg commented Nov 9, 2021
edited
Loading

The main branch scan obtains all Klocwork issues of the main branch and
uploads the results to a Klocwork server. This workflow requires access
to a Klocwork token to authenticate to the server for build and upload.

The pull request workflow does a full analysis of the base ref and an
incremental analysis of the head ref of the pull request using local
scans, which do not require a Klocwork server. This workflow fails if
the incremental analysis finds new issues introduced by the head ref.

@pcolberg pcolberg self-assigned this Nov 9, 2021
@pcolberg pcolberg marked this pull request as draft November 9, 2021 05:19
@pcolberg pcolberg force-pushed the klocwork branch 15 times, most recently from 0e3b747 to 514f61e Compare November 11, 2021 21:14
@pcolberg pcolberg marked this pull request as ready for review November 11, 2021 21:14
@pcolberg pcolberg requested review from zibaiwan and sherry-yuan and removed request for zibaiwan and sherry-yuan November 11, 2021 21:15
@pcolberg pcolberg force-pushed the klocwork branch 4 times, most recently from 72e9b66 to d149c57 Compare November 11, 2021 21:40
@pcolberg pcolberg marked this pull request as draft November 11, 2021 21:45
@pcolberg pcolberg force-pushed the klocwork branch 3 times, most recently from 5c6e9c4 to 7d0a324 Compare November 11, 2021 23:09
@sherry-yuan @pcolberg
Add Klocwork scanning workflows for main branch and pull requests
b8b525e 
The main branch scan obtains all Klocwork issues of the main branch and
uploads the results to a Klocwork server. This workflow requires access
to a Klocwork token to authenticate to the server for build and upload.

The pull request workflow does a full analysis of the base ref and an
incremental analysis of the head ref of the pull request using local
scans, which do not require a Klocwork server. This workflow fails if
the incremental analysis finds new issues introduced by the head ref.
@pcolberg pcolberg marked this pull request as ready for review November 11, 2021 23:13
@pcolberg
Copy link
Contributor Author

pcolberg commented Nov 11, 2021
edited
Loading

This is ready for review. For the pull request workflow, I initially experimented with actions/cache for caching the Klocwork analysis of the base ref, since each full analysis takes a bit less than 5 minutes, but the workflow seemed too complex and nontrivial to maintain. Then I dropped the --rebuild option to kwcheck run, which reduces the incremental analysis of the head ref to a minute. Combined with running ninja on multiple cores under kwinject, the result is a robust, straight-forward workflow that takes a bit more than 5 minutes altogether.

@pcolberg pcolberg force-pushed the klocwork branch 2 times, most recently from 178aeb5 to b8b525e Compare November 11, 2021 23:27
@pcolberg
Copy link
Contributor Author

pcolberg commented Nov 11, 2021
edited
Loading

Tested a passing main branch workflow accessing the Klocwork token from environment secrets, and a failing pull request workflow with an intentional issue:

fpga-runtime-for-opencl/test/acl_profiler_test.cpp

Lines 52 to 55 in d47cd93

int *a;
*a = 1;
int *b = NULL;
*b = 2; 

---------------------------------------------------------------------------
182 (Local) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/test/acl_profiler_test.cpp:55 NPD.GEN.MUST (1:Critical) Analyze
Null pointer 'b' that comes from line 54 will be dereferenced at line 55.
  * acl_profiler_test.cpp:54: 'b' has been assigned a NULL value.
  * acl_profiler_test.cpp:55: 'b' is explicitly dereferenced.
Current status 'Analyze'

---------------------------------------------------------------------------
183 (Local) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/test/acl_profiler_test.cpp:53 UNINIT.STACK.MUST (1:Critical) Analyze
'a' is used uninitialized in this function.
  * acl_profiler_test.cpp:52: 'a' is declared
  * acl_profiler_test.cpp:53: 'a' is used, but is uninitialized.
Current status 'Analyze'

Summary: 2 Local
2 Total Issue(s)
Error: Process completed with exit code 1.

zibaiwan
zibaiwan approved these changes Nov 12, 2021
View reviewed changes
Copy link
Contributor

@zibaiwan zibaiwan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Peter for your great work on this. The flow looks good to me!

sherry-yuan
sherry-yuan approved these changes Nov 12, 2021
View reviewed changes
Copy link
Contributor

@sherry-yuan sherry-yuan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @pcolberg, Looks good to me too.

@pcolberg pcolberg merged commit 52df0e2 into intel:main Nov 12, 2021
@pcolberg pcolberg deleted the klocwork branch November 12, 2021 16:22
pcolberg pushed a commit to sherry-yuan/fpga-runtime-for-opencl that referenced this pull request Feb 17, 2022
@sherry-yuan @pcolberg
Fix TSAN data races
ec8ccf1 
As found in intel#71, tsan reported several issues in the acl_test

Currently when release command queue are called (which frees the memory) subsequent still checks the values at the same address which cause tsan to report heap-use-after-free.

6: TEST(acl_command_queue, after_context_release)==================
6: WARNING: ThreadSanitizer: heap-use-after-free (pid=2499)
6:   Read of size 4 at 0x7b3c000004c4 by main thread:
6:     #0 acl_ref_count<_cl_command_queue*> ../include/acl_util.h:433 (acl_test+0x000000524583)
6:     intel#1 acl_command_queue_after_context_release_Test::testBody() ../test/acl_command_queue_test.cpp:677 (acl_test+0x000000524583)
6:     intel#2 Utest::executePlatformSpecificTestBody() ../lib/CppUTest/src/UtestPlatformGcc.cpp:82 (acl_test+0x0000009320a0)
6:     intel#3 Utest::runInThread() ../lib/CppUTest/src/Utest.cpp:99 (acl_test+0x00000092fe78)
6:     intel#4 acl_command_queue_after_context_release_Test::runInThreadOnCopy() ../test/acl_command_queue_test.cpp:622 (acl_test+0x000000538b4c)
6:     intel#5 Utest::executePlatformSpecificRunInThreads() ../lib/CppUTest/src/UtestPlatformGcc.cpp:175 (acl_test+0x000000932582)
6:     intel#6 Utest::run(TestResult&) ../lib/CppUTest/src/Utest.cpp:83 (acl_test+0x00000092fdd4)
6:     intel#7 Utest::runOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:69 (acl_test+0x00000092fcf2)
6:     intel#8 Utest::executePlatformSpecificRunOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/UtestPlatformGcc.cpp:100 (acl_test+0x0000009322be)
6:     intel#9 Utest::runOneTestWithPlugins(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:63 (acl_test+0x00000092fc77)
6:     intel#10 TestRegistry::runAllTests(TestResult&) ../lib/CppUTest/src/TestRegistry.cpp:72 (acl_test+0x00000092f124)
6:     intel#11 CommandLineTestRunner::runAllTests() ../lib/CppUTest/src/CommandLineTestRunner.cpp:105 (acl_test+0x00000092947d)
6:     intel#12 CommandLineTestRunner::runAllTestsMain() ../lib/CppUTest/src/CommandLineTestRunner.cpp:81 (acl_test+0x0000009295bd)
6:     intel#13 CommandLineTestRunner::RunAllTests(int, char const**) ../lib/CppUTest/src/CommandLineTestRunner.cpp:63 (acl_test+0x0000009296e4)
6:     intel#14 main ../test/acl_test.cpp:90 (acl_test+0x00000090d2d4)
6:
6:   Previous write of size 8 at 0x7b3c000004c0 by main thread (mutexes: write M41):
6:     #0 operator delete(void*) /nfs/site/disks/swip_pr_1/kbrunham/p4root/depot/devenv/tools/gcc/7.4.0/work/src/libsanitizer/tsan/tsan_new_delete.cc:71 (libtsan.so.0+0x00000006af04)
6:     intel#1 acl_delete<_cl_command_queue> ../include/acl_support.h:31 (acl_test+0x00000041118c)
6:     intel#2 acl_free_cl_command_queue ../src/acl_command_queue.cpp:99 (acl_test+0x00000041118c)
6:     intel#3 acl_delete_command_queue ../src/acl_command_queue.cpp:1005 (acl_test+0x000000411461)
6:     intel#4 clReleaseCommandQueueIntelFPGA ../src/acl_command_queue.cpp:288 (acl_test+0x000000413a1e)
6:     intel#5 clReleaseCommandQueue ../src/acl_command_queue.cpp:297 (acl_test+0x000000413a6e)
6:     intel#6 acl_command_queue_after_context_release_Test::testBody() ../test/acl_command_queue_test.cpp:675 (acl_test+0x000000524379)
6:     intel#7 Utest::executePlatformSpecificTestBody() ../lib/CppUTest/src/UtestPlatformGcc.cpp:82 (acl_test+0x0000009320a0)
6:     intel#8 Utest::runInThread() ../lib/CppUTest/src/Utest.cpp:99 (acl_test+0x00000092fe78)
6:     intel#9 acl_command_queue_after_context_release_Test::runInThreadOnCopy() ../test/acl_command_queue_test.cpp:622 (acl_test+0x000000538b4c)
6:     intel#10 Utest::executePlatformSpecificRunInThreads() ../lib/CppUTest/src/UtestPlatformGcc.cpp:175 (acl_test+0x000000932582)
6:     intel#11 Utest::run(TestResult&) ../lib/CppUTest/src/Utest.cpp:83 (acl_test+0x00000092fdd4)
6:     intel#12 Utest::runOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:69 (acl_test+0x00000092fcf2)
6:     intel#13 Utest::executePlatformSpecificRunOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/UtestPlatformGcc.cpp:100 (acl_test+0x0000009322be)
6:     intel#14 Utest::runOneTestWithPlugins(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:63 (acl_test+0x00000092fc77)
6:     intel#15 TestRegistry::runAllTests(TestResult&) ../lib/CppUTest/src/TestRegistry.cpp:72 (acl_test+0x00000092f124)
6:     intel#16 CommandLineTestRunner::runAllTests() ../lib/CppUTest/src/CommandLineTestRunner.cpp:105 (acl_test+0x00000092947d)
6:     intel#17 CommandLineTestRunner::runAllTestsMain() ../lib/CppUTest/src/CommandLineTestRunner.cpp:81 (acl_test+0x0000009295bd)
6:     intel#18 CommandLineTestRunner::RunAllTests(int, char const**) ../lib/CppUTest/src/CommandLineTestRunner.cpp:63 (acl_test+0x0000009296e4)
6:     intel#19 main ../test/acl_test.cpp:90 (acl_test+0x00000090d2d4)
6:
6:   Mutex M41 (0x000004dfc600) created at:
6:     #0 pthread_mutex_init /nfs/site/disks/swip_pr_1/kbrunham/p4root/depot/devenv/tools/gcc/7.4.0/work/src/libsanitizer/tsan/tsan_interceptors.cc:1117 (libtsan.so.0+0x0000000291fe)
6:     intel#1 acl_init_condvar ../lib/acl_threadsupport/src/acl_threadsupport.c:330 (acl_test+0x000000928951)
6:     intel#2 l_global_lock_init ../src/acl_thread.cpp:102 (acl_test+0x0000004fe4eb)
6:     intel#3 __libc_csu_init /home/abuild/rpmbuild/BUILD/glibc-2.22/csu/elf-init.c:88 (acl_test+0x00000093a06c)
6:
6: SUMMARY: ThreadSanitizer: heap-use-after-free ../include/acl_util.h:433 in acl_ref_count<_cl_command_queue*>
6: ==================
6: ==================
6: WARNING: ThreadSanitizer: heap-use-after-free (pid=2499)
6:   Read of size 4 at 0x7b3c000003d4 by main thread:
6:     #0 acl_ref_count<_cl_command_queue*> ../include/acl_util.h:433 (acl_test+0x000000524691)
6:     intel#1 acl_command_queue_after_context_release_Test::testBody() ../test/acl_command_queue_test.cpp:678 (acl_test+0x000000524691)
6:     intel#2 Utest::executePlatformSpecificTestBody() ../lib/CppUTest/src/UtestPlatformGcc.cpp:82 (acl_test+0x0000009320a0)
6:     intel#3 Utest::runInThread() ../lib/CppUTest/src/Utest.cpp:99 (acl_test+0x00000092fe78)
6:     intel#4 acl_command_queue_after_context_release_Test::runInThreadOnCopy() ../test/acl_command_queue_test.cpp:622 (acl_test+0x000000538b4c)
6:     intel#5 Utest::executePlatformSpecificRunInThreads() ../lib/CppUTest/src/UtestPlatformGcc.cpp:175 (acl_test+0x000000932582)
6:     intel#6 Utest::run(TestResult&) ../lib/CppUTest/src/Utest.cpp:83 (acl_test+0x00000092fdd4)
6:     intel#7 Utest::runOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:69 (acl_test+0x00000092fcf2)
6:     intel#8 Utest::executePlatformSpecificRunOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/UtestPlatformGcc.cpp:100 (acl_test+0x0000009322be)
6:     intel#9 Utest::runOneTestWithPlugins(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:63 (acl_test+0x00000092fc77)
6:     intel#10 TestRegistry::runAllTests(TestResult&) ../lib/CppUTest/src/TestRegistry.cpp:72 (acl_test+0x00000092f124)
6:     intel#11 CommandLineTestRunner::runAllTests() ../lib/CppUTest/src/CommandLineTestRunner.cpp:105 (acl_test+0x00000092947d)
6:     intel#12 CommandLineTestRunner::runAllTestsMain() ../lib/CppUTest/src/CommandLineTestRunner.cpp:81 (acl_test+0x0000009295bd)
6:     intel#13 CommandLineTestRunner::RunAllTests(int, char const**) ../lib/CppUTest/src/CommandLineTestRunner.cpp:63 (acl_test+0x0000009296e4)
6:     intel#14 main ../test/acl_test.cpp:90 (acl_test+0x00000090d2d4)
6:
6:   Previous write of size 8 at 0x7b3c000003d0 by main thread (mutexes: write M41):
6:     #0 operator delete(void*) /nfs/site/disks/swip_pr_1/kbrunham/p4root/depot/devenv/tools/gcc/7.4.0/work/src/libsanitizer/tsan/tsan_new_delete.cc:71 (libtsan.so.0+0x00000006af04)
6:     intel#1 acl_delete<_cl_command_queue> ../include/acl_support.h:31 (acl_test+0x00000041118c)
6:     intel#2 acl_free_cl_command_queue ../src/acl_command_queue.cpp:99 (acl_test+0x00000041118c)
6:     intel#3 acl_delete_command_queue ../src/acl_command_queue.cpp:1005 (acl_test+0x000000411461)
6:     intel#4 clReleaseCommandQueueIntelFPGA ../src/acl_command_queue.cpp:288 (acl_test+0x000000413a1e)
6:     intel#5 clReleaseCommandQueue ../src/acl_command_queue.cpp:297 (acl_test+0x000000413a6e)
6:     intel#6 acl_command_queue_after_context_release_Test::testBody() ../test/acl_command_queue_test.cpp:676 (acl_test+0x00000052447d)
6:     intel#7 Utest::executePlatformSpecificTestBody() ../lib/CppUTest/src/UtestPlatformGcc.cpp:82 (acl_test+0x0000009320a0)
6:     intel#8 Utest::runInThread() ../lib/CppUTest/src/Utest.cpp:99 (acl_test+0x00000092fe78)
6:     intel#9 acl_command_queue_after_context_release_Test::runInThreadOnCopy() ../test/acl_command_queue_test.cpp:622 (acl_test+0x000000538b4c)
6:     intel#10 Utest::executePlatformSpecificRunInThreads() ../lib/CppUTest/src/UtestPlatformGcc.cpp:175 (acl_test+0x000000932582)
6:     intel#11 Utest::run(TestResult&) ../lib/CppUTest/src/Utest.cpp:83 (acl_test+0x00000092fdd4)
6:     intel#12 Utest::runOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:69 (acl_test+0x00000092fcf2)
6:     intel#13 Utest::executePlatformSpecificRunOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/UtestPlatformGcc.cpp:100 (acl_test+0x0000009322be)
6:     intel#14 Utest::runOneTestWithPlugins(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:63 (acl_test+0x00000092fc77)
6:     intel#15 TestRegistry::runAllTests(TestResult&) ../lib/CppUTest/src/TestRegistry.cpp:72 (acl_test+0x00000092f124)
6:     intel#16 CommandLineTestRunner::runAllTests() ../lib/CppUTest/src/CommandLineTestRunner.cpp:105 (acl_test+0x00000092947d)
6:     intel#17 CommandLineTestRunner::runAllTestsMain() ../lib/CppUTest/src/CommandLineTestRunner.cpp:81 (acl_test+0x0000009295bd)
6:     intel#18 CommandLineTestRunner::RunAllTests(int, char const**) ../lib/CppUTest/src/CommandLineTestRunner.cpp:63 (acl_test+0x0000009296e4)
6:     intel#19 main ../test/acl_test.cpp:90 (acl_test+0x00000090d2d4)
6:
6:   Mutex M41 (0x000004dfc600) created at:
6:     #0 pthread_mutex_init /nfs/site/disks/swip_pr_1/kbrunham/p4root/depot/devenv/tools/gcc/7.4.0/work/src/libsanitizer/tsan/tsan_interceptors.cc:1117 (libtsan.so.0+0x0000000291fe)
6:     intel#1 acl_init_condvar ../lib/acl_threadsupport/src/acl_threadsupport.c:330 (acl_test+0x000000928951)
6:     intel#2 l_global_lock_init ../src/acl_thread.cpp:102 (acl_test+0x0000004fe4eb)
6:     intel#3 __libc_csu_init /home/abuild/rpmbuild/BUILD/glibc-2.22/csu/elf-init.c:88 (acl_test+0x00000093a06c)
6:
6: SUMMARY: ThreadSanitizer: heap-use-after-free ../include/acl_util.h:433 in acl_ref_count<_cl_command_queue*>
6: ==================
6: ==================
6: WARNING: ThreadSanitizer: heap-use-after-free (pid=2499)
6:   Read of size 8 at 0x7b3c000004b8 by main thread (mutexes: write M41):
6:     #0 int acl_is_valid_ptr<_cl_command_queue*>(_cl_command_queue* const&) ../include/acl_util.h:417 (acl_test+0x000000413780)
6:     intel#1 acl_command_queue_is_valid(_cl_command_queue*) ../src/acl_command_queue.cpp:553 (acl_test+0x000000413780)
6:     intel#2 acl_command_queue_after_context_release_Test::testBody() ../test/acl_command_queue_test.cpp:680 (acl_test+0x0000005247c5)
6:     intel#3 Utest::executePlatformSpecificTestBody() ../lib/CppUTest/src/UtestPlatformGcc.cpp:82 (acl_test+0x0000009320a0)
6:     intel#4 Utest::runInThread() ../lib/CppUTest/src/Utest.cpp:99 (acl_test+0x00000092fe78)
6:     intel#5 acl_command_queue_after_context_release_Test::runInThreadOnCopy() ../test/acl_command_queue_test.cpp:622 (acl_test+0x000000538b4c)
6:     intel#6 Utest::executePlatformSpecificRunInThreads() ../lib/CppUTest/src/UtestPlatformGcc.cpp:175 (acl_test+0x000000932582)
6:     intel#7 Utest::run(TestResult&) ../lib/CppUTest/src/Utest.cpp:83 (acl_test+0x00000092fdd4)
6:     intel#8 Utest::runOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:69 (acl_test+0x00000092fcf2)
6:     intel#9 Utest::executePlatformSpecificRunOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/UtestPlatformGcc.cpp:100 (acl_test+0x0000009322be)
6:     intel#10 Utest::runOneTestWithPlugins(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:63 (acl_test+0x00000092fc77)
6:     intel#11 TestRegistry::runAllTests(TestResult&) ../lib/CppUTest/src/TestRegistry.cpp:72 (acl_test+0x00000092f124)
6:     intel#12 CommandLineTestRunner::runAllTests() ../lib/CppUTest/src/CommandLineTestRunner.cpp:105 (acl_test+0x00000092947d)
6:     intel#13 CommandLineTestRunner::runAllTestsMain() ../lib/CppUTest/src/CommandLineTestRunner.cpp:81 (acl_test+0x0000009295bd)
6:     intel#14 CommandLineTestRunner::RunAllTests(int, char const**) ../lib/CppUTest/src/CommandLineTestRunner.cpp:63 (acl_test+0x0000009296e4)
6:     intel#15 main ../test/acl_test.cpp:90 (acl_test+0x00000090d2d4)
6:
6:   Previous write of size 8 at 0x7b3c000004b8 by main thread (mutexes: write M41):
6:     #0 operator delete(void*) /nfs/site/disks/swip_pr_1/kbrunham/p4root/depot/devenv/tools/gcc/7.4.0/work/src/libsanitizer/tsan/tsan_new_delete.cc:71 (libtsan.so.0+0x00000006af04)
6:     intel#1 acl_delete<_cl_command_queue> ../include/acl_support.h:31 (acl_test+0x00000041118c)
6:     intel#2 acl_free_cl_command_queue ../src/acl_command_queue.cpp:99 (acl_test+0x00000041118c)
6:     intel#3 acl_delete_command_queue ../src/acl_command_queue.cpp:1005 (acl_test+0x000000411461)
6:     intel#4 clReleaseCommandQueueIntelFPGA ../src/acl_command_queue.cpp:288 (acl_test+0x000000413a1e)
6:     intel#5 clReleaseCommandQueue ../src/acl_command_queue.cpp:297 (acl_test+0x000000413a6e)
6:     intel#6 acl_command_queue_after_context_release_Test::testBody() ../test/acl_command_queue_test.cpp:675 (acl_test+0x000000524379)
6:     intel#7 Utest::executePlatformSpecificTestBody() ../lib/CppUTest/src/UtestPlatformGcc.cpp:82 (acl_test+0x0000009320a0)
6:     intel#8 Utest::runInThread() ../lib/CppUTest/src/Utest.cpp:99 (acl_test+0x00000092fe78)
6:     intel#9 acl_command_queue_after_context_release_Test::runInThreadOnCopy() ../test/acl_command_queue_test.cpp:622 (acl_test+0x000000538b4c)
6:     intel#10 Utest::executePlatformSpecificRunInThreads() ../lib/CppUTest/src/UtestPlatformGcc.cpp:175 (acl_test+0x000000932582)
6:     intel#11 Utest::run(TestResult&) ../lib/CppUTest/src/Utest.cpp:83 (acl_test+0x00000092fdd4)
6:     intel#12 Utest::runOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:69 (acl_test+0x00000092fcf2)
6:     intel#13 Utest::executePlatformSpecificRunOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/UtestPlatformGcc.cpp:100 (acl_test+0x0000009322be)
6:     intel#14 Utest::runOneTestWithPlugins(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:63 (acl_test+0x00000092fc77)
6:     intel#15 TestRegistry::runAllTests(TestResult&) ../lib/CppUTest/src/TestRegistry.cpp:72 (acl_test+0x00000092f124)
6:     intel#16 CommandLineTestRunner::runAllTests() ../lib/CppUTest/src/CommandLineTestRunner.cpp:105 (acl_test+0x00000092947d)
6:     intel#17 CommandLineTestRunner::runAllTestsMain() ../lib/CppUTest/src/CommandLineTestRunner.cpp:81 (acl_test+0x0000009295bd)
6:     intel#18 CommandLineTestRunner::RunAllTests(int, char const**) ../lib/CppUTest/src/CommandLineTestRunner.cpp:63 (acl_test+0x0000009296e4)
6:     intel#19 main ../test/acl_test.cpp:90 (acl_test+0x00000090d2d4)
6:
6:   Mutex M41 (0x000004dfc600) created at:
6:     #0 pthread_mutex_init /nfs/site/disks/swip_pr_1/kbrunham/p4root/depot/devenv/tools/gcc/7.4.0/work/src/libsanitizer/tsan/tsan_interceptors.cc:1117 (libtsan.so.0+0x0000000291fe)
6:     intel#1 acl_init_condvar ../lib/acl_threadsupport/src/acl_threadsupport.c:330 (acl_test+0x000000928951)
6:     intel#2 l_global_lock_init ../src/acl_thread.cpp:102 (acl_test+0x0000004fe4eb)
6:     intel#3 __libc_csu_init /home/abuild/rpmbuild/BUILD/glibc-2.22/csu/elf-init.c:88 (acl_test+0x00000093a06c)
6:
6: SUMMARY: ThreadSanitizer: heap-use-after-free ../include/acl_util.h:417 in int acl_is_valid_ptr<_cl_command_queue*>(_cl_command_queue* const&)
6: ==================
6: ==================
6: WARNING: ThreadSanitizer: heap-use-after-free (pid=2499)
6:   Read of size 8 at 0x7b3c000003c8 by main thread (mutexes: write M41):
6:     #0 int acl_is_valid_ptr<_cl_command_queue*>(_cl_command_queue* const&) ../include/acl_util.h:417 (acl_test+0x000000413780)
6:     intel#1 acl_command_queue_is_valid(_cl_command_queue*) ../src/acl_command_queue.cpp:553 (acl_test+0x000000413780)
6:     intel#2 acl_command_queue_after_context_release_Test::testBody() ../test/acl_command_queue_test.cpp:681 (acl_test+0x00000052482f)
6:     intel#3 Utest::executePlatformSpecificTestBody() ../lib/CppUTest/src/UtestPlatformGcc.cpp:82 (acl_test+0x0000009320a0)
6:     intel#4 Utest::runInThread() ../lib/CppUTest/src/Utest.cpp:99 (acl_test+0x00000092fe78)
6:     intel#5 acl_command_queue_after_context_release_Test::runInThreadOnCopy() ../test/acl_command_queue_test.cpp:622 (acl_test+0x000000538b4c)
6:     intel#6 Utest::executePlatformSpecificRunInThreads() ../lib/CppUTest/src/UtestPlatformGcc.cpp:175 (acl_test+0x000000932582)
6:     intel#7 Utest::run(TestResult&) ../lib/CppUTest/src/Utest.cpp:83 (acl_test+0x00000092fdd4)
6:     intel#8 Utest::runOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:69 (acl_test+0x00000092fcf2)
6:     intel#9 Utest::executePlatformSpecificRunOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/UtestPlatformGcc.cpp:100 (acl_test+0x0000009322be)
6:     intel#10 Utest::runOneTestWithPlugins(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:63 (acl_test+0x00000092fc77)
6:     intel#11 TestRegistry::runAllTests(TestResult&) ../lib/CppUTest/src/TestRegistry.cpp:72 (acl_test+0x00000092f124)
6:     intel#12 CommandLineTestRunner::runAllTests() ../lib/CppUTest/src/CommandLineTestRunner.cpp:105 (acl_test+0x00000092947d)
6:     intel#13 CommandLineTestRunner::runAllTestsMain() ../lib/CppUTest/src/CommandLineTestRunner.cpp:81 (acl_test+0x0000009295bd)
6:     intel#14 CommandLineTestRunner::RunAllTests(int, char const**) ../lib/CppUTest/src/CommandLineTestRunner.cpp:63 (acl_test+0x0000009296e4)
6:     intel#15 main ../test/acl_test.cpp:90 (acl_test+0x00000090d2d4)
6:
6:   Previous write of size 8 at 0x7b3c000003c8 by main thread (mutexes: write M41):
6:     #0 operator delete(void*) /nfs/site/disks/swip_pr_1/kbrunham/p4root/depot/devenv/tools/gcc/7.4.0/work/src/libsanitizer/tsan/tsan_new_delete.cc:71 (libtsan.so.0+0x00000006af04)
6:     intel#1 acl_delete<_cl_command_queue> ../include/acl_support.h:31 (acl_test+0x00000041118c)
6:     intel#2 acl_free_cl_command_queue ../src/acl_command_queue.cpp:99 (acl_test+0x00000041118c)
6:     intel#3 acl_delete_command_queue ../src/acl_command_queue.cpp:1005 (acl_test+0x000000411461)
6:     intel#4 clReleaseCommandQueueIntelFPGA ../src/acl_command_queue.cpp:288 (acl_test+0x000000413a1e)
6:     intel#5 clReleaseCommandQueue ../src/acl_command_queue.cpp:297 (acl_test+0x000000413a6e)
6:     intel#6 acl_command_queue_after_context_release_Test::testBody() ../test/acl_command_queue_test.cpp:676 (acl_test+0x00000052447d)
6:     intel#7 Utest::executePlatformSpecificTestBody() ../lib/CppUTest/src/UtestPlatformGcc.cpp:82 (acl_test+0x0000009320a0)
6:     intel#8 Utest::runInThread() ../lib/CppUTest/src/Utest.cpp:99 (acl_test+0x00000092fe78)
6:     intel#9 acl_command_queue_after_context_release_Test::runInThreadOnCopy() ../test/acl_command_queue_test.cpp:622 (acl_test+0x000000538b4c)
6:     intel#10 Utest::executePlatformSpecificRunInThreads() ../lib/CppUTest/src/UtestPlatformGcc.cpp:175 (acl_test+0x000000932582)
6:     intel#11 Utest::run(TestResult&) ../lib/CppUTest/src/Utest.cpp:83 (acl_test+0x00000092fdd4)
6:     intel#12 Utest::runOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:69 (acl_test+0x00000092fcf2)
6:     intel#13 Utest::executePlatformSpecificRunOneTest(TestPlugin*, TestResult&) ../lib/CppUTest/src/UtestPlatformGcc.cpp:100 (acl_test+0x0000009322be)
6:     intel#14 Utest::runOneTestWithPlugins(TestPlugin*, TestResult&) ../lib/CppUTest/src/Utest.cpp:63 (acl_test+0x00000092fc77)
6:     intel#15 TestRegistry::runAllTests(TestResult&) ../lib/CppUTest/src/TestRegistry.cpp:72 (acl_test+0x00000092f124)
6:     intel#16 CommandLineTestRunner::runAllTests() ../lib/CppUTest/src/CommandLineTestRunner.cpp:105 (acl_test+0x00000092947d)
6:     intel#17 CommandLineTestRunner::runAllTestsMain() ../lib/CppUTest/src/CommandLineTestRunner.cpp:81 (acl_test+0x0000009295bd)
6:     intel#18 CommandLineTestRunner::RunAllTests(int, char const**) ../lib/CppUTest/src/CommandLineTestRunner.cpp:63 (acl_test+0x0000009296e4)
6:     intel#19 main ../test/acl_test.cpp:90 (acl_test+0x00000090d2d4)
6:
6:   Mutex M41 (0x000004dfc600) created at:
6:     #0 pthread_mutex_init /nfs/site/disks/swip_pr_1/kbrunham/p4root/depot/devenv/tools/gcc/7.4.0/work/src/libsanitizer/tsan/tsan_interceptors.cc:1117 (libtsan.so.0+0x0000000291fe)
6:     intel#1 acl_init_condvar ../lib/acl_threadsupport/src/acl_threadsupport.c:330 (acl_test+0x000000928951)
6:     intel#2 l_global_lock_init ../src/acl_thread.cpp:102 (acl_test+0x0000004fe4eb)
6:     intel#3 __libc_csu_init /home/abuild/rpmbuild/BUILD/glibc-2.22/csu/elf-init.c:88 (acl_test+0x00000093a06c)
6:
6: SUMMARY: ThreadSanitizer: heap-use-after-free ../include/acl_util.h:417 in int acl_is_valid_ptr<_cl_command_queue*>(_cl_command_queue* const&)
6: ==================
6:  - 227 ms
pcolberg added a commit to pcolberg/fpga-runtime-for-opencl that referenced this pull request Oct 28, 2022
@pcolberg
pkg_editor_test: resolve stack-use-after-scope in create_file()
cb44211 
The buffer passed to acl_pkg_add_data_section() is read later in
acl_pkg_close_file() which invokes elf_update() to flush dirty
information associated with the ELF file descriptor to disk,
at which point the buffer has already gone out of scope.

==677==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffdcce29100 at pc 0x7f3e2e3c92b7 bp 0x7ffdcce1fe10 sp 0x7ffdcce1f5c8
READ of size 7 at 0x7ffdcce29100 thread T0
    #0 0x7f3e2e3c92b6 in __interceptor_pwrite ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1175
    intel#1 0x7f3e2e372d53  (/lib/x86_64-linux-gnu/libelf.so.1+0x7d53)
    intel#2 0x7f3e2e37e9db in elf_update (/lib/x86_64-linux-gnu/libelf.so.1+0x139db)
    intel#3 0x55ceab33a474 in flush_elf_edits /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/src/pkg_editor.c:297
    intel#4 0x55ceab33f46b in acl_pkg_close_file /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/src/pkg_editor.c:1059
    intel#5 0x55ceab31caa6 in CppUTestGroupsample_file::close_file(acl_pkg_file*) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/test/pkg_editor_test.cpp:124
    intel#6 0x55ceab31caa6 in sample_file_update_same_size_Test::testBody() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/test/pkg_editor_test.cpp:303
    intel#7 0x55ceab3353a4 in Utest::executePlatformSpecificTestBody() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/UtestPlatformGcc.cpp:82
    intel#8 0x55ceab3317db in Utest::runInThread() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/Utest.cpp:99
    intel#9 0x55ceab324642 in sample_file_update_same_size_Test::runInThreadOnCopy() (/__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/build/lib/pkg_editor/test/pkg_editor_test+0x23642)
    intel#10 0x55ceab335744 in Utest::executePlatformSpecificRunInThreads() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/UtestPlatformGcc.cpp:175
    intel#11 0x55ceab33172c in Utest::run(TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/Utest.cpp:83
    intel#12 0x55ceab331635 in Utest::runOneTest(TestPlugin*, TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/Utest.cpp:69
    intel#13 0x55ceab3354e2 in Utest::executePlatformSpecificRunOneTest(TestPlugin*, TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/UtestPlatformGcc.cpp:100
    intel#14 0x55ceab3315a0 in Utest::runOneTestWithPlugins(TestPlugin*, TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/Utest.cpp:63
    intel#15 0x55ceab32f93d in TestRegistry::runAllTests(TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/TestRegistry.cpp:72
    intel#16 0x55ceab326222 in CommandLineTestRunner::runAllTests() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/CommandLineTestRunner.cpp:105
    intel#17 0x55ceab3265a8 in CommandLineTestRunner::runAllTestsMain() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/CommandLineTestRunner.cpp:81
    intel#18 0x55ceab326809 in CommandLineTestRunner::RunAllTests(int, char const**) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/CommandLineTestRunner.cpp:63
    intel#19 0x55ceab318364 in main /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/test/pkg_editor_test.cpp:57
    intel#20 0x7f3e2de1dd8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    intel#21 0x7f3e2de1de3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    intel#22 0x55ceab313264 in _start (/__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/build/lib/pkg_editor/test/pkg_editor_test+0x12264)

Address 0x7ffdcce29100 is located in stack of thread T0 at offset 48 in frame
    #0 0x55ceab31c4bd in sample_file_update_same_size_Test::testBody() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/test/pkg_editor_test.cpp:280

  This frame has 15 object(s):
    [48, 55) 'name' (line 105) <== Memory access at offset 48 is inside this variable
    [80, 88) 'data_size' (line 309)
    [112, 120) '<unknown>'
    [144, 152) '<unknown>'
    [176, 184) '<unknown>'
    [208, 216) '<unknown>'
    [240, 248) '<unknown>'
    [272, 280) '<unknown>'
    [304, 312) '<unknown>'
    [336, 344) '<unknown>'
    [368, 408) '_f' (line 312)
    [448, 488) '_f' (line 314)
    [528, 568) '_f' (line 330)
    [608, 648) '_f' (line 333)
    [688, 1688) 'buf' (line 305)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1175 in __interceptor_pwrite
Shadow bytes around the buggy address:
  0x1000399bd1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000399bd1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000399bd1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000399bd200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000399bd210: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1
=>0x1000399bd220:[f8]f2 00 00 00 f2 00 00 00 f2 00 00 00 f2 00 00
  0x1000399bd230: 00 f2 00 00 00 f2 00 00 00 f2 00 00 00 f2 00 00
  0x1000399bd240: 00 f2 00 00 00 f2 f2 f2 00 00 00 00 00 f2 f2 f2
  0x1000399bd250: f2 f2 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00
  0x1000399bd260: 00 f2 f2 f2 f2 f2 00 00 00 00 00 f2 f2 f2 f2 f2
  0x1000399bd270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==677==ABORTING
pcolberg added a commit to pcolberg/fpga-runtime-for-opencl that referenced this pull request Oct 28, 2022
@pcolberg
pkg_editor_test: resolve stack-buffer-overflow in TEST(sample_file, r…
d9f8c80 
…ead_readonly)

=================================================================
==676==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc679debcd at pc 0x55f5fd0c3041 bp 0x7ffc679de920 sp 0x7ffc679de910
WRITE of size 1 at 0x7ffc679debcd thread T0
    #0 0x55f5fd0c3040 in acl_pkg_read_section /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/src/pkg_editor.c:620
    intel#1 0x55f5fd09fe5e in sample_file_read_readonly_Test::testBody() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/test/pkg_editor_test.cpp:234
    intel#2 0x55f5fd0b9ee6 in Utest::executePlatformSpecificTestBody() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/UtestPlatformGcc.cpp:82
    intel#3 0x55f5fd0b631d in Utest::runInThread() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/Utest.cpp:99
    intel#4 0x55f5fd0a8d18 in sample_file_read_readonly_Test::runInThreadOnCopy() (/__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/build/lib/pkg_editor/test/pkg_editor_test+0x22d18)
    intel#5 0x55f5fd0ba286 in Utest::executePlatformSpecificRunInThreads() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/UtestPlatformGcc.cpp:175
    intel#6 0x55f5fd0b626e in Utest::run(TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/Utest.cpp:83
    intel#7 0x55f5fd0b6177 in Utest::runOneTest(TestPlugin*, TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/Utest.cpp:69
    intel#8 0x55f5fd0ba024 in Utest::executePlatformSpecificRunOneTest(TestPlugin*, TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/UtestPlatformGcc.cpp:100
    intel#9 0x55f5fd0b60e2 in Utest::runOneTestWithPlugins(TestPlugin*, TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/Utest.cpp:63
    intel#10 0x55f5fd0b447f in TestRegistry::runAllTests(TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/TestRegistry.cpp:72
    intel#11 0x55f5fd0aad64 in CommandLineTestRunner::runAllTests() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/CommandLineTestRunner.cpp:105
    intel#12 0x55f5fd0ab0ea in CommandLineTestRunner::runAllTestsMain() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/CommandLineTestRunner.cpp:81
    intel#13 0x55f5fd0ab34b in CommandLineTestRunner::RunAllTests(int, char const**) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/CommandLineTestRunner.cpp:63
    intel#14 0x55f5fd09d1b8 in main /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/test/pkg_editor_test.cpp:57
    intel#15 0x7f5f076aed8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    intel#16 0x7f5f076aee3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    intel#17 0x55f5fd098264 in _start (/__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/build/lib/pkg_editor/test/pkg_editor_test+0x12264)

Address 0x7ffc679debcd is located in stack of thread T0 at offset 589 in frame
    #0 0x55f5fd09f4f9 in sample_file_read_readonly_Test::testBody() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/test/pkg_editor_test.cpp:209

  This frame has 13 object(s):
    [48, 56) 'data_size' (line 229)
    [80, 88) '<unknown>'
    [112, 120) '<unknown>'
    [144, 152) '<unknown>'
    [176, 184) '<unknown>'
    [208, 216) 'data_result_ptr' (line 237)
    [240, 248) '<unknown>'
    [272, 280) '<unknown>'
    [304, 344) '_f' (line 232)
    [384, 424) '_f' (line 236)
    [464, 504) '_f' (line 240)
    [544, 557) 'hw' (line 214)
    [576, 589) 'data_result' (line 233) <== Memory access at offset 589 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/src/pkg_editor.c:620 in acl_pkg_read_section
Shadow bytes around the buggy address:
  0x10000cf33d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cf33d30: f1 f1 f1 f1 00 00 00 f2 00 00 00 f2 00 00 00 f2
  0x10000cf33d40: 00 00 00 f2 00 00 00 f2 00 00 00 f2 00 00 00 f2
  0x10000cf33d50: 00 00 00 f2 f2 f2 00 00 00 00 00 f2 f2 f2 f2 f2
  0x10000cf33d60: 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 f2
=>0x10000cf33d70: f2 f2 f2 f2 00 05 f2 f2 00[05]f3 f3 00 00 00 00
  0x10000cf33d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cf33d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cf33da0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cf33db0: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
  0x10000cf33dc0: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==676==ABORTING
pcolberg added a commit to pcolberg/fpga-runtime-for-opencl that referenced this pull request Oct 28, 2022
@pcolberg
pkg_editor_test: resolve stack-buffer-overflow calling acl_pkg_read_s…
24996d6 
…ection()

=================================================================
==676==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc679debcd at pc 0x55f5fd0c3041 bp 0x7ffc679de920 sp 0x7ffc679de910
WRITE of size 1 at 0x7ffc679debcd thread T0
    #0 0x55f5fd0c3040 in acl_pkg_read_section /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/src/pkg_editor.c:620
    intel#1 0x55f5fd09fe5e in sample_file_read_readonly_Test::testBody() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/test/pkg_editor_test.cpp:234
    intel#2 0x55f5fd0b9ee6 in Utest::executePlatformSpecificTestBody() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/UtestPlatformGcc.cpp:82
    intel#3 0x55f5fd0b631d in Utest::runInThread() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/Utest.cpp:99
    intel#4 0x55f5fd0a8d18 in sample_file_read_readonly_Test::runInThreadOnCopy() (/__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/build/lib/pkg_editor/test/pkg_editor_test+0x22d18)
    intel#5 0x55f5fd0ba286 in Utest::executePlatformSpecificRunInThreads() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/UtestPlatformGcc.cpp:175
    intel#6 0x55f5fd0b626e in Utest::run(TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/Utest.cpp:83
    intel#7 0x55f5fd0b6177 in Utest::runOneTest(TestPlugin*, TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/Utest.cpp:69
    intel#8 0x55f5fd0ba024 in Utest::executePlatformSpecificRunOneTest(TestPlugin*, TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/UtestPlatformGcc.cpp:100
    intel#9 0x55f5fd0b60e2 in Utest::runOneTestWithPlugins(TestPlugin*, TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/Utest.cpp:63
    intel#10 0x55f5fd0b447f in TestRegistry::runAllTests(TestResult&) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/TestRegistry.cpp:72
    intel#11 0x55f5fd0aad64 in CommandLineTestRunner::runAllTests() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/CommandLineTestRunner.cpp:105
    intel#12 0x55f5fd0ab0ea in CommandLineTestRunner::runAllTestsMain() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/CommandLineTestRunner.cpp:81
    intel#13 0x55f5fd0ab34b in CommandLineTestRunner::RunAllTests(int, char const**) /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/CppUTest/src/CommandLineTestRunner.cpp:63
    intel#14 0x55f5fd09d1b8 in main /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/test/pkg_editor_test.cpp:57
    intel#15 0x7f5f076aed8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    intel#16 0x7f5f076aee3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    intel#17 0x55f5fd098264 in _start (/__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/build/lib/pkg_editor/test/pkg_editor_test+0x12264)

Address 0x7ffc679debcd is located in stack of thread T0 at offset 589 in frame
    #0 0x55f5fd09f4f9 in sample_file_read_readonly_Test::testBody() /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/test/pkg_editor_test.cpp:209

  This frame has 13 object(s):
    [48, 56) 'data_size' (line 229)
    [80, 88) '<unknown>'
    [112, 120) '<unknown>'
    [144, 152) '<unknown>'
    [176, 184) '<unknown>'
    [208, 216) 'data_result_ptr' (line 237)
    [240, 248) '<unknown>'
    [272, 280) '<unknown>'
    [304, 344) '_f' (line 232)
    [384, 424) '_f' (line 236)
    [464, 504) '_f' (line 240)
    [544, 557) 'hw' (line 214)
    [576, 589) 'data_result' (line 233) <== Memory access at offset 589 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /__w/fpga-runtime-for-opencl/fpga-runtime-for-opencl/lib/pkg_editor/src/pkg_editor.c:620 in acl_pkg_read_section
Shadow bytes around the buggy address:
  0x10000cf33d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cf33d30: f1 f1 f1 f1 00 00 00 f2 00 00 00 f2 00 00 00 f2
  0x10000cf33d40: 00 00 00 f2 00 00 00 f2 00 00 00 f2 00 00 00 f2
  0x10000cf33d50: 00 00 00 f2 f2 f2 00 00 00 00 00 f2 f2 f2 f2 f2
  0x10000cf33d60: 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 f2
=>0x10000cf33d70: f2 f2 f2 f2 00 05 f2 f2 00[05]f3 f3 00 00 00 00
  0x10000cf33d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cf33d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cf33da0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cf33db0: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
  0x10000cf33dc0: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==676==ABORTING
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@sherry-yuan sherry-yuan sherry-yuan approved these changes

@zibaiwan zibaiwan zibaiwan approved these changes

Assignees

@pcolberg pcolberg

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pcolberg @zibaiwan @sherry-yuan