[ASAN_X] Heap buffer overflow in testPixelPayloadInspector unit test

[iarspider]

ASAN reports a heap-buffer-overflow error:

=================================================================
==30528==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200016bc00 at pc 0x2b8dd8b9955e bp 0x7ffd0ba920e0 sp 0x7ffd0ba91890
READ of size 24 at 0x60200016bc00 thread T0
    #0 0x2b8dd8b9955d in __interceptor_memmove ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:810
    #1 0x2b8de5de2b38 in TF1::SetParameters(double const*) (/cvmfs/cms-ib.cern.ch/sw/x86_64/nweek-02774/el8_amd64_gcc11/cms/cmssw/CMSSW_13_1_ASAN_X_2023-03-01-2300/external/el8_amd64_gcc11/lib/libHist.so+0x1a9b38)
    #2 0x567964 in (anonymous namespace)::SiPixelDynamicInefficiencyPUParametrization::fill() [clone .lto_priv.0] (/cvmfs/cms-ib.cern.ch/sw/x86_64/nweek-02774/el8_amd64_gcc11/cms/cmssw/CMSSW_13_1_ASAN_X_2023-03-01-2300/test/el8_amd64_gcc11/testPixelPayloadInspector+0x567964)
    #3 0x4c7c97 in cond::payloadInspector::PlotImpl<(cond::payloadInspector::IOVMultiplicity)2, 0>::processData[abi:cxx11]() (/cvmfs/cms-ib.cern.ch/sw/x86_64/nweek-02774/el8_amd64_gcc11/cms/cmssw/CMSSW_13_1_ASAN_X_2023-03-01-2300/test/el8_amd64_gcc11/testPixelPayloadInspector+0x4c7c97)
    #4 0x2b8dd9c5e0a5 in cond::payloadInspector::PlotBase::exec_process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, unsigned long long, unsigned long long>, std::allocator<std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, unsigned long long, unsigned long long> > > const&) (/cvmfs/cms-ib.cern.ch/sw/x86_64/nweek-02774/el8_amd64_gcc11/cms/cmssw/CMSSW_13_1_ASAN_X_2023-03-01-2300/lib/el8_amd64_gcc11/libCondCoreUtilities.so+0x72d0a5)
    #5 0x2b8dd9c5f634 in cond::payloadInspector::PlotBase::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, pybind11::list const&) (/cvmfs/cms-ib.cern.ch/sw/x86_64/nweek-02774/el8_amd64_gcc11/cms/cmssw/CMSSW_13_1_ASAN_X_2023-03-01-2300/lib/el8_amd64_gcc11/libCondCoreUtilities.so+0x72e634)
    #6 0x4a1fe6 in main (/cvmfs/cms-ib.cern.ch/sw/x86_64/nweek-02774/el8_amd64_gcc11/cms/cmssw/CMSSW_13_1_ASAN_X_2023-03-01-2300/test/el8_amd64_gcc11/testPixelPayloadInspector+0x4a1fe6)
    #7 0x2b8deadbcd84 in __libc_start_main (/lib64/libc.so.6+0x3ad84)
    #8 0x4aaa2d in _start (/cvmfs/cms-ib.cern.ch/sw/x86_64/nweek-02774/el8_amd64_gcc11/cms/cmssw/CMSSW_13_1_ASAN_X_2023-03-01-2300/test/el8_amd64_gcc11/testPixelPayloadInspector+0x4aaa2d)

0x60200016bc00 is located 0 bytes to the right of 16-byte region [0x60200016bbf0,0x60200016bc00)
allocated by thread T0 here:
    #0 0x2b8dd8c0ff37 in operator new(unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:99
    #1 0x56af3d in (anonymous namespace)::SiPixelDynamicInefficiencyPUParametrization::fill() [clone .lto_priv.0] (/cvmfs/cms-ib.cern.ch/sw/x86_64/nweek-02774/el8_amd64_gcc11/cms/cmssw/CMSSW_13_1_ASAN_X_2023-03-01-2300/test/el8_amd64_gcc11/testPixelPayloadInspector+0x56af3d)
    #2 0x4c7c97 in cond::payloadInspector::PlotImpl<(cond::payloadInspector::IOVMultiplicity)2, 0>::processData[abi:cxx11]() (/cvmfs/cms-ib.cern.ch/sw/x86_64/nweek-02774/el8_amd64_gcc11/cms/cmssw/CMSSW_13_1_ASAN_X_2023-03-01-2300/test/el8_amd64_gcc11/testPixelPayloadInspector+0x4c7c97)
    #3 0x2b8dd9c5e0a5 in cond::payloadInspector::PlotBase::exec_process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, unsigned long long, unsigned long long>, std::allocator<std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, unsigned long long, unsigned long long> > > const&) (/cvmfs/cms-ib.cern.ch/sw/x86_64/nweek-02774/el8_amd64_gcc11/cms/cmssw/CMSSW_13_1_ASAN_X_2023-03-01-2300/lib/el8_amd64_gcc11/libCondCoreUtilities.so+0x72d0a5)
    #4 0x2b8dd9c5f634 in cond::payloadInspector::PlotBase::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, pybind11::list const&) (/cvmfs/cms-ib.cern.ch/sw/x86_64/nweek-02774/el8_amd64_gcc11/cms/cmssw/CMSSW_13_1_ASAN_X_2023-03-01-2300/lib/el8_amd64_gcc11/libCondCoreUtilities.so+0x72e634)
    #5 0x4a1fe6 in main (/cvmfs/cms-ib.cern.ch/sw/x86_64/nweek-02774/el8_amd64_gcc11/cms/cmssw/CMSSW_13_1_ASAN_X_2023-03-01-2300/test/el8_amd64_gcc11/testPixelPayloadInspector+0x4a1fe6)
    #6 0x2b8deadbcd84 in __libc_start_main (/lib64/libc.so.6+0x3ad84)

SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:810 in __interceptor_memmove
Shadow bytes around the buggy address:
  0x0c0480025730: fa fa fd fd fa fa fd fa fa fa fd fa fa fa 00 00
  0x0c0480025740: fa fa fd fd fa fa fd fd fa fa 00 00 fa fa fd fd
  0x0c0480025750: fa fa 00 00 fa fa fd fd fa fa fa fa fa fa 00 00
  0x0c0480025760: fa fa 00 00 fa fa fd fa fa fa fd fd fa fa fd fa
  0x0c0480025770: fa fa 00 00 fa fa fd fd fa fa fa fa fa fa 00 00
=>0x0c0480025780:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480025790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c04800257a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c04800257b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c04800257c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fd fa
  0x0c04800257d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==30528==ABORTING

---> test testPixelPayloadInspector had ERRORS

Full log: link

[iarspider]

assign db

[cmsbuild]

New categories assigned: db

@ggovi,@francescobrivio,@malbouis,@saumyaphor4252,@tvami you have been requested to review this Pull request/Issue and eventually sign? Thanks

[cmsbuild]

A new Issue was created by @iarspider .

@Dr15Jones, @perrotta, @dpiparo, @rappoccio, @makortel, @smuzaffar can you please review it and eventually sign/assign? Thanks.

cms-bot commands are listed here

[smuzaffar]

@iarspider , as ASAN/UBSAN IBs are fully broken so lets wait for #40902 to resolve

[iarspider]

@smuzaffar The stack trace is different here, but sure, we can wait.

[mmusich]

solved at #40944

[tvami]

+db

• resolved in prevent heap-buffer-overflow in SiPixelDynamicInefficiencyPUParametrization #40944

[cmsbuild]

This issue is fully signed and ready to be closed.