[R-pkg-devel] how to reproduce an ASAN container overflow

code M complexm at gmail.com
Tue Aug 25 12:14:44 CEST 2015 

dear all,

i am trying for three days to reproduce the container overflow in my
package,
alas i am not able to. for the full output see:
http://www.stats.ox.ac.uk/pub/bdr/memtests/clang-ASAN/lasvmR/00check.log

the error seems actually to be easy (vector::clear before std::copy), but i
want
to be sure that the cran-check does not fail again. so i'd like to
reproduce the error
first. from dirks tutorial (
http://dirk.eddelbuettel.com/code/sanitizers.html),
i would assume that if the sanitiziers package work, i'd be good,
i.e. running docker yields the following on my ubuntu 15.10 (alpha):


~$ docker run --rm -ti -v $(pwd):/mnt rocker/r-devel-san /bin/bash
root at 126d39bbe93f:/#  Rdevel -e
"install.packages('sanitizers');library(sanitizers);
print(stackAddressSanitize(42))"

--- CUT ---

stack_address.cpp:16:32: runtime error: index 142 out of bounds for type
'int [100]'
stack_address.cpp:16:33: runtime error: load of address 0x7ffde3477988 with
insufficient space for an object of type 'int'
0x7ffde3477988: note: pointer points here
 d0 61 00 00  e0 7c b4 02 d0 61 00 00  b3 8a b5 41 00 00 00 00  60 5e f2 ff
22 7f 00 00  c0 61 99 ff
              ^
[1] 45382880
>

=================================================================
==11==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 6 byte(s) in 2 object(s) allocated from:
    #0 0x7f2300e8537a in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9437a)
    #1 0x7f22fd8ba9e9 in strdup (/lib/x86_64-linux-gnu/libc.so.6+0x819e9)

SUMMARY: AddressSanitizer: 6 byte(s) leaked in 2 allocation(s).
root at 126d39bbe93f:/#


so checking my program in this docker environment with Rdevel should more
or less reproduce the cran report above. but it does not. so "Rdevel CMD
build ."
and then "Rdevel CMD check --as-cran ./lasvmR_0.1.1.tar.gz" yields no
relevant
error:


$ Rdevel CMD check --as-cran ./lasvmR_0.1.1.tar.gz
--- CUT ---
* checking for unstated dependencies in examples ... WARNING
summary.c:876:5: runtime error: null pointer passed as argument 2, which is
declared to never be null
* checking line endings in C/C++/Fortran sources/headers ... OK
* checking compiled code ... OK
 WARNING
‘qpdf’ is needed for checks on size reduction of PDFs
* checking installed files from ‘inst/doc’ ... OK
* checking files in ‘vignettes’ ... OK
* checking examples ... OK
--- CUT ---

=================================================================
==602==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 72128 byte(s) in 2 object(s) allocated from:
    #0 0x7f3836fca4e1 in __interceptor_calloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x944e1)
    #1 0x7f382a3e08d9  (/usr/lib/x86_64-linux-gnu/libcurl.so.4+0x1e8d9)
    #2 0xf98996c57a955ff  (<unknown module>)
--- CUT ---


the compile flags in 00install.out seems also ok for me (with no error or
warnings)


--- CUT ---
g++ -fsanitize=address,undefined -I/usr/local/lib/R/include -DNDEBUG
 -I/usr/local/include -I"/usr/local/lib/R/site-library/Rcpp/include"
-fpic  -pipe -Wall -pedantic -O3  -c vector.cpp -o vector.o
g++ -fsanitize=address,undefined -shared -L/usr/local/lib/R/lib
-L/usr/local/lib -o lasvmR.so RcppExports.o kcache.o kernel.o la_svm.o
la_test.o lasvm.o lasvm_wrapper.o messages.o vector.o
-L/usr/local/lib/R/lib -lR
--- CUT ---


i also tried to recompile R-devel from svn locally on my machine with
various
-fsanitize options and exchanging gcc with clang (this i could not do on
the
docker image, due to some apt-get version errors), taking the configure
switches
from dirks docker container. but whatever i do, finally i only get either
no errors
at all or i get a bunch of errors from other packages that makes R CMD stop
before getting to compiling/checking my package.

can someone tell me what i do wrong and how to get the exact same error
report
as the cran check above? i also gladly accept RTFM statements, i could not
find
anything relevant and to the point, or a page where the exact configuration
and/or compile flags for the cran-report can be found.

sorry if i missed any important information you might need to help me.

all the best,
aydin

	[[alternative HTML version deleted]]

More information about the R-package-devel mailing list