AddressSanitizer: heap-buffer-overflow in SpheresFactory.cpp:59
Running "yade --check", which was compiled with the address sanitizer, detects the memory problem in the SpherePack.cpp. Heap-Buffer-Overflow is detected. The problem is in this code:
if (PSDcum[PSDcum.size()]!=1.0) {
The full AddressSanitizer output is here:
==5489==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200004ff58 at pc 0x7f2fd06725ca bp 0x7f2fb851b000 sp 0x7f2fb851aff8
READ of size 8 at 0x60200004ff58 thread T45
#0 0x7f2fd06725c9 in yade::SpheresFactory::action() /home/gladk/dem/yade/trunk/pkg/dem/SpheresFactory.cpp:59
#1 0x7f2fcddf9ec9 in yade::Scene::moveToNextTimeStep() /home/gladk/dem/yade/trunk/core/Scene.cpp:98
#2 0x7f2fcde081b3 in yade::SimulationFlow::singleAction() /home/gladk/dem/yade/trunk/core/SimulationFlow.cpp:26
#3 0x7f2fcdebf2f7 in yade::ThreadWorker::callSingleAction() /home/gladk/dem/yade/trunk/core/ThreadWorker.cpp:73
#4 0x7f2fcdeb5809 in yade::ThreadRunner::call() /home/gladk/dem/yade/trunk/core/ThreadRunner.cpp:54
#5 0x7f2fcdeb777f in yade::ThreadRunner::run() /home/gladk/dem/yade/trunk/core/ThreadRunner.cpp:28
#6 0x7f2fcdeb7a78 in boost::_mfi::mf0<void, yade::ThreadRunner>::operator()(yade::ThreadRunner*) const /usr/include/boost/bind/mem_fn_template.hpp:49
#7 0x7f2fcdeb7a78 in void boost::_bi::list1<boost::_bi::value<yade::ThreadRunner*> >::operator()<boost::_mfi::mf0<void, yade::ThreadRunner>, boost::_bi::list0>(boost::_bi::type<void>, boost::_mfi::mf0<void,
yade::ThreadRunner>&, boost::_bi::list0&, int) /usr/include/boost/bind/bind.hpp:259
#8 0x7f2fcdeb7a78 in boost::_bi::bind_t<void, boost::_mfi::mf0<void, yade::ThreadRunner>, boost::_bi::list1<boost::_bi::value<yade::ThreadRunner*> > >::operator()() /usr/include/boost/bind/bind.hpp:1294
#9 0x7f2fcdeb7a78 in boost::detail::function::void_function_obj_invoker0<boost::_bi::bind_t<void, boost::_mfi::mf0<void, yade::ThreadRunner>, boost::_bi::list1<boost::_bi::value<yade::ThreadRunner*> > >, vo$
d>::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:159
#10 0x7f2fcdebd53b in boost::function0<void>::operator()() const /usr/include/boost/function/function_template.hpp:768
#11 0x7f2fcdebd53b in boost::detail::thread_data<boost::function0<void> >::run() /usr/include/boost/thread/detail/thread.hpp:117
#12 0x7f2fcadd5f64 (/lib/x86_64-linux-gnu/libboost_thread.so.1.67.0+0x14f64)
#13 0x7f2fd5f04fa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486
#14 0x7f2fd5a4b4ce in clone (/lib/x86_64-linux-gnu/libc.so.6+0xf94ce)
0x60200004ff58 is located 0 bytes to the right of 8-byte region [0x60200004ff50,0x60200004ff58)
allocated by thread T0 here:
#0 0x7f2fd6081d30 in operator new(unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0xead30)
#1 0x7f2fcde80194 in __gnu_cxx::new_allocator<double>::allocate(unsigned long, void const*) /usr/include/c++/8/ext/new_allocator.h:111
#2 0x7f2fcde80194 in std::allocator_traits<std::allocator<double> >::allocate(std::allocator<double>&, unsigned long) /usr/include/c++/8/bits/alloc_traits.h:436
#3 0x7f2fcde80194 in std::_Vector_base<double, std::allocator<double> >::_M_allocate(unsigned long) /usr/include/c++/8/bits/stl_vector.h:296
#4 0x7f2fcde80194 in double* std::vector<double, std::allocator<double> >::_M_allocate_and_copy<__gnu_cxx::__normal_iterator<double const*, std::vector<double, std::allocator<double> > > >(unsigned long, __$
nu_cxx::__normal_iterator<double const*, std::vector<double, std::allocator<double> > >, __gnu_cxx::__normal_iterator<double const*, std::vector<double, std::allocator<double> > >) /usr/include/c++/8/bits/stl_v$
ctor.h:1398
#5 0x7f2fcde80194 in std::vector<double, std::allocator<double> >::operator=(std::vector<double, std::allocator<double> > const&) /usr/include/c++/8/bits/vector.tcc:214
#6 0x7f2fd06bbe86 in yade::SpheresFactory::pySetAttr(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, boost::python::api::object const&) /home/gladk/dem/yade/trunk/pkg$
dem/SpheresFactory.hpp:26
#7 0x7f2fd06be381 in yade::CircularFactory::pySetAttr(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, boost::python::api::object const&) /home/gladk/dem/yade/trunk/pk$
/dem/SpheresFactory.hpp:66
#8 0x7f2fd10b4560 in yade::Serializable::pyUpdateAttrs(boost::python::dict const&) /home/gladk/dem/yade/trunk/lib/serialization/Serializable.cpp:44
#9 0x7f2fd06c43ea in boost::shared_ptr<yade::CircularFactory> yade::Serializable_ctor_kwAttrs<yade::CircularFactory>(boost::python::tuple&, boost::python::dict&) /home/gladk/dem/yade/trunk/lib/serialization$
#10 0x7f2fd068e473 in _object* boost::python::detail::invoke<boost::python::detail::install_holder<boost::shared_ptr<yade::CircularFactory> >, boost::shared_ptr<yade::CircularFactory> (*)(boost::python::tup$
e&, boost::python::dict&), boost::python::arg_from_python<boost::python::tuple&>, boost::python::arg_from_python<boost::python::dict&> >(boost::python::detail::invoke_tag_<false, false>, boost::python::detail::i
nstall_holder<boost::shared_ptr<yade::CircularFactory> > const&, boost::shared_ptr<yade::CircularFactory> (*&)(boost::python::tuple&, boost::python::dict&), boost::python::arg_from_python<boost::python::tuple&>&
, boost::python::arg_from_python<boost::python::dict&>&) /usr/include/boost/python/detail/invoke.hpp:73
#11 0x7f2fd068e473 in boost::python::detail::caller_arity<2u>::impl<boost::shared_ptr<yade::CircularFactory> (*)(boost::python::tuple&, boost::python::dict&), boost::python::detail::constructor_policy<boost:
:python::default_call_policies>, boost::mpl::vector3<boost::shared_ptr<yade::CircularFactory>, boost::python::tuple&, boost::python::dict&> >::operator()(_object*, _object*) /usr/include/boost/python/detail/call
er.hpp:216
#12 0x7f2fd068e473 in boost::python::objects::signature_py_function_impl<boost::python::detail::caller<boost::shared_ptr<yade::CircularFactory> (*)(boost::python::tuple&, boost::python::dict&), boost::python
::detail::constructor_policy<boost::python::default_call_policies>, boost::mpl::vector3<boost::shared_ptr<yade::CircularFactory>, boost::python::tuple&, boost::python::dict&> >, boost::mpl::v_item<void, boost::m
pl::v_item<boost::python::api::object, boost::mpl::v_mask<boost::mpl::vector3<boost::shared_ptr<yade::CircularFactory>, boost::python::tuple&, boost::python::dict&>, 1>, 1>, 1> >::operator()(_object*, _object*)
/usr/include/boost/python/object/py_function.hpp:64
#13 0x7f2fcb3f812c in boost::python::objects::function::call(_object*, _object*) const (/lib/x86_64-linux-gnu/libboost_python37.so.1.67.0+0x2512c)
Thread T45 created by T0 here:
#0 0x7f2fd5fe7db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
#1 0x7f2fcadd468a in boost::thread::start_thread_noexcept() (/lib/x86_64-linux-gnu/libboost_thread.so.1.67.0+0x1368a)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/gladk/dem/yade/trunk/pkg/dem/SpheresFactory.cpp:59 in yade::SpheresFactory::action()
Shadow bytes around the buggy address:
0x0c0480001f90: fa fa fd fd fa fa fd fa fa fa fd fd fa fa fd fa
0x0c0480001fa0: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd
0x0c0480001fb0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x0c0480001fc0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x0c0480001fd0: fa fa 00 00 fa fa 00 00 fa fa 00 fa fa fa fd fa
=>0x0c0480001fe0: fa fa 00 fa fa fa fd fa fa fa 00[fa]fa fa fd fd
0x0c0480001ff0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fa
0x0c0480002000: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c0480002010: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c0480002020: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c0480002030: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==5489==ABORTING