Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ASAN][heap-buffer-overflow] DataFormats/Common/interface/DataFrameContainer.h:181 #11982

Closed
davidlt opened this issue Oct 20, 2015 · 10 comments
Closed

[ASAN][heap-buffer-overflow] DataFormats/Common/interface/DataFrameContainer.h:181 #11982

davidlt opened this issue Oct 20, 2015 · 10 comments

Comments

@davidlt
Copy link
Contributor

davidlt commented Oct 20, 2015

slc6_amd64_gcc493 and CMSSW_7_6_X_2015-10-19-1100

Originally the report pointed to pluginHLTriggerspecial.so (HLTrigger/special) HLTRechitsToDigis::produce(edm::Event&, edm::EventSetup const&)

Recompiled with -O0 -g3 and got DataFormats/Common/interface/DataFrameContainer.h:181

==23964==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x629002d8687c at pc 0x7f78459e10f7 bp 0x7fff90d0ede0 sp 0x7fff90d0edc0
READ of size 4 at 0x629002d8687c thread T0
   #0 0x7f78459e10f6 in edm::DataFrameContainer::id(unsigned long) const /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/src/DataFormats/Common/interface/DataFrameContainer.h:181
   #1 0x7f78459e1120 in edm::DataFrame::set(edm::DataFrameContainer const&, unsigned int) /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/src/DataFormats/Common/interface/DataFrameContainer.h:210
   #2 0x7f78459e0b2c in edm::DataFrameContainer::IterHelp::operator()(int) const /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/src/DataFormats/Common/interface/DataFrameContainer.h:45
   #3 0x7f78459e90f1 in boost::iterators::transform_iterator<edm::DataFrameContainer::IterHelp, boost::iterators::counting_iterator<int, boost::iterators::use_default, boost::iterators::use_default>, boost::iterators::use_default, boost::iterators::use_default>::dereference() const /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/external/boost/1.57.0-kpegke/include/boost/iterator/transform_iterator.hpp:122
   #4 0x7f78459e6d59 in boost::iterators::transform_iterator<edm::DataFrameContainer::IterHelp, boost::iterators::counting_iterator<int, boost::iterators::use_default, boost::iterators::use_default>, boost::iterators::use_default, boost::iterators::use_default>::reference boost::iterators::iterator_core_access::dereference<boost::iterators::transform_iterator<edm::DataFrameContainer::IterHelp, boost::iterators::counting_iterator<int, boost::iterators::use_default, boost::iterators::use_default>, boost::iterators::use_default, boost::iterators::use_default> >(boost::iterators::transform_iterator<edm::DataFrameContainer::IterHelp, boost::iterators::counting_iterator<int, boost::iterators::use_default, boost::iterators::use_default>, boost::iterators::use_default, boost::iterators::use_default> const&) /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/external/boost/1.57.0-kpegke/include/boost/iterator/iterator_facade.hpp:540
   #5 0x7f78459e355f in boost::iterators::detail::iterator_facade_base<boost::iterators::transform_iterator<edm::DataFrameContainer::IterHelp, boost::iterators::counting_iterator<int, boost::iterators::use_default, boost::iterators::use_default>, boost::iterators::use_default, boost::iterators::use_default>, edm::DataFrame const, boost::iterators::random_access_traversal_tag, edm::DataFrame const&, long, false, false>::operator*() const /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/external/boost/1.57.0-kpegke/include/boost/iterator/iterator_facade.hpp:646
   #6 0x7f7845a90a0a in HLTRechitsToDigis::produce(edm::Event&, edm::EventSetup const&) /mnt/build/davidlt/asan2/CMSSW_7_6_ASAN_X_2015-10-19-1100/src/HLTrigger/special/src/HLTRechitsToDigis.cc:144
   #7 0x7f7877af9ea0 in edm::stream::EDProducerAdaptorBase::doEvent(edm::EventPrincipal&, edm::EventSetup const&, edm::ActivityRegistry*, edm::ModuleCallingContext const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x3afea0)
   #8 0x7f7877ad4dfd in edm::WorkerT<edm::stream::EDProducerAdaptorBase>::implDo(edm::EventPrincipal&, edm::EventSetup const&, edm::ModuleCallingContext const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x38adfd)
   #9 0x7f78778d1d2b in decltype ({parm#1}()) edm::convertException::wrap<bool edm::Worker::doWork<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}>(bool edm::Worker::doWork<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x187d2b)
   #10 0x7f78778d249b in bool edm::Worker::doWork<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x18849b)
   #11 0x7f78778e1067 in decltype ({parm#1}()) edm::convertException::wrap<void edm::Path::processOneOccurrence<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}>(void edm::Path::processOneOccurrence<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x197067)
   #12 0x7f78778e16d0 in void edm::Path::processOneOccurrence<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1976d0)
   #13 0x7f78778e1f5b in void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool)::{lambda()#1}::operator()() const (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x197f5b)
   #14 0x7f78778e26f1 in decltype ({parm#1}()) edm::convertException::wrap<void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool)::{lambda()#1}>(void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool)::{lambda()#1}) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1986f1)
   #15 0x7f78778e2d34 in void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x198d34)
   #16 0x7f78778c63f7 in edm::EventProcessor::processEvent(unsigned int) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x17c3f7)
   #17 0x7f78778c76b2 in edm::EventProcessor::processEventsForStreamAsync(unsigned int, std::atomic<bool>*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x17d6b2)
   #18 0x7f78778ed0c6 in edm::StreamProcessingTask::execute() (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1a30c6)
   #19 0x7f7875730beb in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) ../../src/tbb/custom_scheduler.h:474
   #20 0x7f78778c7236 in edm::EventProcessor::readAndProcessEvent() (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x17d236)
   #21 0x7f787786658d in statemachine::HandleEvent::readAndProcessEvent() (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x11c58d)
   #22 0x7f787786c71f in statemachine::HandleEvent::HandleEvent(boost::statechart::state<statemachine::HandleEvent, statemachine::HandleLumis, boost::mpl::list<mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, (boost::statechart::history_mode)0>::my_context) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x12271f)
   #23 0x7f7877887c9d in boost::statechart::state<statemachine::HandleEvent, statemachine::HandleLumis, boost::mpl::list<mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, (boost::statechart::history_mode)0>::deep_construct(boost::intrusive_ptr<statemachine::HandleLumis> const&, boost::statechart::state_machine<statemachine::Machine, statemachine::Starting, std::allocator<void>, boost::statechart::null_exception_translator>&) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x13dc9d)
   #24 0x7f7877888330 in boost::statechart::simple_state<statemachine::FirstLumi, statemachine::HandleLumis, boost::mpl::list<mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, (boost::statechart::history_mode)0>::react_impl(boost::statechart::event_base const&, void const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x13e330)
   #25 0x7f78778b19a0 in edm::EventProcessor::runToCompletion() (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1679a0)
   #26 0x4a97c7 in main::{lambda()#1}::operator()() const (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/bin/slc6_amd64_gcc493/cmsRun+0x4a97c7)
   #27 0x41f2ca in main (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/bin/slc6_amd64_gcc493/cmsRun+0x41f2ca)
   #28 0x7f7874522d5c in __libc_start_main (/lib64/libc.so.6+0x1ed5c)
   #29 0x41f7f4 (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/bin/slc6_amd64_gcc493/cmsRun+0x41f7f4)

0x629002d8687c is located 0 bytes to the right of 18044-byte region [0x629002d82200,0x629002d8687c)
allocated by thread T0 here:
   #0 0x474635 in operator new(unsigned long) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/bin/slc6_amd64_gcc493/cmsRun+0x474635)
   #1 0x7f7877c7e943 in edm::DataFrameContainer::sort() (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libDataFormatsCommon.so+0x52943)
   #2 0x7f78443ec831 in EcalRawToDigi::produce(edm::Event&, edm::EventSetup const&) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/pluginEventFilterEcalRawToDigiPlugins.so+0x54831)
   #3 0x7f7877af9ea0 in edm::stream::EDProducerAdaptorBase::doEvent(edm::EventPrincipal&, edm::EventSetup const&, edm::ActivityRegistry*, edm::ModuleCallingContext const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x3afea0)
   #4 0x7f7877ad4dfd in edm::WorkerT<edm::stream::EDProducerAdaptorBase>::implDo(edm::EventPrincipal&, edm::EventSetup const&, edm::ModuleCallingContext const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x38adfd)
   #5 0x7f78778d1d2b in decltype ({parm#1}()) edm::convertException::wrap<bool edm::Worker::doWork<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}>(bool edm::Worker::doWork<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x187d2b)
   #6 0x7f78778d249b in bool edm::Worker::doWork<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x18849b)
   #7 0x7f78778e1067 in decltype ({parm#1}()) edm::convertException::wrap<void edm::Path::processOneOccurrence<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}>(void edm::Path::processOneOccurrence<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x197067)
   #8 0x7f78778e16d0 in void edm::Path::processOneOccurrence<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1976d0)
   #9 0x7f78778e1f5b in void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool)::{lambda()#1}::operator()() const (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x197f5b)
   #10 0x7f78778e26f1 in decltype ({parm#1}()) edm::convertException::wrap<void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool)::{lambda()#1}>(void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool)::{lambda()#1}) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1986f1)
   #11 0x7f78778e2d34 in void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x198d34)
   #12 0x7f78778c63f7 in edm::EventProcessor::processEvent(unsigned int) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x17c3f7)
   #13 0x7f78778c76b2 in edm::EventProcessor::processEventsForStreamAsync(unsigned int, std::atomic<bool>*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x17d6b2)
   #14 0x7f78778ed0c6 in edm::StreamProcessingTask::execute() (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1a30c6)
   #15 0x7f7875730beb in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) ../../src/tbb/custom_scheduler.h:474

SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/src/DataFormats/Common/interface/DataFrameContainer.h:181 edm::DataFrameContainer::id(unsigned long) const
Shadow bytes around the buggy address:
 0x0c52805a8cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x0c52805a8cc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x0c52805a8cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x0c52805a8ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x0c52805a8cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c52805a8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[04]
 0x0c52805a8d10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 0x0c52805a8d20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 0x0c52805a8d30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 0x0c52805a8d40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 0x0c52805a8d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
 Addressable:           00
 Partially addressable: 01 02 03 04 05 06 07 
 Heap left redzone:       fa
 Heap right redzone:      fb
 Freed heap region:       fd
 Stack left redzone:      f1
 Stack mid redzone:       f2
 Stack right redzone:     f3
 Stack partial redzone:   f4
 Stack after return:      f5
 Stack use after scope:   f8
 Global redzone:          f9
 Global init order:       f6
 Poisoned by user:        f7
 Contiguous container OOB:fc
 ASan internal:           fe
==23964==ABORTING

Assert

cmsRun: /mnt/build/davidlt/CMSSW_7_6_X_2015-10-19-2300/src/DataFormats/Common/interface/DataFrameContainer.h:185: edm::DataFrameContainer::id_type edm::DataFrameContainer::id(size_t) const: Assertion `cell < m_ids.size()' failed.

Assert patch

diff --git a/DataFormats/Common/interface/DataFrameContainer.h b/DataFormats/Common/interface/DataFrameContainer.h
index 0197c94..eb7858a 100644
--- a/DataFormats/Common/interface/DataFrameContainer.h
+++ b/DataFormats/Common/interface/DataFrameContainer.h
@@ -8,6 +8,7 @@

 #include<vector>
 #include<algorithm>
+#include <cassert>

 class TestDataFrame;

@@ -181,6 +182,7 @@ namespace edm {
     }

     id_type id(size_t cell) const {
+      assert(cell < m_ids.size());
       return m_ids[cell];
     }

Basically you also need to recompile HLTrigger/special because it use this header.

Fails on 134.805, step2, 78th event.
@davidlt
Copy link
Contributor Author

davidlt commented Oct 20, 2015

@Dr15Jones @Martin-Grunewald @perrotta @fwyzard

@wmtan
Copy link
Contributor

wmtan commented Oct 20, 2015

@davidlt @Dr15Jones I will see if I can reproduce this.

@wmtan
Copy link
Contributor

wmtan commented Oct 20, 2015

@davidlt @Dr15Jones The problem is reproducible. It did indeed fail on event 78. Debugging starts tomorrow.

@wmtan
Copy link
Contributor

wmtan commented Oct 21, 2015

@davidlt @Martin-Grunewald @perrotta @fwyzard @Dr15Jones

The problem is in HLTrigger/special/src/HLTRechitsToDigis.cc.
In at least two places it dereferences the result of a find() without checking if the find() returns end().

outputEBDigiCollection->push_back( (_digisEB->find(hit.id())).id(), (_digisEB->find(hit.id())).begin() );

outputEEDigiCollection->push_back( (_digisEE->find(hit.id())).id(), (_digisEE->find(hit.id())).begin() );

It is up to HLT to decide what to do if find() returns end().

@davidlt
Copy link
Contributor Author

davidlt commented Oct 21, 2015

This seems to be a common issue (where something returns end() and code never checks for that).

@davidlt
Copy link
Contributor Author

davidlt commented Oct 21, 2015

The only issue could be that vector (or different container) might not be exposed (e.g. it's private). In that case you cannot verify that integrator is end().

In this particular case, is it possible to check that find() returned end()?

@wmtan
Copy link
Contributor

wmtan commented Oct 21, 2015

Yes. It is easy. It works.
if(digisEB->find(hit.id()) == digisEB->end()) {
....
}

@Martin-Grunewald
Copy link
Contributor

I contacted the author of the HLTRechitsToDigis.cc code, Joshua Hardenbrook [email protected] @hardenbr

@Martin-Grunewald
Copy link
Contributor

Joshua submitted PRs to fix: #12037 #12038

This was referenced Oct 24, 2015
Merged
Merged
@davidlt
Copy link
Contributor Author

davidlt commented Oct 27, 2015

I think, this one is closed by #12041 . Closing.

@davidlt davidlt closed this as completed Oct 27, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@davidlt @wmtan @Martin-Grunewald