Project

General

Profile

Bug #11546

==13345==ERROR: AddressSanitizer: heap-buffer-overflow

Added by David Schaefer 5 months ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
-
Target version:
-
Start date:
03/20/2017
Due date:
% Done:

0%

Affected Version:
git master branch
System:
Ubuntu
bitness:
64-bit
hardware architecture:
amd64/x86

Description

david@Tower ~/w/darktable.git> env LC_ALL=C ~/unstable/darktable/bin/darktable

(darktable:13345): Gtk-WARNING **: Allocating size to main_window 0x629000060370 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?

(darktable:13345): Gtk-WARNING **: Allocating size to main_window 0x629000060370 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?

(darktable:13345): Gtk-WARNING **: Allocating size to main_window 0x629000060370 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1215.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1231.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1258.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1261.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1344.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1349.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1357.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1365.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1369.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1373.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1381.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1384.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1385.jpg'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1215.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1231.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1258.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1261.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1344.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1349.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1357.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1365.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1369.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1373.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1381.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1384.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1385.png'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1215.tif'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1231.tif'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1258.tif'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1261.tif'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1344.tif'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1349.tif'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1357.tif'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1365.tif'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1369.tif'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1373.tif'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1381.tif'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1384.tif'
[export_job] exported to `/home/david/Schreibtisch/schatzi/DSC_1385.tif'

(darktable:13345): Gtk-WARNING **: Allocating size to main_window 0x629000060370 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate? =================================================================
13345ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020002479e4 at pc 0x7f12d94b85eb bp 0x7ffc251123e0 sp 0x7ffc251123d0
READ of size 4 at 0x6020002479e4 thread T0
#0 0x7f12d94b85ea in expose_filemanager /home/david/workspace/darktable.git/src/views/lighttable.c:694
#1 0x7f12d94b85ea in expose /home/david/workspace/darktable.git/src/views/lighttable.c:1423
#2 0x7f12f92ec562 in dt_view_manager_expose /home/david/workspace/darktable.git/src/views/view.c:521
#3 0x7f12f91875e3 in dt_control_expose /home/david/workspace/darktable.git/src/control/control.c:250
#4 0x7f12f92a21a6 in draw /home/david/workspace/darktable.git/src/gui/gtk.c:447
#5 0x7f12f76a7b10 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x222b10)
#6 0x7f12f77e7fae (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x362fae)
#7 0x7f12f62381a3 (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x101a3)
#8 0x7f12f6252390 in g_signal_emit_valist (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2a390)
#9 0x7f12f6252fae in g_signal_emit (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2afae)
#10 0x7f12f77f4b69 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x36fb69)
#11 0x7f12f75e74af in gtk_container_propagate_draw (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x1624af)
#12 0x7f12f75e7591 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x162591)
#13 0x7f12f759c173 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x117173)
#14 0x7f12f75ec55c (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x16755c)
#15 0x7f12f75f11bf (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x16c1bf)
#16 0x7f12f759eb10 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x119b10)
#17 0x7f12f77f498a (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x36f98a)
#18 0x7f12f75e74af in gtk_container_propagate_draw (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x1624af)
#19 0x7f12f75e7591 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x162591)
#20 0x7f12f7664633 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x1df633)
#21 0x7f12f75ec55c (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x16755c)
#22 0x7f12f75f11bf (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x16c1bf)
#23 0x7f12f7665640 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x1e0640)
#24 0x7f12f77f498a (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x36f98a)
#25 0x7f12f75e74af in gtk_container_propagate_draw (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x1624af)
#26 0x7f12f75e7591 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x162591)
#27 0x7f12f759c173 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x117173)
#28 0x7f12f75ec55c (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x16755c)
#29 0x7f12f75f11bf (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x16c1bf)
#30 0x7f12f759eb10 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x119b10)
#31 0x7f12f77f498a (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x36f98a)
#32 0x7f12f75e74af in gtk_container_propagate_draw (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x1624af)
#33 0x7f12f75e7591 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x162591)
#34 0x7f12f7802710 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x37d710)
#35 0x7f12f77f498a (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x36f98a)
#36 0x7f12f77f4e68 in gtk_widget_send_expose (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x36fe68)
#37 0x7f12f76a6b84 in gtk_main_do_event (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x221b84)
#38 0x7f12f71d0bf4 (/usr/lib/x86_64-linux-gnu/libgdk-3.so.0+0x32bf4)
#39 0x7f12f71df8e7 (/usr/lib/x86_64-linux-gnu/libgdk-3.so.0+0x418e7)
#40 0x7f12f71e0a3b (/usr/lib/x86_64-linux-gnu/libgdk-3.so.0+0x42a3b)
#41 0x7f12f71e0bf2 (/usr/lib/x86_64-linux-gnu/libgdk-3.so.0+0x42bf2)
#42 0x7f12f6237f74 in g_closure_invoke (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0xff74)
#43 0x7f12f6249f81 (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x21f81)
#44 0x7f12f6252bcb in g_signal_emit_valist (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2abcb)
#45 0x7f12f6252fae in g_signal_emit (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2afae)
#46 0x7f12f71d8b80 (/usr/lib/x86_64-linux-gnu/libgdk-3.so.0+0x3ab80)
#47 0x7f12f71c6f57 (/usr/lib/x86_64-linux-gnu/libgdk-3.so.0+0x28f57)
#48 0x7f12f7db7102 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4b102)
#49 0x7f12f7db6689 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a689)
#50 0x7f12f7db6a3f (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4aa3f)
#51 0x7f12f7db6d61 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4ad61)
#52 0x7f12f76a5cf4 in gtk_main (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x220cf4)
#53 0x7f12f92a7ca4 in dt_gui_gtk_run /home/david/workspace/darktable.git/src/gui/gtk.c:1063
#54 0x555c3bfa4a0b in main /home/david/workspace/darktable.git/src/main.c:25
#55 0x7f12f89cc3f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
#56 0x555c3bfa4a59 in _start (/home/david/unstable/darktable/bin/darktable+0xa59)

0x6020002479e4 is located 4 bytes to the right of 16-byte region [0x6020002479d0,0x6020002479e0)
allocated by thread T0 here:
#0 0x7f12f984e070 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc7070)
#1 0x7f12d94b7ced in expose_filemanager /home/david/workspace/darktable.git/src/views/lighttable.c:617
#2 0x7f12d94b7ced in expose /home/david/workspace/darktable.git/src/views/lighttable.c:1423
#3 0x7f12f92ec562 in dt_view_manager_expose /home/david/workspace/darktable.git/src/views/view.c:521
#4 0x7f12f91875e3 in dt_control_expose /home/david/workspace/darktable.git/src/control/control.c:250
#5 0x7f12f92a21a6 in draw /home/david/workspace/darktable.git/src/gui/gtk.c:447
#6 0x7f12f76a7b10 (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x222b10)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/david/workspace/darktable.git/src/views/lighttable.c:694 in expose_filemanager
Shadow bytes around the buggy address:
0x0c0480040ee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480040ef0: fa fa fa fa fa fa fd fa fa fa fa fa fa fa fa fa
0x0c0480040f00: fa fa 02 fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480040f10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480040f20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0480040f30: fa fa 04 fa fa fa fa fa fa fa 00 00[fa]fa fa fa
0x0c0480040f40: fa fa fa fa fa fa 05 fa fa fa fa fa fa fa 00 07
0x0c0480040f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480040f60: fa fa fa fa fa fa fa fa fa fa 02 fa fa fa fa fa
0x0c0480040f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480040f80: fa fa fd fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
13345ABORTING

Also available in: Atom PDF