Closed
Bug 1367148
Opened 7 years ago
Closed 7 years ago
ASAN errors in libmozsqlite3
Categories
(Toolkit :: Storage, defect)
Toolkit
Storage
Tracking
()
RESOLVED
INVALID
People
(Reporter: mliska, Unassigned)
References
()
Details
Attachments
(1 file)
58.05 KB,
text/plain
|
Details |
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Steps to reproduce: Running GCC 7 with -fsanitize=address one can see couple of use-after-scope errors.
Updated•7 years ago
|
Attachment #8870488 -
Attachment mime type: text/x-log → text/plain
Comment 1•7 years ago
|
||
these are usually just false reports. Let's see what Richard thinks.
Flags: needinfo?(drh)
Comment 2•7 years ago
|
||
This is not something we've seen before. Investigating....
Flags: needinfo?(drh)
Comment 3•7 years ago
|
||
The available evidence suggests this is an issue with -fsanitize=address in GCC-7. See http://sqlite.1065341.n5.nabble.com/gnu-gcc-address-sanitizer-finds-stack-use-after-scope-in-sqlite3VdbeExec-td95428.html for a previous report of the same warning and speculation as to the cause. Note that we do run full-coverage tests using valgrind and -fsanitize=undefined, neither of which generate any warnings. That doesn't prove anything, but it is additional evidence that the problem is with GCC-7 and not SQLite. Next step: Install GCC-7 and see if we can repro the problem....
Reporter | ||
Comment 4•7 years ago
|
||
Hello, thanks for investigation. Note that I'm the author of use-after-scope sanitization in GCC 7. So if you have a reduced test-case, I'll be happy to fix it in GCC. Thanks.
Comment 5•7 years ago
|
||
Martin, I don't (yet) have a reduced test case, but I can reproduce the problem simply as follows: (1) Download the source files "shell.c", "sqlite3.c", and "sqlite3.h" from https://www.sqlite.org/2017/sqlite-autoconf-3190100.tar.gz (2) Run: "gcc-7 -g -fsanitize=address sqlite3.c shell.c -ldl -lpthread" (3) Run: ./a.out :memory: '.selftest --init' The use-after-scope error is reported on https://www.sqlite.org/src/artifact/70f1c27d3de?ln=4223 which is the initialization of a variable declared at https://www.sqlite.org/src/artifact/70f1c27d3de?ln=4201 The OP_NotExists opcode is being run. Notice how it enters the block after the point where the variable is declared. There is some speculation that this might be the origin of the warning. Can you confirm? Oddly, the error occurs on the 3rd invocation of the OP_NotExists opcode (according to gdb). It is unclear why this statement should fail the 3rd time through but work on the first two. Any insights you can offer are greatly appreciated.
Reporter | ||
Comment 6•7 years ago
|
||
Thanks, I can confirm that it's bug in GCC.
Updated•7 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 7•7 years ago
|
||
Upstream bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80879
Updated•7 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•