gnuplot / Bugs / #2327 SEGV on vg_replace

A portable, multi-platform, command-line driven graphing utility

#2327 SEGV on vg_replace_malloc.c:538

Milestone: None

Status: closed-fixed

Owner: nobody

Labels: None

Priority:

Updated: 2020-12-07

Created: 2020-09-27

Creator: liuchenyifan

Private: No

gnuplot 5.5 (last modified in 9.18) on centos linux 7.7.1908

==25921== ERROR: AddressSanitizer: SEGV on unknown address 0x7fb7051abff0 (pc 0x7fb702047c72 sp 0x7ffe5e3c0250 bp 0x7fb7051ac000 T0)
AddressSanitizer can not provide additional info.
#0 0x7fb702047c71 (/usr/lib64/libasan.so.0.0.0+0x7c71)

#1 0x7fb702055e06 (/usr/lib64/libasan.so.0.0.0+0x15e06)

#2 0x7fb700a1bb64 (/usr/lib64/libc-2.17.so+0x79b64)

#3 0x7fb700a19576 (/usr/lib64/libc-2.17.so+0x77576)

#4 0x899229 (/root/bug_finder/target_program/asan_program/gnuplot+0x899229)

#5 0x8cad2d (/root/bug_finder/target_program/asan_program/gnuplot+0x8cad2d)

#6 0x59d7df (/root/bug_finder/target_program/asan_program/gnuplot+0x59d7df)

#7 0x68cb95 (/root/bug_finder/target_program/asan_program/gnuplot+0x68cb95)

#8 0x463bc3 (/root/bug_finder/target_program/asan_program/gnuplot+0x463bc3)

#9 0x459f6c (/root/bug_finder/target_program/asan_program/gnuplot+0x459f6c)

#10 0x61b63b (/root/bug_finder/target_program/asan_program/gnuplot+0x61b63b)

#11 0x40772e (/root/bug_finder/target_program/asan_program/gnuplot+0x40772e)

#12 0x7fb7009c4554 (/usr/lib64/libc-2.17.so+0x22554)

#13 0x4084ec (/root/bug_finder/target_program/asan_program/gnuplot+0x4084ec)

==25921== ABORTING

information below from valgrind:

==28091== Invalid free() / delete / delete[] / realloc()
==28091== at 0x4C2B06D: free (vg_replace_malloc.c:538)
==28091== by 0x6180B64: _IO_file_seekoff@@GLIBC_2.2.5 (in /usr/lib64/libc-2.17.so)
==28091== by 0x617E576: fseek (in /usr/lib64/libc-2.17.so)
==28091== by 0x7DBA95: EMF_text (emf.trm:963)
==28091== by 0x7F9031: term_end_plot (term.c:551)
==28091== by 0x55E728: do_plot (graphics.c:1130)
==28091== by 0x61F74B: eval_plots (plot2d.c:3612)
==28091== by 0x44BB88: plot_command (command.c:1897)
==28091== by 0x4411AB: command (command.c:659)
==28091== by 0x4411AB: do_line (command.c:429)
==28091== by 0x5CD14B: load_file (misc.c:335)
==28091== by 0x406416: main (plot.c:636)
==28091== Address 0x4024000 is not stack'd, malloc'd or (recently) free'd
==28091==
==28091== HEAP SUMMARY:
==28091== in use at exit: 43,506 bytes in 297 blocks
==28091== total heap usage: 716 allocs, 420 frees, 400,639 bytes allocated
==28091==
==28091== LEAK SUMMARY:
==28091== definitely lost: 0 bytes in 0 blocks
==28091== indirectly lost: 0 bytes in 0 blocks
==28091== possibly lost: 0 bytes in 0 blocks
==28091== still reachable: 43,506 bytes in 297 blocks
==28091== suppressed: 0 bytes in 0 blocks
==28091== Rerun with --leak-check=full to see details of leaked memory
==28091==
==28091== For lists of detected and suppressed errors, rerun with: -s
==28091== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

1 Attachments

bug5

Discussion

Ethan Merritt - 2020-09-27

This is a really weird corner case. I can prevent the double-free but this may cause spurious error messages if someone tries to write an emf output stream to stdout.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ethan Merritt - 2020-09-27

status: open --> pending-fixed

Group: -->

Priority: -->
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ethan Merritt - 2020-12-07

Status: pending-fixed --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SEGV on vg_replace_malloc.c:538