Page MenuHome
Paste P859

T58471 ASAN
ActivePublic

Authored by Philipp Oeser (lichtwerk) on Tue, Dec 4, 1:41 PM.
=================================================================
==11156==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6070000426a0 at pc 0x7f58d1e59f0d bp 0x7fff60c724a0 sp 0x7fff60c71c48
WRITE of size 1220736 at 0x6070000426a0 thread T0
#0 0x7f58d1e59f0c (/lib64/libasan.so.5+0x40f0c)
#1 0x48db003 in rna_SmokeModifier_density_grid_get /blender/source/blender/makesrna/intern/rna_smoke.c:252
#2 0x48de96c in SmokeDomainSettings_density_grid_get /build_28_ASAN/source/blender/makesrna/intern/rna_smoke_gen.c:456
#3 0x5514020 in ccl::BlenderSession::builtin_image_float_pixels(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool) /blender/intern/cycles/blender/blender_session.cpp:1297
#4 0x552c7e1 in bool std::__invoke_impl<bool, bool (ccl::BlenderSession::*&)(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool), ccl::BlenderSession*&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool>(std::__invoke_memfun_deref, bool (ccl::BlenderSession::*&)(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool), ccl::BlenderSession*&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*&&, float*&&, unsigned long&&, bool&&) /usr/include/c++/8/bits/invoke.h:73
#5 0x552b220 in std::__invoke_result<bool (ccl::BlenderSession::*&)(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool), ccl::BlenderSession*&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool>::type std::__invoke<bool (ccl::BlenderSession::*&)(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool), ccl::BlenderSession*&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool>(bool (ccl::BlenderSession::*&)(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool), ccl::BlenderSession*&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*&&, float*&&, unsigned long&&, bool&&) /usr/include/c++/8/bits/invoke.h:95
#6 0x5529518 in bool std::_Bind<bool (ccl::BlenderSession::*(ccl::BlenderSession*, std::_Placeholder<1>, std::_Placeholder<2>, std::_Placeholder<3>, std::_Placeholder<4>, std::_Placeholder<5>))(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool)>::__call<bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*&&, float*&&, unsigned long&&, bool&&, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*&&, float*&&, unsigned long&&, bool&&>&&, std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) /usr/include/c++/8/functional:400
#7 0x5526c2a in bool std::_Bind<bool (ccl::BlenderSession::*(ccl::BlenderSession*, std::_Placeholder<1>, std::_Placeholder<2>, std::_Placeholder<3>, std::_Placeholder<4>, std::_Placeholder<5>))(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool)>::operator()<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool, bool>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*&&, float*&&, unsigned long&&, bool&&) /usr/include/c++/8/functional:484
#8 0x5522b73 in std::_Function_handler<bool (std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool), std::_Bind<bool (ccl::BlenderSession::*(ccl::BlenderSession*, std::_Placeholder<1>, std::_Placeholder<2>, std::_Placeholder<3>, std::_Placeholder<4>, std::_Placeholder<5>))(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool)> >::_M_invoke(std::_Any_data const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*&&, float*&&, unsigned long&&, bool&&) /usr/include/c++/8/bits/std_function.h:282
#9 0x58b7a96 in std::function<bool (std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool)>::operator()(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void*, float*, unsigned long, bool) const /usr/include/c++/8/bits/std_function.h:687
#10 0x58a747e in bool ccl::ImageManager::file_load_image<(OpenImageIO_v1_8::TypeDesc::BASETYPE)11, float, float>(ccl::ImageManager::Image*, ccl::ImageDataType, int, ccl::device_vector<float>&) /blender/intern/cycles/render/image.cpp:582
#11 0x589c69e in ccl::ImageManager::device_load_image(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*) /blender/intern/cycles/render/image.cpp:780
#12 0x58c7676 in void std::__invoke_impl<void, void (ccl::ImageManager::*&)(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*), ccl::ImageManager*&, ccl::Device*&, ccl::Scene*&, ccl::ImageDataType&, unsigned long&, ccl::Progress*&>(std::__invoke_memfun_deref, void (ccl::ImageManager::*&)(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*), ccl::ImageManager*&, ccl::Device*&, ccl::Scene*&, ccl::ImageDataType&, unsigned long&, ccl::Progress*&) /usr/include/c++/8/bits/invoke.h:73
#13 0x58c5ae2 in std::__invoke_result<void (ccl::ImageManager::*&)(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*), ccl::ImageManager*&, ccl::Device*&, ccl::Scene*&, ccl::ImageDataType&, unsigned long&, ccl::Progress*&>::type std::__invoke<void (ccl::ImageManager::*&)(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*), ccl::ImageManager*&, ccl::Device*&, ccl::Scene*&, ccl::ImageDataType&, unsigned long&, ccl::Progress*&>(void (ccl::ImageManager::*&)(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*), ccl::ImageManager*&, ccl::Device*&, ccl::Scene*&, ccl::ImageDataType&, unsigned long&, ccl::Progress*&) /usr/include/c++/8/bits/invoke.h:95
#14 0x58c282c in void std::_Bind<void (ccl::ImageManager::*(ccl::ImageManager*, ccl::Device*, ccl::Scene*, ccl::ImageDataType, unsigned long, ccl::Progress*))(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*)>::__call<void, int&&, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(std::tuple<int&&>&&, std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) /usr/include/c++/8/functional:400
#15 0x58bde23 in void std::_Bind<void (ccl::ImageManager::*(ccl::ImageManager*, ccl::Device*, ccl::Scene*, ccl::ImageDataType, unsigned long, ccl::Progress*))(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*)>::operator()<int, void>(int&&) /usr/include/c++/8/functional:484
#16 0x58babd2 in std::_Function_handler<void (int), std::_Bind<void (ccl::ImageManager::*(ccl::ImageManager*, ccl::Device*, ccl::Scene*, ccl::ImageDataType, unsigned long, ccl::Progress*))(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*)> >::_M_invoke(std::_Any_data const&, int&&) /usr/include/c++/8/bits/std_function.h:297
#17 0xde8038b in std::function<void (int)>::operator()(int) const /usr/include/c++/8/bits/std_function.h:687
#18 0xde7bdc9 in ccl::TaskPool::wait_work(ccl::TaskPool::Summary*) /blender/intern/cycles/util/util_task.cpp:94
#19 0x58a002c in ccl::ImageManager::device_load_builtin(ccl::Device*, ccl::Scene*, ccl::Progress&) /blender/intern/cycles/render/image.cpp:1056
#20 0x551471f in ccl::BlenderSession::builtin_images_load() /blender/intern/cycles/blender/blender_session.cpp:1374
#21 0x550e834 in ccl::BlenderSession::synchronize(BL::Depsgraph&) /blender/intern/cycles/blender/blender_session.cpp:845
#22 0x54f97f9 in sync_func /blender/intern/cycles/blender/blender_python.cpp:384
#23 0x7f58d1857956 in _PyMethodDef_RawFastCallKeywords (/lib64/libpython3.7m.so.1.0+0x15d956)
#24 0x7f58d1857bef in _PyCFunction_FastCallKeywords (/lib64/libpython3.7m.so.1.0+0x15dbef)
#25 0x7f58d18ccc5f in _PyEval_EvalFrameDefault (/lib64/libpython3.7m.so.1.0+0x1d2c5f)
#26 0x7f58d18571c9 in _PyFunction_FastCallKeywords (/lib64/libpython3.7m.so.1.0+0x15d1c9)
#27 0x7f58d18cc51d in _PyEval_EvalFrameDefault (/lib64/libpython3.7m.so.1.0+0x1d251d)
#28 0x7f58d1811129 in _PyFunction_FastCallDict (/lib64/libpython3.7m.so.1.0+0x117129)
#29 0x2cc062f in bpy_class_call /blender/source/blender/python/intern/bpy_rna.c:7940
#30 0x48394fe in engine_view_update /blender/source/blender/makesrna/intern/rna_render.c:228
#31 0x29a4869 in ED_render_scene_update /blender/source/blender/editors/render/render_update.c:138
#32 0x4bfb180 in DEG::deg_editors_scene_update(DEGEditorUpdateContext const*, bool) /blender/source/blender/depsgraph/intern/depsgraph.cc:557
#33 0x4c198cb in DEG_ids_check_recalc /blender/source/blender/depsgraph/intern/depsgraph_tag.cc:711
#34 0x425dddd in BKE_scene_graph_update_for_newframe /blender/source/blender/blenkernel/intern/scene.c:1488
#35 0x29deafc in ED_update_for_newframe /blender/source/blender/editors/screen/screen_edit.c:1419
#36 0x29fca4d in screen_animation_step /blender/source/blender/editors/screen/screen_ops.c:4017
#37 0x1ab842d in wm_operator_invoke /blender/source/blender/windowmanager/intern/wm_event_system.c:1327
#38 0x1abc620 in wm_handler_operator_call /blender/source/blender/windowmanager/intern/wm_event_system.c:2045
#39 0x1abe1cb in wm_handlers_do_intern /blender/source/blender/windowmanager/intern/wm_event_system.c:2347
#40 0x1abfcad in wm_handlers_do /blender/source/blender/windowmanager/intern/wm_event_system.c:2607
#41 0x1ac33a2 in wm_event_do_handlers /blender/source/blender/windowmanager/intern/wm_event_system.c:3117
#42 0x1aa8063 in WM_main /blender/source/blender/windowmanager/intern/wm.c:427
#43 0x1a9d821 in main /blender/source/creator/creator.c:521
#44 0x7f58ce9a0412 in __libc_start_main (/lib64/libc.so.6+0x24412)
#45 0x1a9cc5d in _start (/build_28_ASAN/bin/blender+0x1a9cc5d)
0x6070000426a0 is located 0 bytes to the right of 64-byte region [0x607000042660,0x6070000426a0)
allocated by thread T0 here:
#0 0x7f58d1f09050 in memalign (/lib64/libasan.so.5+0xf0050)
#1 0x50a2818 in aligned_malloc /blender/intern/guardedalloc/intern/mallocn.c:98
#2 0x50a71da in MEM_lockfree_mallocN_aligned /blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:374
#3 0xde4c97f in ccl::util_aligned_malloc(unsigned long, int) /blender/intern/cycles/util/util_aligned_malloc.cpp:46
#4 0x56e9a77 in ccl::device_memory::host_alloc(unsigned long) /blender/intern/cycles/device/device_memory.cpp:53
#5 0x57b515b in ccl::device_vector<float>::alloc(unsigned long, unsigned long, unsigned long) /blender/intern/cycles/render/../device/device_memory.h:335
#6 0x58a6af8 in bool ccl::ImageManager::file_load_image<(OpenImageIO_v1_8::TypeDesc::BASETYPE)11, float, float>(ccl::ImageManager::Image*, ccl::ImageDataType, int, ccl::device_vector<float>&) /blender/intern/cycles/render/image.cpp:540
#7 0x589c69e in ccl::ImageManager::device_load_image(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*) /blender/intern/cycles/render/image.cpp:780
#8 0x58c7676 in void std::__invoke_impl<void, void (ccl::ImageManager::*&)(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*), ccl::ImageManager*&, ccl::Device*&, ccl::Scene*&, ccl::ImageDataType&, unsigned long&, ccl::Progress*&>(std::__invoke_memfun_deref, void (ccl::ImageManager::*&)(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*), ccl::ImageManager*&, ccl::Device*&, ccl::Scene*&, ccl::ImageDataType&, unsigned long&, ccl::Progress*&) /usr/include/c++/8/bits/invoke.h:73
#9 0x58c5ae2 in std::__invoke_result<void (ccl::ImageManager::*&)(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*), ccl::ImageManager*&, ccl::Device*&, ccl::Scene*&, ccl::ImageDataType&, unsigned long&, ccl::Progress*&>::type std::__invoke<void (ccl::ImageManager::*&)(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*), ccl::ImageManager*&, ccl::Device*&, ccl::Scene*&, ccl::ImageDataType&, unsigned long&, ccl::Progress*&>(void (ccl::ImageManager::*&)(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*), ccl::ImageManager*&, ccl::Device*&, ccl::Scene*&, ccl::ImageDataType&, unsigned long&, ccl::Progress*&) /usr/include/c++/8/bits/invoke.h:95
#10 0x58c282c in void std::_Bind<void (ccl::ImageManager::*(ccl::ImageManager*, ccl::Device*, ccl::Scene*, ccl::ImageDataType, unsigned long, ccl::Progress*))(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*)>::__call<void, int&&, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(std::tuple<int&&>&&, std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) /usr/include/c++/8/functional:400
#11 0x58bde23 in void std::_Bind<void (ccl::ImageManager::*(ccl::ImageManager*, ccl::Device*, ccl::Scene*, ccl::ImageDataType, unsigned long, ccl::Progress*))(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*)>::operator()<int, void>(int&&) /usr/include/c++/8/functional:484
#12 0x58babd2 in std::_Function_handler<void (int), std::_Bind<void (ccl::ImageManager::*(ccl::ImageManager*, ccl::Device*, ccl::Scene*, ccl::ImageDataType, unsigned long, ccl::Progress*))(ccl::Device*, ccl::Scene*, ccl::ImageDataType, int, ccl::Progress*)> >::_M_invoke(std::_Any_data const&, int&&) /usr/include/c++/8/bits/std_function.h:297
#13 0xde8038b in std::function<void (int)>::operator()(int) const /usr/include/c++/8/bits/std_function.h:687
#14 0xde7bdc9 in ccl::TaskPool::wait_work(ccl::TaskPool::Summary*) /blender/intern/cycles/util/util_task.cpp:94
#15 0x58a002c in ccl::ImageManager::device_load_builtin(ccl::Device*, ccl::Scene*, ccl::Progress&) /blender/intern/cycles/render/image.cpp:1056
#16 0x551471f in ccl::BlenderSession::builtin_images_load() /blender/intern/cycles/blender/blender_session.cpp:1374
#17 0x550e834 in ccl::BlenderSession::synchronize(BL::Depsgraph&) /blender/intern/cycles/blender/blender_session.cpp:845
#18 0x54f97f9 in sync_func /blender/intern/cycles/blender/blender_python.cpp:384
#19 0x7f58d1857956 in _PyMethodDef_RawFastCallKeywords (/lib64/libpython3.7m.so.1.0+0x15d956)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.5+0x40f0c)
Shadow bytes around the buggy address:
0x0c0e80000480: 00 00 fa fa fa fa 00 00 00 00 00 00 00 00 00 00
0x0c0e80000490: fa fa fa fa 00 00 00 00 00 00 00 00 04 fa fa fa
0x0c0e800004a0: fa fa 00 00 00 00 00 00 00 00 04 fa fa fa fa fa
0x0c0e800004b0: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 00 00
0x0c0e800004c0: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
=>0x0c0e800004d0: 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa
0x0c0e800004e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e800004f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e80000500: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa
0x0c0e80000510: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
0x0c0e80000520: 00 00 00 00 00 00 00 00 00 04 fa fa fa fa 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11156==ABORTING