Page MenuHome
Paste P1095

T68645 ASAN
ActivePublic

Authored by Philipp Oeser (lichtwerk) on Sep 11 2019, 1:40 PM.
==27665==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60800014d2f8 at pc 0x0000028bc1b3 bp 0x7ff4f3199800 sp 0x7ff4f31997f0
READ of size 8 at 0x60800014d2f8 thread T15
#0 0x28bc1b2 in psys_thread_create_path /blender/source/blender/blenkernel/intern/particle.c:2549
#1 0x28be0fc in exec_child_path_cache /blender/source/blender/blenkernel/intern/particle.c:2752
#2 0x2da3658 in task_scheduler_thread_run /blender/source/blender/blenlib/intern/task.c:450
#3 0x7ff53109f5a1 in start_thread (/lib64/libpthread.so.0+0x85a1)
#4 0x7ff52ef5e302 in __clone (/lib64/libc.so.6+0xfb302)
0x60800014d2f8 is located 0 bytes to the right of 88-byte region [0x60800014d2a0,0x60800014d2f8)
allocated by thread T0 here:
#0 0x7ff532557ea6 in __interceptor_calloc (/lib64/libasan.so.5+0x10dea6)
#1 0x2f28cdb in MEM_lockfree_callocN /blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267
#2 0x28a762f in psys_alloc_path_cache_buffers /blender/source/blender/blenkernel/intern/particle.c:174
#3 0x28c3931 in psys_cache_edit_paths /blender/source/blender/blenkernel/intern/particle.c:3304
#4 0x4aba698 in PE_update_object /blender/source/blender/editors/physics/particle_edit.c:1630
#5 0x4178abd in drw_particle_update_ptcache_edit /blender/source/blender/draw/intern/draw_cache_impl_particles.c:1407
#6 0x4178ccf in drw_particle_update_ptcache /blender/source/blender/draw/intern/draw_cache_impl_particles.c:1431
#7 0x417af0a in particles_ensure_procedural_data /blender/source/blender/draw/intern/draw_cache_impl_particles.c:1673
#8 0x418f04e in drw_shgroup_create_hair_procedural_ex /blender/source/blender/draw/intern/draw_hair.c:138
#9 0x418ff19 in DRW_shgroup_hair_create /blender/source/blender/draw/intern/draw_hair.c:236
#10 0x40c4598 in workbench_cache_populate_particles /blender/source/blender/draw/engines/workbench/workbench_deferred.c:939
#11 0x40c5169 in workbench_deferred_solid_cache_populate /blender/source/blender/draw/engines/workbench/workbench_deferred.c:1008
#12 0x40ba99f in workbench_solid_cache_populate /blender/source/blender/draw/engines/workbench/solid_mode.c:52
#13 0x3fd9965 in drw_engines_cache_populate /blender/source/blender/draw/intern/draw_manager.c:1130
#14 0x3fdc232 in DRW_draw_render_loop_ex /blender/source/blender/draw/intern/draw_manager.c:1634
#15 0x3fdb820 in DRW_draw_view /blender/source/blender/draw/intern/draw_manager.c:1550
#16 0x4da4650 in view3d_draw_view /blender/source/blender/editors/space_view3d/view3d_draw.c:1533
#17 0x4da474e in view3d_main_region_draw /blender/source/blender/editors/space_view3d/view3d_draw.c:1557
#18 0x4fc3971 in ED_region_do_draw /blender/source/blender/editors/screen/area.c:535
#19 0x35146e1 in wm_draw_window_offscreen /blender/source/blender/windowmanager/intern/wm_draw.c:632
#20 0x3515205 in wm_draw_window /blender/source/blender/windowmanager/intern/wm_draw.c:768
#21 0x3515df6 in wm_draw_update /blender/source/blender/windowmanager/intern/wm_draw.c:950
#22 0x350bc60 in WM_main /blender/source/blender/windowmanager/intern/wm.c:423
#23 0x24846d0 in main /blender/source/creator/creator.c:491
#24 0x7ff52ee86f32 in __libc_start_main (/lib64/libc.so.6+0x23f32)
Thread T15 created by T0 here:
#0 0x7ff532484965 in pthread_create (/lib64/libasan.so.5+0x3a965)
#1 0x2da3fe2 in BLI_task_scheduler_create /blender/source/blender/blenlib/intern/task.c:517
#2 0x2dab9b8 in BLI_task_scheduler_get /blender/source/blender/blenlib/intern/threads.c:177
#3 0x2daa0fd in BLI_task_parallel_range /blender/source/blender/blenlib/intern/task.c:1192
#4 0x2e50b65 in flush_prepare /blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:118
#5 0x2e50b65 in DEG::deg_graph_flush_updates(Main*, DEG::Depsgraph*) /blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:365
#6 0x2dc7a1d in DEG_evaluate_on_refresh /blender/source/blender/depsgraph/intern/depsgraph_eval.cc:63
#7 0x2979375 in scene_graph_update_tagged /blender/source/blender/blenkernel/intern/scene.c:1325
#8 0x297942a in BKE_scene_graph_update_tagged /blender/source/blender/blenkernel/intern/scene.c:1351
#9 0x3517f9e in wm_event_do_depsgraph /blender/source/blender/windowmanager/intern/wm_event_system.c:369
#10 0x3539ef2 in wm_file_read_post /blender/source/blender/windowmanager/intern/wm_files.c:558
#11 0x353bed5 in wm_homefile_read /blender/source/blender/windowmanager/intern/wm_files.c:1062
#12 0x3557028 in WM_init /blender/source/blender/windowmanager/intern/wm_init_exit.c:295
#13 0x2484545 in main /blender/source/creator/creator.c:414
#14 0x7ff52ee86f32 in __libc_start_main (/lib64/libc.so.6+0x23f32)
SUMMARY: AddressSanitizer: heap-buffer-overflow /blender/source/blender/blenkernel/intern/particle.c:2549 in psys_thread_create_path
Shadow bytes around the buggy address:
0x0c1080021a00: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1080021a10: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080021a20: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1080021a30: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1080021a40: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
=>0x0c1080021a50: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00[fa]
0x0c1080021a60: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1080021a70: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1080021a80: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1080021a90: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1080021aa0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==27665==ABORTING