Freeing a bogus address in IVERAS
Setup
Compiler (only modifications are sanitizer flags and no compilation for cuda backend)
sac2c 1.3.3-MijasCosta-1085-gd975-dirty
build-type: DEBUG
built-by: "thomas" at 2023-10-20T12:28:17
The problem occurs in compiling src/structures/String.sac
from the Stdlib for the sequential backend.
Error
In function FREEattribExtLink
, we read (NODE_TYPE (attr) == N_fundef)
. Here attr
is not aligned to an 8-byte boundary, causing ubsan to complain.
Some investigation into the problem
This address is in the memory segment corresponding to global variables, not the segment corresponding to glibc's malloc. It is the address between strings TRAVERSE ERROR: node of type %d:%s found where %d:%s was expected!\n\n
and "/home/thomas/repos/sac2c/src/libsac2c/tree/pattern_match.c"
This attribute comes from SET_MEMBER( arg_node)= FREEattribExtLink(SET_MEMBER( arg_node), arg_node);
in FREEset
. The arg_node
first makes its appearance in FindIVOffset
as the result of PMmultiExprs (2, shapeexpr, WITHOFFSET_SHAPEEXPR (oinfo)))
. Here WITHOFFSET_SHAPEEXPR (oinfo)
is NULL. What PMmultiExprs
does is create a stack = NULL
, then pushes shapeexpr
on that stack, and then WITHOFFSET_SHAPEEXPR (oinfo) = NULL
. That does not seem correct.