Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mz_free is called for non-allocated memory in Chromium tests #99

Closed
ramosian-glider opened this issue Aug 31, 2015 · 6 comments
Closed

mz_free is called for non-allocated memory in Chromium tests #99

ramosian-glider opened this issue Aug 31, 2015 · 6 comments
Labels
OpSys-OSX Priority-Medium ProjectAddressSanitizer Status-Fixed Type-Defect

Comments

@ramosian-glider
Copy link
Member

Originally reported on Google Code with ID 99

$ out/Release/media_unittests --gtest_filter=VideoCaptureDeviceTest.OpenInvalidDevice
2>&1 | tee log | tools/valgrind/asan/asan_symbolize.py | c++filt
[ RUN      ] VideoCaptureDeviceTest.OpenInvalidDevice
==39177== ERROR: AddressSanitizer attempting free on address which was not malloc()-ed:
0x0320acd0
    #0 0x12d935a in (anonymous namespace)::mz_free(_malloc_zone_t*, void*) (in media_unittests)
+ 58
    #1 0x99b3614c in -[__CFx606449CHT hashGrow] (in CoreFoundation) + 220
    #2 0x99ae1ee9 in -[__CFx606449CHT addObject:] (in CoreFoundation) + 137
    #3 0x99ad0613 in _CFBundleCreate (in CoreFoundation) + 867
    #4 0x99b49a16 in CFPlugInCreate (in CoreFoundation) + 38
    #5 0x92a30d13 in MIO::DAL::PlugInManagement::OpenPlugInsInDirectory(__CFString
const*, char const*) (in CoreMediaIOServices) + 357
    #6 0x92a310cc in MIO::DAL::PlugInManagement::RegisterPlugIns() (in CoreMediaIOServices)
+ 484
    #7 0x92a312b8 in MIO::DAL::PlugInManagement::Initialize() (in CoreMediaIOServices)
+ 348
    #8 0x92a2baec in MIO::DAL::System::InitializeDevices() (in CoreMediaIOServices)
+ 10
    #9 0x92a2c9d0 in MIO::DAL::System::CheckOutInstance() (in CoreMediaIOServices)
+ 376
    #10 0x92a261bd in TundraObjectGetPropertyDataSize (in CoreMediaIOServices) + 137
    #11 0x9a6a3b04 in +[QTCaptureDALDevice _refreshDevices] (in QTKit) + 233
    #12 0x9a6a0f4a in +[QTCaptureDALDevice devicesWithIOType:] (in QTKit) + 54
    #13 0x9a6a5012 in +[QTCaptureDevice devicesWithIOType:] (in QTKit) + 204
    #14 0x9a6a4b03 in +[QTCaptureDevice inputDevices] (in QTKit) + 41
    #15 0x9a6a4a49 in +[QTCaptureDevice inputDevicesWithMediaType:] (in QTKit) + 35
    #16 0xeaafbd in +[VideoCaptureDeviceQTKit deviceNames] (in media_unittests) + 141
    #17 0xea82b8 in media::VideoCaptureDevice::GetDeviceNames(std::list<media::VideoCaptureDevice::Name,
std::allocator<media::VideoCaptureDevice::Name> >*) (in media_unittests) + 680
    #18 0xea8ca0 in media::VideoCaptureDeviceMac::Init() (in media_unittests) + 512
    #19 0xea8977 in media::VideoCaptureDevice::Create(media::VideoCaptureDevice::Name
const&) (in media_unittests) + 327
    #20 0x7beff9 in media::VideoCaptureDeviceTest_OpenInvalidDevice_Test::TestBody()
(in media_unittests) + 409
    #21 0xf06d03 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test,
void>(testing::Test*, void (testing::Test::*)(), char const*) (in media_unittests)
+ 499
    #22 0xee8ec1 in testing::Test::Run() (in media_unittests) + 1489
    #23 0xeeaeb0 in testing::TestInfo::Run() (in media_unittests) + 1616
    #24 0xeebde9 in testing::TestCase::Run() (in media_unittests) + 1417
    #25 0xefde87 in testing::internal::UnitTestImpl::RunAllTests() (in media_unittests)
+ 3527
    #26 0xf08963 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl,
bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(),
char const*) (in media_unittests) + 499
    #27 0xefd057 in testing::UnitTest::Run() (in media_unittests) + 311
    #28 0x88e346 in base::TestSuite::Run() (in media_unittests) + 726
    #29 0x3b30c7 in main (in media_unittests) + 167
Stats: 1M malloced (4M for red zones) by 18917 calls
Stats: 0M realloced by 242 calls
Stats: 0M freed by 14444 calls
Stats: 0M really freed by 0 calls
Stats: 36M (9220 full pages) mmaped in 9 calls
  mmaps   by size class: 8:32766; 9:8191; 10:4095; 11:2047; 12:1024; 13:512; 14:256;
15:128;
  mallocs by size class: 8:17674; 9:504; 10:600; 11:80; 12:23; 13:32; 14:2; 15:2;
  frees   by size class: 8:13417; 9:347; 10:573; 11:74; 12:9; 13:24;
  rfrees  by size class:
Stats: malloc large: 2 small slow: 49

Reported by ramosian.glider on 2012-08-10 10:37:25
@ramosian-glider
Copy link
Member Author 

$ ASAN_OPTIONS="mac_ignore_invalid_free=1" out/Release/media_unittests --gtest_filter=VideoCaptureDeviceTest.OpenInvalidDevice
2>&1 | tee log | tools/valgrind/asan/asan_symbolize.py | c++filt
[ RUN      ] VideoCaptureDeviceTest.OpenInvalidDevice
free_common(0x0320acd0) -- attempting to free unallocated memory.
AddressSanitizer is ignoring this error on Mac OS now.
malloc_zone_from_ptr(0x0320acd0) = 0x03199000, which is DefaultPurgeableMallocZone
    #0 0x12d938f in (anonymous namespace)::mz_free(_malloc_zone_t*, void*) (in media_unittests)
+ 111
    #1 0x99b3614c in -[__CFx606449CHT hashGrow] (in CoreFoundation) + 220
    #2 0x99ae1ee9 in -[__CFx606449CHT addObject:] (in CoreFoundation) + 137
    #3 0x99ad0613 in _CFBundleCreate (in CoreFoundation) + 867
    #4 0x99b49a16 in CFPlugInCreate (in CoreFoundation) + 38
    #5 0x92a30d13 in MIO::DAL::PlugInManagement::OpenPlugInsInDirectory(__CFString
const*, char const*) (in CoreMediaIOServices) + 357
    #6 0x92a310cc in MIO::DAL::PlugInManagement::RegisterPlugIns() (in CoreMediaIOServices)
+ 484
    #7 0x92a312b8 in MIO::DAL::PlugInManagement::Initialize() (in CoreMediaIOServices)
+ 348
    #8 0x92a2baec in MIO::DAL::System::InitializeDevices() (in CoreMediaIOServices)
+ 10
    #9 0x92a2c9d0 in MIO::DAL::System::CheckOutInstance() (in CoreMediaIOServices)
+ 376
    #10 0x92a261bd in TundraObjectGetPropertyDataSize (in CoreMediaIOServices) + 137
    #11 0x9a6a3b04 in +[QTCaptureDALDevice _refreshDevices] (in QTKit) + 233
    #12 0x9a6a0f4a in +[QTCaptureDALDevice devicesWithIOType:] (in QTKit) + 54
    #13 0x9a6a5012 in +[QTCaptureDevice devicesWithIOType:] (in QTKit) + 204
    #14 0x9a6a4b03 in +[QTCaptureDevice inputDevices] (in QTKit) + 41
    #15 0x9a6a4a49 in +[QTCaptureDevice inputDevicesWithMediaType:] (in QTKit) + 35
    #16 0xeaafbd in +[VideoCaptureDeviceQTKit deviceNames] (in media_unittests) + 141
    #17 0xea82b8 in media::VideoCaptureDevice::GetDeviceNames(std::list<media::VideoCaptureDevice::Name,
std::allocator<media::VideoCaptureDevice::Name> >*) (in media_unittests) + 680
    #18 0xea8ca0 in media::VideoCaptureDeviceMac::Init() (in media_unittests) + 512
    #19 0xea8977 in media::VideoCaptureDevice::Create(media::VideoCaptureDevice::Name
const&) (in media_unittests) + 327
    #20 0x7beff9 in media::VideoCaptureDeviceTest_OpenInvalidDevice_Test::TestBody()
(in media_unittests) + 409
    #21 0xf06d03 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test,
void>(testing::Test*, void (testing::Test::*)(), char const*) (in media_unittests)
+ 499
    #22 0xee8ec1 in testing::Test::Run() (in media_unittests) + 1489
    #23 0xeeaeb0 in testing::TestInfo::Run() (in media_unittests) + 1616
    #24 0xeebde9 in testing::TestCase::Run() (in media_unittests) + 1417
    #25 0xefde87 in testing::internal::UnitTestImpl::RunAllTests() (in media_unittests)
+ 3527
    #26 0xf08963 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl,
bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(),
char const*) (in media_unittests) + 499
    #27 0xefd057 in testing::UnitTest::Run() (in media_unittests) + 311
    #28 0x88e346 in base::TestSuite::Run() (in media_unittests) + 726
    #29 0x3b30c7 in main (in media_unittests) + 167
free_common(0x0320ae30) -- attempting to free unallocated memory.
AddressSanitizer is ignoring this error on Mac OS now.
malloc_zone_from_ptr(0x0320ae30) = 0x03199000, which is DefaultPurgeableMallocZone
    #0 0x12d938f in (anonymous namespace)::mz_free(_malloc_zone_t*, void*) (in media_unittests)
+ 111
    #1 0x99b3641b in -[__CFx606449CMT grow] (in CoreFoundation) + 683
    #2 0x99ae23f8 in -[__CFx606449CMT setObject:forKey:] (in CoreFoundation) + 168
    #3 0x99ad064a in _CFBundleCreate (in CoreFoundation) + 922
    #4 0x99b49a16 in CFPlugInCreate (in CoreFoundation) + 38
    #5 0x92a30d13 in MIO::DAL::PlugInManagement::OpenPlugInsInDirectory(__CFString
const*, char const*) (in CoreMediaIOServices) + 357
    #6 0x92a310cc in MIO::DAL::PlugInManagement::RegisterPlugIns() (in CoreMediaIOServices)
+ 484
    #7 0x92a312b8 in MIO::DAL::PlugInManagement::Initialize() (in CoreMediaIOServices)
+ 348
    #8 0x92a2baec in MIO::DAL::System::InitializeDevices() (in CoreMediaIOServices)
+ 10
    #9 0x92a2c9d0 in MIO::DAL::System::CheckOutInstance() (in CoreMediaIOServices)
+ 376
    #10 0x92a261bd in TundraObjectGetPropertyDataSize (in CoreMediaIOServices) + 137
    #11 0x9a6a3b04 in +[QTCaptureDALDevice _refreshDevices] (in QTKit) + 233
    #12 0x9a6a0f4a in +[QTCaptureDALDevice devicesWithIOType:] (in QTKit) + 54
    #13 0x9a6a5012 in +[QTCaptureDevice devicesWithIOType:] (in QTKit) + 204
    #14 0x9a6a4b03 in +[QTCaptureDevice inputDevices] (in QTKit) + 41
    #15 0x9a6a4a49 in +[QTCaptureDevice inputDevicesWithMediaType:] (in QTKit) + 35
    #16 0xeaafbd in +[VideoCaptureDeviceQTKit deviceNames] (in media_unittests) + 141
    #17 0xea82b8 in media::VideoCaptureDevice::GetDeviceNames(std::list<media::VideoCaptureDevice::Name,
std::allocator<media::VideoCaptureDevice::Name> >*) (in media_unittests) + 680
    #18 0xea8ca0 in media::VideoCaptureDeviceMac::Init() (in media_unittests) + 512
    #19 0xea8977 in media::VideoCaptureDevice::Create(media::VideoCaptureDevice::Name
const&) (in media_unittests) + 327
    #20 0x7beff9 in media::VideoCaptureDeviceTest_OpenInvalidDevice_Test::TestBody()
(in media_unittests) + 409
    #21 0xf06d03 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test,
void>(testing::Test*, void (testing::Test::*)(), char const*) (in media_unittests)
+ 499
    #22 0xee8ec1 in testing::Test::Run() (in media_unittests) + 1489
    #23 0xeeaeb0 in testing::TestInfo::Run() (in media_unittests) + 1616
    #24 0xeebde9 in testing::TestCase::Run() (in media_unittests) + 1417
    #25 0xefde87 in testing::internal::UnitTestImpl::RunAllTests() (in media_unittests)
+ 3527
    #26 0xf08963 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl,
bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(),
char const*) (in media_unittests) + 499
    #27 0xefd057 in testing::UnitTest::Run() (in media_unittests) + 311
    #28 0x88e346 in base::TestSuite::Run() (in media_unittests) + 726
    #29 0x3b30c7 in main (in media_unittests) + 167
free_common(0x0320ae70) -- attempting to free unallocated memory.
AddressSanitizer is ignoring this error on Mac OS now.
malloc_zone_from_ptr(0x0320ae70) = 0x03199000, which is DefaultPurgeableMallocZone
    #0 0x12d938f in (anonymous namespace)::mz_free(_malloc_zone_t*, void*) (in media_unittests)
+ 111
    #1 0x99b36433 in -[__CFx606449CMT grow] (in CoreFoundation) + 707
    #2 0x99ae23f8 in -[__CFx606449CMT setObject:forKey:] (in CoreFoundation) + 168
    #3 0x99ad064a in _CFBundleCreate (in CoreFoundation) + 922
    #4 0x99b49a16 in CFPlugInCreate (in CoreFoundation) + 38
    #5 0x92a30d13 in MIO::DAL::PlugInManagement::OpenPlugInsInDirectory(__CFString
const*, char const*) (in CoreMediaIOServices) + 357
    #6 0x92a310cc in MIO::DAL::PlugInManagement::RegisterPlugIns() (in CoreMediaIOServices)
+ 484
    #7 0x92a312b8 in MIO::DAL::PlugInManagement::Initialize() (in CoreMediaIOServices)
+ 348
    #8 0x92a2baec in MIO::DAL::System::InitializeDevices() (in CoreMediaIOServices)
+ 10
    #9 0x92a2c9d0 in MIO::DAL::System::CheckOutInstance() (in CoreMediaIOServices)
+ 376
    #10 0x92a261bd in TundraObjectGetPropertyDataSize (in CoreMediaIOServices) + 137
    #11 0x9a6a3b04 in +[QTCaptureDALDevice _refreshDevices] (in QTKit) + 233
    #12 0x9a6a0f4a in +[QTCaptureDALDevice devicesWithIOType:] (in QTKit) + 54
    #13 0x9a6a5012 in +[QTCaptureDevice devicesWithIOType:] (in QTKit) + 204
    #14 0x9a6a4b03 in +[QTCaptureDevice inputDevices] (in QTKit) + 41
    #15 0x9a6a4a49 in +[QTCaptureDevice inputDevicesWithMediaType:] (in QTKit) + 35
    #16 0xeaafbd in +[VideoCaptureDeviceQTKit deviceNames] (in media_unittests) + 141
    #17 0xea82b8 in media::VideoCaptureDevice::GetDeviceNames(std::list<media::VideoCaptureDevice::Name,
std::allocator<media::VideoCaptureDevice::Name> >*) (in media_unittests) + 680
    #18 0xea8ca0 in media::VideoCaptureDeviceMac::Init() (in media_unittests) + 512
    #19 0xea8977 in media::VideoCaptureDevice::Create(media::VideoCaptureDevice::Name
const&) (in media_unittests) + 327
    #20 0x7beff9 in media::VideoCaptureDeviceTest_OpenInvalidDevice_Test::TestBody()
(in media_unittests) + 409
    #21 0xf06d03 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test,
void>(testing::Test*, void (testing::Test::*)(), char const*) (in media_unittests)
+ 499
    #22 0xee8ec1 in testing::Test::Run() (in media_unittests) + 1489
    #23 0xeeaeb0 in testing::TestInfo::Run() (in media_unittests) + 1616
    #24 0xeebde9 in testing::TestCase::Run() (in media_unittests) + 1417
    #25 0xefde87 in testing::internal::UnitTestImpl::RunAllTests() (in media_unittests)
+ 3527
    #26 0xf08963 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl,
bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(),
char const*) (in media_unittests) + 499
    #27 0xefd057 in testing::UnitTest::Run() (in media_unittests) + 311
    #28 0x88e346 in base::TestSuite::Run() (in media_unittests) + 726
    #29 0x3b30c7 in main (in media_unittests) + 167
[39536:-1600703168:0810/143727:691277116511509:ERROR:video_capture_device_mac.mm(32)]
Could not initialize VideoCaptureDevice.
[       OK ] VideoCaptureDeviceTest.OpenInvalidDevice (277 ms)

Reported by ramosian.glider on 2012-08-10 10:38:39

@ramosian-glider
Copy link
Member Author 

Here's the output from malloc_history for the first address being freed:

$ malloc_history 47703 0x0320acd0
malloc_history Report Version:  2.0
Process:         media_unittests [47703]
Path:            /Users/glider/src/chrome-commit/src/out/Release/media_unittests
Load Address:    0x1000
Identifier:      media_unittests
Version:         ??? (???)
Code Type:       X86 (Native)
Parent Process:  bash [45289]

Date/Time:       2012-08-10 14:58:50.607 +0400
OS Version:      Mac OS X 10.6.8 (10K549)
Report Version:  7

ALLOC 0x320acd0-0x320ad0f [size=64]: thread_a0973540 |_dyld_start | dyldbootstrap::start(macho_header
const*, int, char const**, long) | dyld::_main(macho_header const*, unsigned long,
int, char const**, char const**, char const**) | dyld::initializeMainExecutable() |
ImageLoader::runInitializers(ImageLoader::LinkContext const&) | ImageLoader::recursiveInitialization(ImageLoader::LinkContext
const&, unsigned int) | ImageLoader::recursiveInitialization(ImageLoader::LinkContext
const&, unsigned int) | ImageLoader::recursiveInitialization(ImageLoader::LinkContext
const&, unsigned int) | ImageLoader::recursiveInitialization(ImageLoader::LinkContext
const&, unsigned int) | ImageLoader::recursiveInitialization(ImageLoader::LinkContext
const&, unsigned int) | ImageLoader::recursiveInitialization(ImageLoader::LinkContext
const&, unsigned int) | ImageLoaderMachO::doInitialization(ImageLoader::LinkContext
const&) | ImageLoaderMachO::doImageInit(ImageLoader::LinkContext const&) | __CFInitialize
| _CFAppVersionCheckLessThan | cacheBundleInfo | CFBundleGetMainBundle | _CFBundleGetMainBundleAlreadyLocked
| _CFBundleCreate | -[__CFx606449CHT initWithOptions:capacity:] | allocateCollectableUnscannedStorage
| _CFAllocateCollectable | malloc_zone_malloc 
----
FREE  0x320acd0-0x320ad0f [size=64]: thread_a0973540 |0x27f5 | 0x3b30c7 | 0x88e347
| 0xefd058 | 0xf08964 | 0xefde88 | 0xeebdea | 0xeeaeb1 | 0xee8ec2 | 0xf06d04 | 0x7beffa
| 0xea8978 | 0xea8ca1 | 0xea82b9 | 0xeaafbe | +[QTCaptureDevice inputDevicesWithMediaType:]
| +[QTCaptureDevice inputDevices] | +[QTCaptureDevice devicesWithIOType:] | +[QTCaptureDALDevice
devicesWithIOType:] | +[QTCaptureDALDevice _refreshDevices] | TundraObjectGetPropertyDataSize
| MIO::DAL::System::CheckOutInstance() | MIO::DAL::System::InitializeDevices() | MIO::DAL::PlugInManagement::Initialize()
| MIO::DAL::PlugInManagement::RegisterPlugIns() | MIO::DAL::PlugInManagement::OpenPlugInsInDirectory(__CFString
const*, char const*) | CFPlugInCreate | _CFBundleCreate | -[__CFx606449CHT addObject:]
| -[__CFx606449CHT hashGrow] | malloc_zone_free

Reported by ramosian.glider on 2012-08-10 11:00:45

@ramosian-glider
Copy link
Member Author 

My guess is that we're initializing ASan too late, so some memory is already allocated
via DefaultPurgeableMallocZone. I'm going to (at least temporarily) add a zone check
back to free_common().

Reported by ramosian.glider on 2012-08-10 11:13:49

@ramosian-glider
Copy link
Member Author 

A temporary fix has been landed in Clang r161661.

Reported by ramosian.glider on 2012-08-10 12:56:33

@ramosian-glider
Copy link
Member Author 

Marking as fixed.

Reported by ramosian.glider on 2012-09-17 11:16:56

  • Status changed: Fixed

@ramosian-glider
Copy link
Member Author 

Adding Project:AddressSanitizer as part of GitHub migration.

Reported by ramosian.glider on 2015-07-30 09:12:59

  • Labels added: ProjectAddressSanitizer

@UjjwalChitransh UjjwalChitransh mentioned this issue Apr 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
OpSys-OSX Priority-Medium ProjectAddressSanitizer Status-Fixed Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ramosian-glider