Subject: [Boost-bugs] [Boost C++ Libraries] #10756: AddressSanitizer container overflow in deadline_timer
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2014-11-05 23:46:44
#10756: AddressSanitizer container overflow in deadline_timer
------------------------------+----------------------------
Reporter: harjotgill@… | Owner: chris_kohlhoff
Type: Bugs | Status: new
Milestone: To Be Determined | Component: asio
Version: Boost 1.56.0 | Severity: Problem
Keywords: AddressSanitizer |
------------------------------+----------------------------
I am scheduling 3 ASIO deadline timers back-to-back, wrapping them in a
single strand. There is a single thread that services io_service->run(). I
see the following "container-overflow" violation:
{{{
=================================================================
==16399==ERROR: AddressSanitizer: container-overflow on address
0x60c000017550 at pc 0x0001088e1b3a bp 0x00010ea96510 sp 0x00010ea95cd0
READ of size 8 at 0x60c000017550 thread T2
#0 0x1088e1b39 in __asan_memcpy
(/opt/local/libexec/llvm-3.6/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x24b39)
#1 0x1084a286a in
boost::date_time::counted_time_rep<boost::posix_time::millisec_posix_time_system_config>::time_count()
const (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x10056186a)
#2 0x1084a264e in
boost::date_time::counted_time_system<boost::date_time::counted_time_rep<boost::posix_time::millisec_posix_time_system_config>
>::is_less(boost::date_time::counted_time_rep<boost::posix_time::millisec_posix_time_system_config>
const&,
boost::date_time::counted_time_rep<boost::posix_time::millisec_posix_time_system_config>
const&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x10056164e)
#3 0x10808ccec in
boost::date_time::base_time<boost::posix_time::ptime,
boost::date_time::counted_time_system<boost::date_time::counted_time_rep<boost::posix_time::millisec_posix_time_system_config>
> >::operator<(boost::posix_time::ptime const&) const
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x10014bcec)
#4 0x10823e079 in
boost::asio::time_traits<boost::posix_time::ptime>::less_than(boost::posix_time::ptime
const&, boost::posix_time::ptime const&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x1002fd079)
#5 0x108297b9a in
boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::down_heap(unsigned
long) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x100356b9a)
#6 0x108296b02 in
boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::remove_timer(boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::per_timer_data&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x100355b02)
#7 0x1083bc9ef in
boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::get_ready_timers(boost::asio::detail::op_queue<boost::asio::detail::task_io_service_operation>&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x10047b9ef)
#8 0x1083ba430 in
boost::asio::detail::timer_queue<boost::asio::time_traits<boost::posix_time::ptime>
>::get_ready_timers(boost::asio::detail::op_queue<boost::asio::detail::task_io_service_operation>&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x100479430)
#9 0x10960c74c in
boost::asio::detail::timer_queue_set::get_ready_timers(boost::asio::detail::op_queue<boost::asio::detail::task_io_service_operation>&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0x4374c)
#10 0x10960c0cd in boost::asio::detail::kqueue_reactor::run(bool,
boost::asio::detail::op_queue<boost::asio::detail::task_io_service_operation>&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0x430cd)
#11 0x10960b846 in
boost::asio::detail::task_io_service::do_run_one(boost::asio::detail::scoped_lock<boost::asio::detail::posix_mutex>&,
boost::asio::detail::task_io_service_thread_info&,
boost::system::error_code const&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0x42846)
#12 0x10960b3aa in
boost::asio::detail::task_io_service::run(boost::system::error_code&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0x423aa)
#13 0x1095e2940 in boost::asio::io_service::run()
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0x19940)
#14 0x1095d01f7 in eximius::Platform::ProcessorRun(unsigned int)
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0x71f7)
#15 0x1095e81fe in void boost::_bi::list1<boost::_bi::value<unsigned
int> >::operator()<void (*)(unsigned int),
boost::_bi::list0>(boost::_bi::type<void>, void (*&)(unsigned int),
boost::_bi::list0&, int)
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0x1f1fe)
#16 0x1095e817b in boost::_bi::bind_t<void, void (*)(unsigned int),
boost::_bi::list1<boost::_bi::value<unsigned int> > >::operator()()
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0x1f17b)
#17 0x1095f5d7b in boost::detail::thread_data<boost::_bi::bind_t<void,
void (*)(unsigned int), boost::_bi::list1<boost::_bi::value<unsigned int>
> > >::run() (/Users/hgill/Work/dpi/sp4/build_debug/install/lib
/libgencore-platform.dylib+0x2cd7b)
#18 0x10a477d04 in boost::(anonymous namespace)::thread_proxy(void*)
(/opt/local/lib/libboost_thread-mt.dylib+0x2d04)
#19 0x7fff93dbc2fb in _pthread_body
(/usr/lib/system/libsystem_pthread.dylib+0x32fb)
#20 0x7fff93dbc278 in _pthread_start
(/usr/lib/system/libsystem_pthread.dylib+0x3278)
#21 0x7fff93dba4b0 in thread_start
(/usr/lib/system/libsystem_pthread.dylib+0x14b0)
0x60c000017550 is located 80 bytes inside of 128-byte region
[0x60c000017500,0x60c000017580)
allocated by thread T0 here:
#0 0x1088ea2ab in wrap__Znwm
(/opt/local/libexec/llvm-3.6/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x2d2ab)
#1 0x108248c8a in
std::__1::__split_buffer<boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::heap_entry,
std::__1::allocator<boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::heap_entry>&>::__split_buffer(unsigned
long, unsigned long,
std::__1::allocator<boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::heap_entry>&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x100307c8a)
#2 0x108241d93 in
std::__1::__split_buffer<boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::heap_entry,
std::__1::allocator<boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::heap_entry>&>::__split_buffer(unsigned
long, unsigned long,
std::__1::allocator<boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::heap_entry>&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x100300d93)
#3 0x108241498 in void
std::__1::vector<boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::heap_entry,
std::__1::allocator<boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::heap_entry>
>::__push_back_slow_path<boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::heap_entry
const>(boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::heap_entry
const&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x100300498)
#4 0x10823c621 in
boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::enqueue_timer(boost::posix_time::ptime
const&,
boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::per_timer_data&,
boost::asio::detail::wait_op*)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x1002fb621)
#5 0x10823b51a in
boost::asio::detail::timer_queue<boost::asio::time_traits<boost::posix_time::ptime>
>::enqueue_timer(boost::posix_time::ptime const&,
boost::asio::detail::timer_queue<boost::asio::detail::forwarding_posix_time_traits>::per_timer_data&,
boost::asio::detail::wait_op*)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x1002fa51a)
#6 0x108238e17 in void
boost::asio::detail::kqueue_reactor::schedule_timer<boost::asio::time_traits<boost::posix_time::ptime>
>(boost::asio::detail::timer_queue<boost::asio::time_traits<boost::posix_time::ptime>
>&, boost::asio::time_traits<boost::posix_time::ptime>::time_type const&,
boost::asio::detail::timer_queue<boost::asio::time_traits<boost::posix_time::ptime>
>::per_timer_data&, boost::asio::detail::wait_op*)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x1002f7e17)
#7 0x1082375bc in void
boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>
>::async_wait<boost::asio::detail::wrapped_handler<boost::asio::io_service::strand,
boost::_bi::bind_t<void, boost::_mfi::mf1<void,
eximius::EximiusTimerHandler<boost::function<void ()> >,
boost::system::error_code const&>,
boost::_bi::list2<boost::_bi::value<eximius::EximiusTimerHandler<boost::function<void
()> >*>, boost::arg<1> (*)()> >,
boost::asio::detail::is_continuation_if_running>
>(boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>
>::implementation_type&,
boost::asio::detail::wrapped_handler<boost::asio::io_service::strand,
boost::_bi::bind_t<void, boost::_mfi::mf1<void,
eximius::EximiusTimerHandler<boost::function<void ()> >,
boost::system::error_code const&>,
boost::_bi::list2<boost::_bi::value<eximius::EximiusTimerHandler<boost::function<void
()> >*>, boost::arg<1> (*)()> >,
boost::asio::detail::is_continuation_if_running>&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x1002f65bc)
#8 0x108236536 in
boost::asio::async_result<boost::asio::handler_type<boost::asio::detail::wrapped_handler<boost::asio::io_service::strand,
boost::_bi::bind_t<void, boost::_mfi::mf1<void,
eximius::EximiusTimerHandler<boost::function<void ()> >,
boost::system::error_code const&>,
boost::_bi::list2<boost::_bi::value<eximius::EximiusTimerHandler<boost::function<void
()> >*>, boost::arg<1> (*)()> >,
boost::asio::detail::is_continuation_if_running>, void
(boost::system::error_code)>::type>::type
boost::asio::deadline_timer_service<boost::posix_time::ptime,
boost::asio::time_traits<boost::posix_time::ptime>
>::async_wait<boost::asio::detail::wrapped_handler<boost::asio::io_service::strand,
boost::_bi::bind_t<void, boost::_mfi::mf1<void,
eximius::EximiusTimerHandler<boost::function<void ()> >,
boost::system::error_code const&>,
boost::_bi::list2<boost::_bi::value<eximius::EximiusTimerHandler<boost::function<void
()> >*>, boost::arg<1> (*)()> >,
boost::asio::detail::is_continuation_if_running>
>(boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>
>::implementation_type&,
boost::asio::detail::wrapped_handler<boost::asio::io_service::strand,
boost::_bi::bind_t<void, boost::_mfi::mf1<void,
eximius::EximiusTimerHandler<boost::function<void ()> >,
boost::system::error_code const&>,
boost::_bi::list2<boost::_bi::value<eximius::EximiusTimerHandler<boost::function<void
()> >*>, boost::arg<1> (*)()> >,
boost::asio::detail::is_continuation_if_running> const&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x1002f5536)
#9 0x108205259 in
boost::asio::async_result<boost::asio::handler_type<boost::asio::detail::wrapped_handler<boost::asio::io_service::strand,
boost::_bi::bind_t<void, boost::_mfi::mf1<void,
eximius::EximiusTimerHandler<boost::function<void ()> >,
boost::system::error_code const&>,
boost::_bi::list2<boost::_bi::value<eximius::EximiusTimerHandler<boost::function<void
()> >*>, boost::arg<1> (*)()> >,
boost::asio::detail::is_continuation_if_running>, void
(boost::system::error_code)>::type>::type
boost::asio::basic_deadline_timer<boost::posix_time::ptime,
boost::asio::time_traits<boost::posix_time::ptime>,
boost::asio::deadline_timer_service<boost::posix_time::ptime,
boost::asio::time_traits<boost::posix_time::ptime> >
>::async_wait<boost::asio::detail::wrapped_handler<boost::asio::io_service::strand,
boost::_bi::bind_t<void, boost::_mfi::mf1<void,
eximius::EximiusTimerHandler<boost::function<void ()> >,
boost::system::error_code const&>,
boost::_bi::list2<boost::_bi::value<eximius::EximiusTimerHandler<boost::function<void
()> >*>, boost::arg<1> (*)()> >,
boost::asio::detail::is_continuation_if_running>
>(boost::asio::detail::wrapped_handler<boost::asio::io_service::strand,
boost::_bi::bind_t<void, boost::_mfi::mf1<void,
eximius::EximiusTimerHandler<boost::function<void ()> >,
boost::system::error_code const&>,
boost::_bi::list2<boost::_bi::value<eximius::EximiusTimerHandler<boost::function<void
()> >*>, boost::arg<1> (*)()> >,
boost::asio::detail::is_continuation_if_running> const&)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x1002c4259)
#10 0x1081f95d6 in eximius::EximiusTimerHandler<boost::function<void
()> >::StartTimer() (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin
/process-manager+0x1002b85d6)
#11 0x108081a7c in int
eximius::Platform::ScheduleTimer<boost::function<void ()>
>(boost::posix_time::time_duration const&, boost::function<void ()>
const&, bool, char const*, unsigned int, unsigned int)
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x100140a7c)
#12 0x107fe3143 in eximius::ProcessControl::StartTimers()
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x1000a2143)
#13 0x107f75593 in eximius::ProcessControl::StartApplication()
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x100034593)
#14 0x1096bc66e in
eximius::EximiusApplication::StartEximiusApplication()
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0xf366e)
#15 0x108585856 in main
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x100644856)
#16 0x7fff9077f5c8 in start (/usr/lib/system/libdyld.dylib+0x35c8)
#17 0x0 (<unknown module>)
Thread T2 created by T0 here:
#0 0x1088e106f in wrap_pthread_create
(/opt/local/libexec/llvm-3.6/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x2406f)
#1 0x10a477c1b in boost::thread::start_thread_noexcept()
(/opt/local/lib/libboost_thread-mt.dylib+0x2c1b)
#2 0x1095f4d04 in boost::thread::start_thread()
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0x2bd04)
#3 0x1095f4c65 in boost::thread::thread<boost::_bi::bind_t<void, void
(*)(unsigned int), boost::_bi::list1<boost::_bi::value<unsigned int> > >
>(boost::_bi::bind_t<void, void (*)(unsigned int),
boost::_bi::list1<boost::_bi::value<unsigned int> > >,
boost::disable_if_c<boost::thread_detail::is_convertible<boost::_bi::bind_t<void,
void (*)(unsigned int), boost::_bi::list1<boost::_bi::value<unsigned int>
> >&, boost::detail::thread_move_t<boost::_bi::bind_t<void, void
(*)(unsigned int), boost::_bi::list1<boost::_bi::value<unsigned int> > > >
>::value, boost::thread::dummy*>::type)
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0x2bc65)
#4 0x1095e307a in boost::thread::thread<boost::_bi::bind_t<void, void
(*)(unsigned int), boost::_bi::list1<boost::_bi::value<unsigned int> > >
>(boost::_bi::bind_t<void, void (*)(unsigned int),
boost::_bi::list1<boost::_bi::value<unsigned int> > >,
boost::disable_if_c<boost::thread_detail::is_convertible<boost::_bi::bind_t<void,
void (*)(unsigned int), boost::_bi::list1<boost::_bi::value<unsigned int>
> >&, boost::detail::thread_move_t<boost::_bi::bind_t<void, void
(*)(unsigned int), boost::_bi::list1<boost::_bi::value<unsigned int> > > >
>::value, boost::thread::dummy*>::type)
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0x1a07a)
#5 0x1095da31f in eximius::Platform::Initialize()
(/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-
platform.dylib+0x1131f)
#6 0x1085803a8 in main
(/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-
manager+0x10063f3a8)
#7 0x7fff9077f5c8 in start (/usr/lib/system/libdyld.dylib+0x35c8)
#8 0x0 (<unknown module>)
SUMMARY: AddressSanitizer: container-overflow ??:0 __asan_memcpy
Shadow bytes around the buggy address:
0x1c1800002e50: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x1c1800002e60: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x1c1800002e70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c1800002e80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x1c1800002e90: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
=>0x1c1800002ea0: 00 00 00 00 00 00 00 00 00 00[fc]fc fc fc fc fc
0x1c1800002eb0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x1c1800002ec0: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
0x1c1800002ed0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c1800002ee0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x1c1800002ef0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
ASan internal: fe
==16399==ABORTING
}}}
Somehow, the problem goes away when I schedule < 3 timers.
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/10756> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:17 UTC