Page MenuHomePhabricator

Segfault on event click
Closed, ResolvedPublic

Description

Reproduce:

  1. Open Profiling Viewer
  2. Load log file
  3. Click on thread event

Result: segfault

==19821==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000f6c77 at pc 0x7fb1892288d0 bp 0x7ffee0888400 sp 0x7ffee0887ba8
READ of size 7 at 0x6020000f6c77 thread T0
    #0 0x7fb1892288cf in __interceptor_strlen /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:225
    #1 0x7fb188d2b87d in eina_stringshare_add lib/eina/eina_stringshare.c:613
    #2 0x7fb187ae47fb in _edje_object_part_text_raw_generic_set lib/edje/edje_util.c:1962
    #3 0x7fb187ae488d in _edje_object_part_text_raw_set lib/edje/edje_util.c:1990
    #4 0x7fb187aed41e in edje_object_part_text_escaped_set lib/edje/edje_legacy.c:877
    #5 0x7fb18766ea0a in _efl_ui_layout_text_generic_set lib/elementary/efl_ui_layout.c:1152
    #6 0x7fb188616881 in efl_text_markup_set ../src/lib/efl/interfaces/efl_text_markup.eo.c:1
    #7 0x7fb1876690c2 in _elm_label_text_set lib/elementary/elm_label.c:345
    #8 0x7fb1876690c2 in _elm_label_part_efl_text_text_set lib/elementary/elm_label.c:626
    #9 0x7fb18860dac1 in efl_text_set ../src/lib/efl/interfaces/efl_text.eo.c:1
    #10 0x7fb18766d640 in elm_layout_text_set lib/elementary/efl_ui_layout.c:2187
    #11 0x7fb188fb3e94 in label_to_table_add /home/nikawhite/repos/enlightenment/efl_profiler_viewer/src/lib/helper.c:64
    #12 0x7fb188f90f23 in _layout_inform_time_fill /home/nikawhite/repos/enlightenment/efl_profiler_viewer/src/lib/ui.c:183
    #13 0x7fb188f90f23 in _event_selected_cb /home/nikawhite/repos/enlightenment/efl_profiler_viewer/src/lib/ui.c:315
    #14 0x7fb187ad186a in edje_match_callback_exec_check_finals lib/edje/edje_match.c:556
    #15 0x7fb187ad186a in edje_match_callback_exec lib/edje/edje_match.c:711
    #16 0x7fb187ad8b71 in _edje_emit_cb lib/edje/edje_program.c:1592
    #17 0x7fb187ad8b71 in _edje_emit_handle lib/edje/edje_program.c:1544
    #18 0x7fb187ad33ae in _edje_message_queue_process lib/edje/edje_message_queue.c:893
    #19 0x7fb187ad3568 in _edje_message_queue_process lib/edje/edje_message_queue.c:859
    #20 0x7fb187ad3568 in _edje_job lib/edje/edje_message_queue.c:260
    #21 0x7fb188872a5a in _ecore_job_event_handler lib/ecore/ecore_job.c:98
    #22 0x7fb18886e2f0 in _ecore_call_handler_cb lib/ecore/ecore_private.h:331
    #23 0x7fb18886e2f0 in _ecore_event_call lib/ecore/ecore_events.c:629
    #24 0x7fb188876a77 in _ecore_main_loop_iterate_internal lib/ecore/ecore_main.c:2438
    #25 0x7fb188876e66 in ecore_main_loop_begin lib/ecore/ecore_main.c:1313
    #26 0x564c1a10f679 in elm_main /home/nikawhite/repos/enlightenment/efl_profiler_viewer/src/bin/main.c:268
    #27 0x564c1a10ed7b in main /home/nikawhite/repos/enlightenment/efl_profiler_viewer/src/bin/main.c:273
    #28 0x7fb186ef4f69 in __libc_start_main (/usr/lib/libc.so.6+0x20f69)
    #29 0x564c1a10edb9 in _start (/usr/local/bin/efl_profiling_viewer+0x1db9)

0x6020000f6c77 is located 0 bytes to the right of 7-byte region [0x6020000f6c70,0x6020000f6c77)
allocated by thread T0 here:
    #0 0x7fb1892b8ce1 in __interceptor_calloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:70
    #1 0x7fb188f8909e in log_event_offset_get /home/nikawhite/repos/enlightenment/efl_profiler_viewer/src/lib/ui.c:114

SUMMARY: AddressSanitizer: heap-buffer-overflow /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:225 in __interceptor_strlen
Shadow bytes around the buggy address:
  0x0c0480016d30: fa fa 04 fa fa fa fd fd fa fa 02 fa fa fa fd fd
  0x0c0480016d40: fa fa fd fd fa fa fd fd fa fa fd fd fa fa 00 00
  0x0c0480016d50: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
  0x0c0480016d60: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
  0x0c0480016d70: fa fa 04 fa fa fa fd fd fa fa 04 fa fa fa fd fd
=>0x0c0480016d80: fa fa fd fa fa fa fd fa fa fa 00 00 fa fa[07]fa
  0x0c0480016d90: fa fa 07 fa fa fa 00 00 fa fa fd fd fa fa fd fd
  0x0c0480016da0: fa fa fd fd fa fa 00 00 fa fa 00 00 fa fa 00 00
  0x0c0480016db0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa 04 fa
  0x0c0480016dc0: fa fa fd fa fa fa fd fd fa fa 04 fa fa fa fd fa
  0x0c0480016dd0: fa fa fd fd fa fa fd fd fa fa 04 fa fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==19821==ABORTING

Details

NikaWhite created this task.Dec 5 2017, 4:27 AM
Deepwarrior renamed this task from Segfault on event double click to Segfault on event click.Dec 5 2017, 6:08 AM
Deepwarrior updated the task description. (Show Details)
Deepwarrior claimed this task.
Deepwarrior lowered the priority of this task from Showstopper Issues to Normal.
Deepwarrior raised the priority of this task from Normal to Showstopper Issues.
NikaWhite moved this task from Review to Done on the Profiling Viewer (1.1) board.Dec 7 2017, 12:02 AM
Deepwarrior closed this task as Resolved.Dec 11 2017, 10:48 AM