Closed
Description
with the attached file there's a SIGSEV when executing goto-instrument with this (incorrect) binary GOTO
reported as
=================================================================
==9413==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000029e50 at pc 0x0000013805b5 bp 0x7ffffae9cf70 sp 0x7ffffae9cf60
READ of size 8 at 0x603000029e50 thread T0
#0 0x13805b4 in std::vector<local_bitvector_analysist::flagst, std::allocator<local_bitvector_analysist::flagst> >::size() const /usr/include/c++/5/bits/stl_vector.h:655
#1 0x13805b4 in local_bitvector_analysist::loc_infot::merge(local_bitvector_analysist::loc_infot const&) /home/guedemann/source/diffBlue/cbmc-fork/src/analyses/local_bitvector_analysis.cp
p:62
#2 0x138439a in local_bitvector_analysist::build(goto_function_templatet<goto_programt> const&) /home/guedemann/source/diffBlue/cbmc-fork/src/analyses/local_bitvector_analysis.cpp:376
#3 0x1334bac in local_bitvector_analysist::local_bitvector_analysist(goto_function_templatet<goto_programt> const&) /home/guedemann/source/diffBlue/cbmc-fork/src/analyses/local_bitvector_
analysis.h:39
#4 0x1334bac in goto_checkt::goto_check(goto_function_templatet<goto_programt>&) /home/guedemann/source/diffBlue/cbmc-fork/src/analyses/goto_check.cpp:1571
#5 0x133f37f in goto_check(namespacet const&, optionst const&, goto_functionst&) /home/guedemann/source/diffBlue/cbmc-fork/src/analyses/goto_check.cpp:1852
#6 0x43cd87 in goto_instrument_parse_optionst::instrument_goto_program() /home/guedemann/source/diffBlue/cbmc-fork/src/goto-instrument/goto_instrument_parse_options.cpp:1115
#7 0x4477dc in goto_instrument_parse_optionst::doit() /home/guedemann/source/diffBlue/cbmc-fork/src/goto-instrument/goto_instrument_parse_options.cpp:151
#8 0x4284d6 in main /home/guedemann/source/diffBlue/cbmc-fork/src/goto-instrument/goto_instrument_main.cpp:34
#9 0x7fd16676582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#10 0x435588 in _start (/home/guedemann/source/diffBlue/cbmc-fork/src/goto-instrument/goto-instrument+0x435588)
0x603000029e50 is located 8 bytes to the right of 24-byte region [0x603000029e30,0x603000029e48)
allocated by thread T0 here:
#0 0x7fd168155532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x1385f09 in __gnu_cxx::new_allocator<local_bitvector_analysist::loc_infot>::allocate(unsigned long, void const*) /usr/include/c++/5/ext/new_allocator.h:104
#2 0x1385f09 in std::allocator_traits<std::allocator<local_bitvector_analysist::loc_infot> >::allocate(std::allocator<local_bitvector_analysist::loc_infot>&, unsigned long) /usr/include/c
++/5/bits/alloc_traits.h:491
#3 0x1385f09 in std::_Vector_base<local_bitvector_analysist::loc_infot, std::allocator<local_bitvector_analysist::loc_infot> >::_M_allocate(unsigned long) /usr/include/c++/5/bits/stl_vect
or.h:170
#4 0x1385f09 in std::vector<local_bitvector_analysist::loc_infot, std::allocator<local_bitvector_analysist::loc_infot> >::_M_default_append(unsigned long) /usr/include/c++/5/bits/vector.t
cc:557
#5 0x1924277 (/home/guedemann/source/diffBlue/cbmc-fork/src/goto-instrument/goto-instrument+0x1924277)
SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/include/c++/5/bits/stl_vector.h:655 std::vector<local_bitvector_analysist::flagst, std::allocator<local_bitvector_analysist::flagst> >::si
ze() const
Activity
Squashed 'benchmarks/LIBRARIES/models/' changes from 1e8b77c83..24023…
Merge pull request diffblue#542 from diffblue/jd/feature/DI_tool_pipe…
TGWDB commentedon Mar 24, 2021
Closing this due to age and inability to reproduce (cbmc too far out of date). Please reopen if you believe this is still a producible bug on current cbmc.