SIGSEV in goto-instrument

[mgudemann]

with the attached file there's a SIGSEV when executing goto-instrument with this (incorrect) binary GOTO
reported as

=================================================================
==9413==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000029e50 at pc 0x0000013805b5 bp 0x7ffffae9cf70 sp 0x7ffffae9cf60
READ of size 8 at 0x603000029e50 thread T0
    #0 0x13805b4 in std::vector<local_bitvector_analysist::flagst, std::allocator<local_bitvector_analysist::flagst> >::size() const /usr/include/c++/5/bits/stl_vector.h:655
    #1 0x13805b4 in local_bitvector_analysist::loc_infot::merge(local_bitvector_analysist::loc_infot const&) /home/guedemann/source/diffBlue/cbmc-fork/src/analyses/local_bitvector_analysis.cp
p:62
    #2 0x138439a in local_bitvector_analysist::build(goto_function_templatet<goto_programt> const&) /home/guedemann/source/diffBlue/cbmc-fork/src/analyses/local_bitvector_analysis.cpp:376
    #3 0x1334bac in local_bitvector_analysist::local_bitvector_analysist(goto_function_templatet<goto_programt> const&) /home/guedemann/source/diffBlue/cbmc-fork/src/analyses/local_bitvector_
analysis.h:39
    #4 0x1334bac in goto_checkt::goto_check(goto_function_templatet<goto_programt>&) /home/guedemann/source/diffBlue/cbmc-fork/src/analyses/goto_check.cpp:1571
    #5 0x133f37f in goto_check(namespacet const&, optionst const&, goto_functionst&) /home/guedemann/source/diffBlue/cbmc-fork/src/analyses/goto_check.cpp:1852
    #6 0x43cd87 in goto_instrument_parse_optionst::instrument_goto_program() /home/guedemann/source/diffBlue/cbmc-fork/src/goto-instrument/goto_instrument_parse_options.cpp:1115
    #7 0x4477dc in goto_instrument_parse_optionst::doit() /home/guedemann/source/diffBlue/cbmc-fork/src/goto-instrument/goto_instrument_parse_options.cpp:151
    #8 0x4284d6 in main /home/guedemann/source/diffBlue/cbmc-fork/src/goto-instrument/goto_instrument_main.cpp:34
    #9 0x7fd16676582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #10 0x435588 in _start (/home/guedemann/source/diffBlue/cbmc-fork/src/goto-instrument/goto-instrument+0x435588)

0x603000029e50 is located 8 bytes to the right of 24-byte region [0x603000029e30,0x603000029e48)
allocated by thread T0 here:
    #0 0x7fd168155532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
    #1 0x1385f09 in __gnu_cxx::new_allocator<local_bitvector_analysist::loc_infot>::allocate(unsigned long, void const*) /usr/include/c++/5/ext/new_allocator.h:104
    #2 0x1385f09 in std::allocator_traits<std::allocator<local_bitvector_analysist::loc_infot> >::allocate(std::allocator<local_bitvector_analysist::loc_infot>&, unsigned long) /usr/include/c
++/5/bits/alloc_traits.h:491
    #3 0x1385f09 in std::_Vector_base<local_bitvector_analysist::loc_infot, std::allocator<local_bitvector_analysist::loc_infot> >::_M_allocate(unsigned long) /usr/include/c++/5/bits/stl_vect
or.h:170
    #4 0x1385f09 in std::vector<local_bitvector_analysist::loc_infot, std::allocator<local_bitvector_analysist::loc_infot> >::_M_default_append(unsigned long) /usr/include/c++/5/bits/vector.t
cc:557
    #5 0x1924277  (/home/guedemann/source/diffBlue/cbmc-fork/src/goto-instrument/goto-instrument+0x1924277)

SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/include/c++/5/bits/stl_vector.h:655 std::vector<local_bitvector_analysist::flagst, std::allocator<local_bitvector_analysist::flagst> >::si
ze() const

misaligned-goto-instrument.zip

[TGWDB]

Closing this due to age and inability to reproduce (cbmc too far out of date). Please reopen if you believe this is still a producible bug on current cbmc.