Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix genreflex problem with fgIsA #13

Closed
wants to merge 42 commits into from
Closed

Fix genreflex problem with fgIsA #13

wants to merge 42 commits into from

Conversation

Dr15Jones
Copy link
Contributor

Fixes a problem with using genreflex to create a dictionary for a class that inherits from TObject. The problem was triggered by the thread-safety changes.
Depends on previous pull request (#12).

@Dr15Jones
Fast and dirty version of setting special value in TObject::new
ed34f32 
Write special values into memory after TObject::new called in order to
have TObject's constructor determine if the object was made on the heap.
@Dr15Jones
Removed use of TStorage::IsOnHeap
36cf7d6 
This is the only use of TStorage::IsOnHeap outside of TObject constructor.
It appears to be checking to see if the object might not be available anymore
and if so don't talk to it. This test is highly inadequate to answer that
question and since we want to get rid of TStorage::IsOnHeap for other reasons,
it was decided to remove its use here.
@Dr15Jones
Cleaned up TStorage changes
f3139c6 
Removed obsolete static member data and obsolete function bodies.
Added ::Obsolete calls where appropriate.
@Dr15Jones
Encapsulate check on alloc in TStorage::FilledByObjectAlloc
fbe78ab 
Instead of having TObject's constructors know explicitly about how
TStorage::ObjectAlloc works, we no encapsulate that knowledge into
TStorage::FilledByObjectAlloc.
Additionally, switched from fBits to fUniqueID when checking for
assignment from 'new' in order to more easily create a valgrind
suppression entry.
@Dr15Jones
Added suppression entries for determining if TObject on heap
f4f81f0 
To determine if TObject is on the heap we read the value of a member
data before it has been set by the constructor. If it was heap
allocated the TObject::operator new will have filled special values
into the memory area. However, for stack allocated it is
unset. This makes valgrind report an error. Given we intend this
behavior, we suppress the message.
@Dr15Jones
Don't reset global in TClass::New
238d929 
Helgrind was complaining about a global being written without a lock.
In this case, the global is not actually changed so we do a check
to see if the old value was the same as the value we set and if
so, we don't bother to change it.
@Dr15Jones
Made TClass::fgCallingNew a thread_local file scope static
6a2db33 
In order to avoid thread-safety issues, the static class member
TClass::fgCallingNew is no longer a class member and is instead
a file scoped static declared thread_local. It was necessary to
not have it is a class member since CINT could not parse the new
thread_local keyword.
@Dr15Jones
Make variable used for GUID of TKeys atomic
83658c7 
Since TKeys can be made by different threads, it is necessary to
protect the global used to assign the GUID of TKeys,  keyAbsNumber
so that we are guaranteed to get a unique value for each request.
C++11 atomics give that guarantee.
@Dr15Jones
Protect Cintex structure with mutex
576c911 
The caching of TClasses by Cintext could be updated at anytime and
therefore needs to be protected when running multi-threaded.
@Dr15Jones
Make zip globals thread local
ff062d6 
The zip functions use globals to hold state while calling from
function to function. Such use is not thread safe. Given the globals
are only used during a function call chain, it is safe to change them
to thread local. Given this is compiled by a C compiler, we must use
the gcc specific __thread keyword.
@Dr15Jones
Protect access to TROOT::GetListOfFiles()
f93317a 
When new files are opened or closed, gROOT->GetListOfFiles() is updated.
If the opening/closing happens on different threads then we need to
serialize all access to that list. This changes uses gROOTMutex to
serialize those accesses.
@Dr15Jones
Protected threaded access to TClass::GetStreamerInfos()
601716c 
The list of TStreamerInfos held by a TClass can change while processing
and therefore access to it must be protected when using multiple threads.
The gCINTMutex is used for this purpose since the TClass is considered
part of the CINT data model.
@Dr15Jones
Thread safe caching of TStreamerInfo in TBranchSTL
664b0aa 
We now protect all threaded access to TClass::GetStreamerInfos. In addition
this change properly handles updating the TStreamerInfo cache in a
thread safe manner.
@Dr15Jones
Only set TStreamerInfo to unoptimized if it is optimized
def94e4 
When running with multiple threads, we need to avoid unnecessary changes
to TStreamerInfos. Therefore we check to see if the TStreamerInfo is optimized
before setting it as unoptimized and rebuild it.
@Dr15Jones
Fix threading issues in TClass
ed20b3c 
The following threading issues were corrected
- TROOT::GetListOfClasses was protected via gCINTMutex
- Access to TStreamerInfo lists were protected via gCINTMutex
- Setting of the cache for current TStreamerInfo and for the list of
  conversion TStreamerInfos is protected via std::atomic<>
@Dr15Jones
Made TPluginManager thread-safe for I/O
6481fca 
Several changes were needed to make this thread-safe for the I/O case
1) Protect the list of handlers with its own Mutex
2) Use a thread_local variable to hold the status of reading a directory
3) Use gCINTMutex to protect access to fBasesLoaded. Had to use gCINTMutex
 since we need threads trying to read the same dirs to wait for the first
 reader to finish so the lock has to be held over the whole call. In addition,
 gCINTMutex is sometimes taken before and sometimes during the call so using
 a different mutex would lead to a deadlock situation.
NOTE: fReadingDirs is not used anymore but is still in the code to allow
binary compatibility to easy testing. This should be removed in the future.
@Dr15Jones
Mutex lock removed from TStorage::ObjectDealloc to avoid deadlocks
25d37fc 
The order of locks between gGlobalMutex and gCINTMutex is undefined
and TStorage::ObjectDealloc calls were involved in order reversal
problems. As it turned out, there is no data structure that needs
protecting in TStorage::ObjectDealloc so we do not need the lock.
@Dr15Jones
Use thread_local for statics in TUUID
3bc032b 
TUUID used statics that were causing race conditions. The fix
was to change the statics to thread_local.
@Dr15Jones
Fix thread-safety issues with TError
7e2c9b2 
-There was a potential deadlock situation between gErrorMutex and
 gCINTMutex. The fix was to limit the scope of gErrorMutex locks
-Changed buffers from static to static thread_local. This allowed
 gErrorMutex to be more limited in scope.
@Dr15Jones
Use gCINTMutex to protect access to G__getgvp
e3bbfe0 
This fixed a problem found by helgrind.
@Dr15Jones
Use gCINTMutex to protect access to TBaseClass::Property
ee9fcd7 
Helgrind found a race condition involving TClass::GetBaseClassOffsetRecurse
calling TBaseClass::Property.
@Dr15Jones
Fix thread-safety problems with cleanup of containers
e3b8c64 
Both TList and TObjArray modify gROOT::GetListOfCleanups() as
part of their cleanup methods. This change uses gROOTMutex to
protect that list.
@Dr15Jones
Fix thread-safety issues of StreamerInfos
edf2280 
-Made TStreamerInfo::fgElement thread_local
-Added an additional test bit to avoid rerunning TStreamerInfo::BuildOld.
 This avoids many cases of changing a TStreamerInfo once it is already in use.
@Dr15Jones
Made gTree thread_local
44aa619
@Dr15Jones
Properly avoid repeated calls to TStreamerInfo::Build*
5c8b6ac 
-Internal cloning of TStreamerInfo resets kBuildOldUsed so BuildOld will run
-BuildOld calls itself recursively so we only set kBuildOldUsed once we
 leave the function
-Avoid repeated calls to Build
These changes are needed to avoid having multiple threads do the same
work on the same TStreamerInfos which can cause interference between threads.
@Dr15Jones
Added additional locks in TClass to protect CINT data structures
37ca522
@Dr15Jones
Made TROOT ReadingObject methods thread safe
1d55ff3 
Made use of a thread_local to hold the ReadingObject status since
the status is only meant to apply to a call chain.
@Dr15Jones
Made global counters in TFile atomic
35e140c 
To properly handle cases where different TFiles are being used
on different threads, the various global counters in TFile
were converted to std::atomic<>.
@Dr15Jones
Used std::atomic to protect TStreamerInfo counters
fd69db9 
fLiveCount and fgCount are now atomic since they can be
read/modified on different threads without a mutex.
@Dr15Jones
Use std::atomic to protect access to TClass state
b6465ba 
Changed fVersionUsed and fgClassCount of TClass to be std::atomic
since both could be read/modified from different threads without
a mutex.
Also put back fgCallingNew as a class member to minimize code
changes with non-thread safe version.
eguiraud added a commit to eguiraud/root that referenced this pull request Oct 18, 2021
@eguiraud
[DF] Avoid crash in tutorial due to reused canvas name
ccc1670 
This tutorial crashed with the following stacktrace when run
interactively. Avoiding to register a canvas with the same name
multiple times fixes the crash:

```
    root-project#8  0x00007f5b7876967d in TCanvas::Resize(char const*) (this=0x55e768e126c0) at ../graf2d/gpad/src/TCanvas.cxx:1740
    root-project#9  0x00007f5b3e90d668 in TRootCanvas::HandleContainerConfigure(Event_t*) (this=0x55e76852b460) at ../gui/gui/src/TRootCanvas.cxx:1789
    root-project#10 0x00007f5b3e8464fd in TGFrame::HandleEvent(Event_t*) (this=0x55e767938e70, event=0x7f5b79adff40) at ../gui/gui/src/TGFrame.cxx:476
    root-project#11 0x00007f5b3e7f4c9a in TGClient::HandleEvent(Event_t*) (this=0x55e768de2290, event=0x7f5b79adff40) at ../gui/gui/src/TGClient.cxx:846
    root-project#12 0x00007f5b3e7f531d in TGClient::ProcessOneEvent() (this=0x55e768de2290) at ../gui/gui/src/TGClient.cxx:656
    root-project#13 TGClient::ProcessOneEvent() (this=0x55e768de2290) at ../gui/gui/src/TGClient.cxx:648
    root-project#14 0x00007f5b3e7f536b in TGClient::HandleInput() (this=0x55e768de2290) at ../gui/gui/src/TGClient.cxx:703
    root-project#15 0x00007f5b8dcb0ff8 in TUnixSystem::DispatchOneEvent(bool) (this=0x55e75ccfd080, pendingOnly=<optimized out>) at ../core/unix/src/TUnixSystem.cxx:1067
    root-project#16 0x00007f5b8dbd0dca in TSystem::ProcessEvents() (this=0x55e75ccfd080) at ../core/base/src/TSystem.cxx:424
    root-project#17 0x00007f5b8130600d in  ()
    root-project#18 0x00007f5b79ae0450 in  ()
    root-project#19 0x00007f5b8de5215f in WrapperCall(Cppyy::TCppMethod_t, size_t, void*, void*, void*) (method=94452242807424, nargs=0, args_=0x7f5b79ae01d7, self=0x55e75ccfd080, result=0x7f5b79ae01d7) at ../bindings/pyroot/cppyy/cppyy-backend/clingwrapper/src/clingwrapper.cxx:778
    root-project#20 0x00007f5b8de527cf in CallT<unsigned char> (args=<optimized out>, nargs=<optimized out>, self=<optimized out>, method=<optimized out>) at ../bindings/pyroot/cppyy/cppyy-backend/clingwrapper/src/clingwrapper.cxx:816
    root-project#21 Cppyy::CallB(long, void*, unsigned long, void*) (method=<optimized out>, self=<optimized out>, nargs=<optimized out>, args=<optimized out>) at ../bindings/pyroot/cppyy/cppyy-backend/clingwrapper/src/clingwrapper.cxx:833
    root-project#22 0x00007f5b8decdc0f in GILCallB (ctxt=0x7f5b79ae0430, self=<optimized out>, method=<optimized out>) at ../bindings/pyroot/cppyy/CPyCppyy/src/Executors.cxx:69
    root-project#23 CPyCppyy::(anonymous namespace)::BoolExecutor::Execute(Cppyy::TCppMethod_t, Cppyy::TCppObject_t, CPyCppyy::CallContext*) (this=<optimized out>, method=<optimized out>, self=<optimized out>, ctxt=0x7f5b79ae0430) at ../bindings/pyroot/cppyy/CPyCppyy/src/Executors.cxx:148
    root-project#24 0x00007f5b8deba4c9 in CPyCppyy::CPPMethod::ExecuteFast(void*, long, CPyCppyy::CallContext*) (self=<optimized out>, offset=<optimized out>, ctxt=<optimized out>, this=<optimized out>, this=<optimized out>) at ../bindings/pyroot/cppyy/CPyCppyy/src/CPPMethod.cxx:74
    root-project#25 0x00007f5b8debd3a8 in CPyCppyy::CPPMethod::ExecuteProtected(void*, long, CPyCppyy::CallContext*) (this=this entry=0x55e760617f50, self=0x55e75ccfd080, offset=0, ctxt=0x7f5b79ae0430) at ../bindings/pyroot/cppyy/CPyCppyy/src/CPPMethod.cxx:149
    root-project#26 0x00007f5b8debb6fa in CPyCppyy::CPPMethod::Execute(void*, long, CPyCppyy::CallContext*) (this=this entry=0x55e760617f50, self=self entry=0x55e75ccfd080, offset=<optimized out>, ctxt=ctxt entry=0x7f5b79ae0430) at ../bindings/pyroot/cppyy/CPyCppyy/src/CPPMethod.cxx:728
    root-project#27 0x00007f5b8debc46c in CPyCppyy::CPPMethod::Call(CPyCppyy::CPPInstance*&, _object*, _object*, CPyCppyy::CallContext*) (this=0x55e760617f50, self= 0x7f5b8080ef50: 0x7f5b808043c0, args=0x7f5b8e1ab040, kwds=<optimized out>, ctxt=0x7f5b79ae0430) at ../bindings/pyroot/cppyy/CPyCppyy/src/CPPMethod.cxx:783
    root-project#28 0x00007f5b8dec09fe in CPyCppyy::(anonymous namespace)::mp_call(CPyCppyy::CPPOverload*, PyObject*, PyObject*) (pymeth=0x7f5b8080ef40, args=0x7f5b8e1ab040, kwds=0x0) at ../bindings/pyroot/cppyy/CPyCppyy/src/CPPOverload.cxx:566
    root-project#29 0x00007f5b8e941333 in _PyObject_MakeTpCall () at /usr/lib/libpython3.9.so.1.0
    root-project#30 0x00007f5b8e93d218 in _PyEval_EvalFrameDefault () at /usr/lib/libpython3.9.so.1.0
    root-project#31 0x00007f5b8e936fd9 in  () at /usr/lib/libpython3.9.so.1.0
    root-project#32 0x00007f5b8e948b8e in _PyFunction_Vectorcall () at /usr/lib/libpython3.9.so.1.0
    root-project#33 0x00007f5b8e93aec9 in _PyEval_EvalFrameDefault () at /usr/lib/libpython3.9.so.1.0
    root-project#34 0x00007f5b8e94896b in _PyFunction_Vectorcall () at /usr/lib/libpython3.9.so.1.0
    root-project#35 0x00007f5b8e93858e in _PyEval_EvalFrameDefault () at /usr/lib/libpython3.9.so.1.0
    root-project#36 0x00007f5b8e94896b in _PyFunction_Vectorcall () at /usr/lib/libpython3.9.so.1.0
    root-project#37 0x00007f5b8e93858e in _PyEval_EvalFrameDefault () at /usr/lib/libpython3.9.so.1.0
    root-project#38 0x00007f5b8e94896b in _PyFunction_Vectorcall () at /usr/lib/libpython3.9.so.1.0
    root-project#39 0x00007f5b8e95795b in  () at /usr/lib/libpython3.9.so.1.0
    root-project#40 0x00007f5b8ea3cac6 in  () at /usr/lib/libpython3.9.so.1.0
    root-project#41 0x00007f5b8ea17554 in  () at /usr/lib/libpython3.9.so.1.0
    root-project#42 0x00007f5b8e62c259 in start_thread () at /usr/lib/libpthread.so.0
    root-project#43 0x00007f5b8e7425e3 in clone () at /usr/lib/libc.so.6
```
eguiraud added a commit that referenced this pull request Oct 19, 2021
@eguiraud
[DF] Avoid crash in tutorial due to reused canvas name
89a658e 
This tutorial crashed with the following stacktrace when run
interactively. Avoiding to register a canvas with the same name
multiple times fixes the crash:

```
    #8  0x00007f5b7876967d in TCanvas::Resize(char const*) (this=0x55e768e126c0) at ../graf2d/gpad/src/TCanvas.cxx:1740
    #9  0x00007f5b3e90d668 in TRootCanvas::HandleContainerConfigure(Event_t*) (this=0x55e76852b460) at ../gui/gui/src/TRootCanvas.cxx:1789
    #10 0x00007f5b3e8464fd in TGFrame::HandleEvent(Event_t*) (this=0x55e767938e70, event=0x7f5b79adff40) at ../gui/gui/src/TGFrame.cxx:476
    #11 0x00007f5b3e7f4c9a in TGClient::HandleEvent(Event_t*) (this=0x55e768de2290, event=0x7f5b79adff40) at ../gui/gui/src/TGClient.cxx:846
    #12 0x00007f5b3e7f531d in TGClient::ProcessOneEvent() (this=0x55e768de2290) at ../gui/gui/src/TGClient.cxx:656
    #13 TGClient::ProcessOneEvent() (this=0x55e768de2290) at ../gui/gui/src/TGClient.cxx:648
    #14 0x00007f5b3e7f536b in TGClient::HandleInput() (this=0x55e768de2290) at ../gui/gui/src/TGClient.cxx:703
    #15 0x00007f5b8dcb0ff8 in TUnixSystem::DispatchOneEvent(bool) (this=0x55e75ccfd080, pendingOnly=<optimized out>) at ../core/unix/src/TUnixSystem.cxx:1067
    #16 0x00007f5b8dbd0dca in TSystem::ProcessEvents() (this=0x55e75ccfd080) at ../core/base/src/TSystem.cxx:424
    #17 0x00007f5b8130600d in  ()
    #18 0x00007f5b79ae0450 in  ()
    #19 0x00007f5b8de5215f in WrapperCall(Cppyy::TCppMethod_t, size_t, void*, void*, void*) (method=94452242807424, nargs=0, args_=0x7f5b79ae01d7, self=0x55e75ccfd080, result=0x7f5b79ae01d7) at ../bindings/pyroot/cppyy/cppyy-backend/clingwrapper/src/clingwrapper.cxx:778
    #20 0x00007f5b8de527cf in CallT<unsigned char> (args=<optimized out>, nargs=<optimized out>, self=<optimized out>, method=<optimized out>) at ../bindings/pyroot/cppyy/cppyy-backend/clingwrapper/src/clingwrapper.cxx:816
    #21 Cppyy::CallB(long, void*, unsigned long, void*) (method=<optimized out>, self=<optimized out>, nargs=<optimized out>, args=<optimized out>) at ../bindings/pyroot/cppyy/cppyy-backend/clingwrapper/src/clingwrapper.cxx:833
    #22 0x00007f5b8decdc0f in GILCallB (ctxt=0x7f5b79ae0430, self=<optimized out>, method=<optimized out>) at ../bindings/pyroot/cppyy/CPyCppyy/src/Executors.cxx:69
    #23 CPyCppyy::(anonymous namespace)::BoolExecutor::Execute(Cppyy::TCppMethod_t, Cppyy::TCppObject_t, CPyCppyy::CallContext*) (this=<optimized out>, method=<optimized out>, self=<optimized out>, ctxt=0x7f5b79ae0430) at ../bindings/pyroot/cppyy/CPyCppyy/src/Executors.cxx:148
    #24 0x00007f5b8deba4c9 in CPyCppyy::CPPMethod::ExecuteFast(void*, long, CPyCppyy::CallContext*) (self=<optimized out>, offset=<optimized out>, ctxt=<optimized out>, this=<optimized out>, this=<optimized out>) at ../bindings/pyroot/cppyy/CPyCppyy/src/CPPMethod.cxx:74
    #25 0x00007f5b8debd3a8 in CPyCppyy::CPPMethod::ExecuteProtected(void*, long, CPyCppyy::CallContext*) (this=this entry=0x55e760617f50, self=0x55e75ccfd080, offset=0, ctxt=0x7f5b79ae0430) at ../bindings/pyroot/cppyy/CPyCppyy/src/CPPMethod.cxx:149
    #26 0x00007f5b8debb6fa in CPyCppyy::CPPMethod::Execute(void*, long, CPyCppyy::CallContext*) (this=this entry=0x55e760617f50, self=self entry=0x55e75ccfd080, offset=<optimized out>, ctxt=ctxt entry=0x7f5b79ae0430) at ../bindings/pyroot/cppyy/CPyCppyy/src/CPPMethod.cxx:728
    #27 0x00007f5b8debc46c in CPyCppyy::CPPMethod::Call(CPyCppyy::CPPInstance*&, _object*, _object*, CPyCppyy::CallContext*) (this=0x55e760617f50, self= 0x7f5b8080ef50: 0x7f5b808043c0, args=0x7f5b8e1ab040, kwds=<optimized out>, ctxt=0x7f5b79ae0430) at ../bindings/pyroot/cppyy/CPyCppyy/src/CPPMethod.cxx:783
    #28 0x00007f5b8dec09fe in CPyCppyy::(anonymous namespace)::mp_call(CPyCppyy::CPPOverload*, PyObject*, PyObject*) (pymeth=0x7f5b8080ef40, args=0x7f5b8e1ab040, kwds=0x0) at ../bindings/pyroot/cppyy/CPyCppyy/src/CPPOverload.cxx:566
    #29 0x00007f5b8e941333 in _PyObject_MakeTpCall () at /usr/lib/libpython3.9.so.1.0
    #30 0x00007f5b8e93d218 in _PyEval_EvalFrameDefault () at /usr/lib/libpython3.9.so.1.0
    #31 0x00007f5b8e936fd9 in  () at /usr/lib/libpython3.9.so.1.0
    #32 0x00007f5b8e948b8e in _PyFunction_Vectorcall () at /usr/lib/libpython3.9.so.1.0
    #33 0x00007f5b8e93aec9 in _PyEval_EvalFrameDefault () at /usr/lib/libpython3.9.so.1.0
    #34 0x00007f5b8e94896b in _PyFunction_Vectorcall () at /usr/lib/libpython3.9.so.1.0
    #35 0x00007f5b8e93858e in _PyEval_EvalFrameDefault () at /usr/lib/libpython3.9.so.1.0
    #36 0x00007f5b8e94896b in _PyFunction_Vectorcall () at /usr/lib/libpython3.9.so.1.0
    #37 0x00007f5b8e93858e in _PyEval_EvalFrameDefault () at /usr/lib/libpython3.9.so.1.0
    #38 0x00007f5b8e94896b in _PyFunction_Vectorcall () at /usr/lib/libpython3.9.so.1.0
    #39 0x00007f5b8e95795b in  () at /usr/lib/libpython3.9.so.1.0
    #40 0x00007f5b8ea3cac6 in  () at /usr/lib/libpython3.9.so.1.0
    #41 0x00007f5b8ea17554 in  () at /usr/lib/libpython3.9.so.1.0
    #42 0x00007f5b8e62c259 in start_thread () at /usr/lib/libpthread.so.0
    #43 0x00007f5b8e7425e3 in clone () at /usr/lib/libc.so.6
```
scott-snyder pushed a commit to scott-snyder/root that referenced this pull request Dec 6, 2021
Work around cling failure with gcc12 headers.
29f1bba 
With gcc12 headers, i see a cling failure.  In dbg:


[sss@karma dvtest]$ genreflex x.h --selection_file=sel.xml -o x_gen.cxx -Ixheaders 2>&1|tee log

genreflex: /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/tools/clang/include/clang/AST/TemplateBase.h:257: clang::QualType clang::TemplateArgument::getAsType() const: Assertion `getKind() == Type && "Unexpected kind"' failed.
 #0 0x00007f4124e1bac2 llvm::sys::PrintStackTrace(llvm::raw_ostream&) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:533:22
 root-project#1 0x00007f4124e1bb5e PrintStackTraceSignalHandler(void*) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:594:1
 root-project#2 0x00007f4124e19bd7 llvm::sys::RunSignalHandlers() /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Signals.cpp:68:20
 root-project#3 0x00007f4124e1b53c SignalHandler(int) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:385:1
 root-project#4 0x00007f411fc77a20 __restore_rt (/lib64/libpthread.so.0+0x13a20)
 root-project#5 0x00007f411f7502a2 raise (/lib64/libc.so.6+0x3d2a2)
 root-project#6 0x00007f411f7398a4 abort (/lib64/libc.so.6+0x268a4)
 root-project#7 0x00007f411f739789 _nl_load_domain.cold (/lib64/libc.so.6+0x26789)
 root-project#8 0x00007f411f748a16 (/lib64/libc.so.6+0x35a16)
 root-project#9 0x00007f4120a43c9d clang::TemplateArgument::getAsType() const /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/tools/clang/include/clang/AST/TemplateBase.h:257:5
root-project#10 0x00007f4120a57b3f ROOT::TMetaUtils::ReSubstTemplateArg(clang::QualType, clang::Type const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/clingutils/src/TClingUtils.cxx:4752:49
root-project#11 0x00007f4120a57c5b ROOT::TMetaUtils::ReSubstTemplateArg(clang::QualType, clang::Type const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/clingutils/src/TClingUtils.cxx:4775:58
root-project#12 0x00007f4120d05fd7 TClingBaseClassInfo::InternalNext(int) /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:341:67
root-project#13 0x00007f4120d06098 TClingBaseClassInfo::Next(int) /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:351:1
root-project#14 0x00007f4120d060b7 TClingBaseClassInfo::Next() /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:356:1
root-project#15 0x00007f4120bc82c1 TCling::CreateListOfBaseClasses(TClass*) const /home/sss/root/root-6.24.06/src/root/core/metacling/src/TCling.cxx:4267:17
root-project#16 0x00007f41200c4aa1 TClass::GetListOfBases() /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:3649:4
root-project#17 0x00007f41200c166a TClass::GetBaseClass(TClass const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:2659:37
root-project#18 0x00007f41200c16f2 TClass::GetBaseClass(TClass const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:2668:30
root-project#19 0x00007f41200c8cfe TClass::InheritsFrom(TClass const*) const /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:4889:38
root-project#20 0x00007f41200ccc8b TClass::Property() const /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:6054:4
root-project#21 0x00007f41200d0a69 TClass::IsClassStructOrUnion() const /home/sss/root/root-6.24.06/src/root/core/meta/inc/TClass.h:352:58
root-project#22 0x00007f41200c5141 TClass::GetListOfDataMembers(bool) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:3757:4
root-project#23 0x00007f412927255a CloseStreamerInfoROOTFile /home/sss/root/root-6.24.06/src/root/io/rootpcm/src/rootclingIO.cxx:162:42
root-project#24 0x00007f4120b2fc66 FinalizeStreamerInfoWriting(cling::Interpreter&, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:2627:8
root-project#25 0x00007f4120b3054e GenerateFullDict(std::ostream&, cling::Interpreter&, RScanner&, std::__cxx11::list<ROOT::TMetaUtils::RConstructorType, std::allocator<ROOT::TMetaUtils::RConstructorType> > const&, bool, bool, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:2769:51
root-project#26 0x00007f4120b3cec9 RootClingMain(int, char**, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:4861:43
root-project#27 0x00007f4120b40825 genreflex::invokeRootCling(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, bool, bool, bool, bool, bool, bool, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:5326:46
root-project#28 0x00007f4120b426f6 GenReflexMain(int, char**) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:6026:36
root-project#29 0x00007f4120b42b8d ROOT_rootcling_Driver /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:6097:29
root-project#30 0x0000000000401259 main /home/sss/root/root-6.24.06/src/root/main/src/rootcling.cxx:43:51
root-project#31 0x00007f411f73ab75 __libc_start_main (/lib64/libc.so.6+0x27b75)
root-project#32 0x000000000040110e _start (/home/sss/root/root-6.24.06/rootsys/bin/genreflex+0x40110e)
Stack dump:
0.	Program arguments: rootcling -v2 -f x_gen.cxx -inlineInputHeader -Ixheaders x.h sel.xml 




sel.xml:
<lcgdict>
  <class pattern="*iterator<*pair<const*,const*"/>
</lcgdict>



x.h:
#include <string>
#include <map>
void foo (std::map<unsigned, std::string>& m, const std::string& s)
{
  m.emplace (0, s);
}


or:
#include <string>

template <class T>
struct tree_iterator {};

using value_type = std::pair<const unsigned, std::string>;
using xiterator = tree_iterator<value_type>;

class xtree
{
public:
  std::pair<xiterator, bool> emplace()
  {
    return  std::pair<xiterator, bool>(xiterator(), false);
  }
};


Difficult to reduce it further due to how rootcling implicitly
reads headers.
scott-snyder pushed a commit to scott-snyder/root that referenced this pull request Dec 6, 2021
Work around cling failure with gcc12 headers.
3756570 
With gcc12 headers, i see a cling failure.  In dbg:


[sss@karma dvtest]$ genreflex x.h --selection_file=sel.xml -o x_gen.cxx -Ixheaders 2>&1|tee log

genreflex: /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/tools/clang/include/clang/AST/TemplateBase.h:257: clang::QualType clang::TemplateArgument::getAsType() const: Assertion `getKind() == Type && "Unexpected kind"' failed.
 #0 0x00007f4124e1bac2 llvm::sys::PrintStackTrace(llvm::raw_ostream&) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:533:22
 root-project#1 0x00007f4124e1bb5e PrintStackTraceSignalHandler(void*) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:594:1
 root-project#2 0x00007f4124e19bd7 llvm::sys::RunSignalHandlers() /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Signals.cpp:68:20
 root-project#3 0x00007f4124e1b53c SignalHandler(int) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:385:1
 root-project#4 0x00007f411fc77a20 __restore_rt (/lib64/libpthread.so.0+0x13a20)
 root-project#5 0x00007f411f7502a2 raise (/lib64/libc.so.6+0x3d2a2)
 root-project#6 0x00007f411f7398a4 abort (/lib64/libc.so.6+0x268a4)
 root-project#7 0x00007f411f739789 _nl_load_domain.cold (/lib64/libc.so.6+0x26789)
 root-project#8 0x00007f411f748a16 (/lib64/libc.so.6+0x35a16)
 root-project#9 0x00007f4120a43c9d clang::TemplateArgument::getAsType() const /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/tools/clang/include/clang/AST/TemplateBase.h:257:5
root-project#10 0x00007f4120a57b3f ROOT::TMetaUtils::ReSubstTemplateArg(clang::QualType, clang::Type const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/clingutils/src/TClingUtils.cxx:4752:49
root-project#11 0x00007f4120a57c5b ROOT::TMetaUtils::ReSubstTemplateArg(clang::QualType, clang::Type const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/clingutils/src/TClingUtils.cxx:4775:58
root-project#12 0x00007f4120d05fd7 TClingBaseClassInfo::InternalNext(int) /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:341:67
root-project#13 0x00007f4120d06098 TClingBaseClassInfo::Next(int) /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:351:1
root-project#14 0x00007f4120d060b7 TClingBaseClassInfo::Next() /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:356:1
root-project#15 0x00007f4120bc82c1 TCling::CreateListOfBaseClasses(TClass*) const /home/sss/root/root-6.24.06/src/root/core/metacling/src/TCling.cxx:4267:17
root-project#16 0x00007f41200c4aa1 TClass::GetListOfBases() /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:3649:4
root-project#17 0x00007f41200c166a TClass::GetBaseClass(TClass const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:2659:37
root-project#18 0x00007f41200c16f2 TClass::GetBaseClass(TClass const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:2668:30
root-project#19 0x00007f41200c8cfe TClass::InheritsFrom(TClass const*) const /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:4889:38
root-project#20 0x00007f41200ccc8b TClass::Property() const /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:6054:4
root-project#21 0x00007f41200d0a69 TClass::IsClassStructOrUnion() const /home/sss/root/root-6.24.06/src/root/core/meta/inc/TClass.h:352:58
root-project#22 0x00007f41200c5141 TClass::GetListOfDataMembers(bool) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:3757:4
root-project#23 0x00007f412927255a CloseStreamerInfoROOTFile /home/sss/root/root-6.24.06/src/root/io/rootpcm/src/rootclingIO.cxx:162:42
root-project#24 0x00007f4120b2fc66 FinalizeStreamerInfoWriting(cling::Interpreter&, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:2627:8
root-project#25 0x00007f4120b3054e GenerateFullDict(std::ostream&, cling::Interpreter&, RScanner&, std::__cxx11::list<ROOT::TMetaUtils::RConstructorType, std::allocator<ROOT::TMetaUtils::RConstructorType> > const&, bool, bool, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:2769:51
root-project#26 0x00007f4120b3cec9 RootClingMain(int, char**, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:4861:43
root-project#27 0x00007f4120b40825 genreflex::invokeRootCling(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, bool, bool, bool, bool, bool, bool, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:5326:46
root-project#28 0x00007f4120b426f6 GenReflexMain(int, char**) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:6026:36
root-project#29 0x00007f4120b42b8d ROOT_rootcling_Driver /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:6097:29
root-project#30 0x0000000000401259 main /home/sss/root/root-6.24.06/src/root/main/src/rootcling.cxx:43:51
root-project#31 0x00007f411f73ab75 __libc_start_main (/lib64/libc.so.6+0x27b75)
root-project#32 0x000000000040110e _start (/home/sss/root/root-6.24.06/rootsys/bin/genreflex+0x40110e)
Stack dump:
0.	Program arguments: rootcling -v2 -f x_gen.cxx -inlineInputHeader -Ixheaders x.h sel.xml 




sel.xml:
<lcgdict>
  <class pattern="*iterator<*pair<const*,const*"/>
</lcgdict>



x.h:
#include <string>
#include <map>
void foo (std::map<unsigned, std::string>& m, const std::string& s)
{
  m.emplace (0, s);
}


or:
#include <string>

template <class T>
struct tree_iterator {};

using value_type = std::pair<const unsigned, std::string>;
using xiterator = tree_iterator<value_type>;

class xtree
{
public:
  std::pair<xiterator, bool> emplace()
  {
    return  std::pair<xiterator, bool>(xiterator(), false);
  }
};


Difficult to reduce it further due to how rootcling implicitly
reads headers.
@wmyyy wmyyy mentioned this pull request Dec 16, 2021
Closed
@michael-mpik michael-mpik mentioned this pull request Feb 10, 2022
Closed
@yasmensarhan27 yasmensarhan27 mentioned this pull request Feb 22, 2022
Closed
@hahnjo hahnjo mentioned this pull request Mar 2, 2022
Closed
scott-snyder pushed a commit to scott-snyder/root that referenced this pull request Apr 3, 2022
Work around cling failure with gcc12 headers.
5ba6d1a 
With gcc12 headers, i see a cling failure.  In dbg:


[sss@karma dvtest]$ genreflex x.h --selection_file=sel.xml -o x_gen.cxx -Ixheaders 2>&1|tee log

genreflex: /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/tools/clang/include/clang/AST/TemplateBase.h:257: clang::QualType clang::TemplateArgument::getAsType() const: Assertion `getKind() == Type && "Unexpected kind"' failed.
 #0 0x00007f4124e1bac2 llvm::sys::PrintStackTrace(llvm::raw_ostream&) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:533:22
 root-project#1 0x00007f4124e1bb5e PrintStackTraceSignalHandler(void*) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:594:1
 root-project#2 0x00007f4124e19bd7 llvm::sys::RunSignalHandlers() /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Signals.cpp:68:20
 root-project#3 0x00007f4124e1b53c SignalHandler(int) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:385:1
 root-project#4 0x00007f411fc77a20 __restore_rt (/lib64/libpthread.so.0+0x13a20)
 root-project#5 0x00007f411f7502a2 raise (/lib64/libc.so.6+0x3d2a2)
 root-project#6 0x00007f411f7398a4 abort (/lib64/libc.so.6+0x268a4)
 root-project#7 0x00007f411f739789 _nl_load_domain.cold (/lib64/libc.so.6+0x26789)
 root-project#8 0x00007f411f748a16 (/lib64/libc.so.6+0x35a16)
 root-project#9 0x00007f4120a43c9d clang::TemplateArgument::getAsType() const /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/tools/clang/include/clang/AST/TemplateBase.h:257:5
root-project#10 0x00007f4120a57b3f ROOT::TMetaUtils::ReSubstTemplateArg(clang::QualType, clang::Type const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/clingutils/src/TClingUtils.cxx:4752:49
root-project#11 0x00007f4120a57c5b ROOT::TMetaUtils::ReSubstTemplateArg(clang::QualType, clang::Type const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/clingutils/src/TClingUtils.cxx:4775:58
root-project#12 0x00007f4120d05fd7 TClingBaseClassInfo::InternalNext(int) /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:341:67
root-project#13 0x00007f4120d06098 TClingBaseClassInfo::Next(int) /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:351:1
root-project#14 0x00007f4120d060b7 TClingBaseClassInfo::Next() /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:356:1
root-project#15 0x00007f4120bc82c1 TCling::CreateListOfBaseClasses(TClass*) const /home/sss/root/root-6.24.06/src/root/core/metacling/src/TCling.cxx:4267:17
root-project#16 0x00007f41200c4aa1 TClass::GetListOfBases() /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:3649:4
root-project#17 0x00007f41200c166a TClass::GetBaseClass(TClass const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:2659:37
root-project#18 0x00007f41200c16f2 TClass::GetBaseClass(TClass const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:2668:30
root-project#19 0x00007f41200c8cfe TClass::InheritsFrom(TClass const*) const /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:4889:38
root-project#20 0x00007f41200ccc8b TClass::Property() const /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:6054:4
root-project#21 0x00007f41200d0a69 TClass::IsClassStructOrUnion() const /home/sss/root/root-6.24.06/src/root/core/meta/inc/TClass.h:352:58
root-project#22 0x00007f41200c5141 TClass::GetListOfDataMembers(bool) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:3757:4
root-project#23 0x00007f412927255a CloseStreamerInfoROOTFile /home/sss/root/root-6.24.06/src/root/io/rootpcm/src/rootclingIO.cxx:162:42
root-project#24 0x00007f4120b2fc66 FinalizeStreamerInfoWriting(cling::Interpreter&, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:2627:8
root-project#25 0x00007f4120b3054e GenerateFullDict(std::ostream&, cling::Interpreter&, RScanner&, std::__cxx11::list<ROOT::TMetaUtils::RConstructorType, std::allocator<ROOT::TMetaUtils::RConstructorType> > const&, bool, bool, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:2769:51
root-project#26 0x00007f4120b3cec9 RootClingMain(int, char**, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:4861:43
root-project#27 0x00007f4120b40825 genreflex::invokeRootCling(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, bool, bool, bool, bool, bool, bool, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:5326:46
root-project#28 0x00007f4120b426f6 GenReflexMain(int, char**) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:6026:36
root-project#29 0x00007f4120b42b8d ROOT_rootcling_Driver /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:6097:29
root-project#30 0x0000000000401259 main /home/sss/root/root-6.24.06/src/root/main/src/rootcling.cxx:43:51
root-project#31 0x00007f411f73ab75 __libc_start_main (/lib64/libc.so.6+0x27b75)
root-project#32 0x000000000040110e _start (/home/sss/root/root-6.24.06/rootsys/bin/genreflex+0x40110e)
Stack dump:
0.	Program arguments: rootcling -v2 -f x_gen.cxx -inlineInputHeader -Ixheaders x.h sel.xml 




sel.xml:
<lcgdict>
  <class pattern="*iterator<*pair<const*,const*"/>
</lcgdict>



x.h:
#include <string>
#include <map>
void foo (std::map<unsigned, std::string>& m, const std::string& s)
{
  m.emplace (0, s);
}


or:
#include <string>

template <class T>
struct tree_iterator {};

using value_type = std::pair<const unsigned, std::string>;
using xiterator = tree_iterator<value_type>;

class xtree
{
public:
  std::pair<xiterator, bool> emplace()
  {
    return  std::pair<xiterator, bool>(xiterator(), false);
  }
};


Difficult to reduce it further due to how rootcling implicitly
reads headers.
@ethereal-space-cadet16 ethereal-space-cadet16 mentioned this pull request May 31, 2022
Closed
scott-snyder pushed a commit to scott-snyder/root that referenced this pull request Jun 2, 2022
Work around cling failure with gcc12 headers.
43ef5e3 
With gcc12 headers, i see a cling failure.  In dbg:


[sss@karma dvtest]$ genreflex x.h --selection_file=sel.xml -o x_gen.cxx -Ixheaders 2>&1|tee log

genreflex: /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/tools/clang/include/clang/AST/TemplateBase.h:257: clang::QualType clang::TemplateArgument::getAsType() const: Assertion `getKind() == Type && "Unexpected kind"' failed.
 #0 0x00007f4124e1bac2 llvm::sys::PrintStackTrace(llvm::raw_ostream&) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:533:22
 root-project#1 0x00007f4124e1bb5e PrintStackTraceSignalHandler(void*) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:594:1
 root-project#2 0x00007f4124e19bd7 llvm::sys::RunSignalHandlers() /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Signals.cpp:68:20
 root-project#3 0x00007f4124e1b53c SignalHandler(int) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:385:1
 root-project#4 0x00007f411fc77a20 __restore_rt (/lib64/libpthread.so.0+0x13a20)
 root-project#5 0x00007f411f7502a2 raise (/lib64/libc.so.6+0x3d2a2)
 root-project#6 0x00007f411f7398a4 abort (/lib64/libc.so.6+0x268a4)
 root-project#7 0x00007f411f739789 _nl_load_domain.cold (/lib64/libc.so.6+0x26789)
 root-project#8 0x00007f411f748a16 (/lib64/libc.so.6+0x35a16)
 root-project#9 0x00007f4120a43c9d clang::TemplateArgument::getAsType() const /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/tools/clang/include/clang/AST/TemplateBase.h:257:5
root-project#10 0x00007f4120a57b3f ROOT::TMetaUtils::ReSubstTemplateArg(clang::QualType, clang::Type const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/clingutils/src/TClingUtils.cxx:4752:49
root-project#11 0x00007f4120a57c5b ROOT::TMetaUtils::ReSubstTemplateArg(clang::QualType, clang::Type const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/clingutils/src/TClingUtils.cxx:4775:58
root-project#12 0x00007f4120d05fd7 TClingBaseClassInfo::InternalNext(int) /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:341:67
root-project#13 0x00007f4120d06098 TClingBaseClassInfo::Next(int) /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:351:1
root-project#14 0x00007f4120d060b7 TClingBaseClassInfo::Next() /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:356:1
root-project#15 0x00007f4120bc82c1 TCling::CreateListOfBaseClasses(TClass*) const /home/sss/root/root-6.24.06/src/root/core/metacling/src/TCling.cxx:4267:17
root-project#16 0x00007f41200c4aa1 TClass::GetListOfBases() /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:3649:4
root-project#17 0x00007f41200c166a TClass::GetBaseClass(TClass const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:2659:37
root-project#18 0x00007f41200c16f2 TClass::GetBaseClass(TClass const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:2668:30
root-project#19 0x00007f41200c8cfe TClass::InheritsFrom(TClass const*) const /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:4889:38
root-project#20 0x00007f41200ccc8b TClass::Property() const /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:6054:4
root-project#21 0x00007f41200d0a69 TClass::IsClassStructOrUnion() const /home/sss/root/root-6.24.06/src/root/core/meta/inc/TClass.h:352:58
root-project#22 0x00007f41200c5141 TClass::GetListOfDataMembers(bool) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:3757:4
root-project#23 0x00007f412927255a CloseStreamerInfoROOTFile /home/sss/root/root-6.24.06/src/root/io/rootpcm/src/rootclingIO.cxx:162:42
root-project#24 0x00007f4120b2fc66 FinalizeStreamerInfoWriting(cling::Interpreter&, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:2627:8
root-project#25 0x00007f4120b3054e GenerateFullDict(std::ostream&, cling::Interpreter&, RScanner&, std::__cxx11::list<ROOT::TMetaUtils::RConstructorType, std::allocator<ROOT::TMetaUtils::RConstructorType> > const&, bool, bool, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:2769:51
root-project#26 0x00007f4120b3cec9 RootClingMain(int, char**, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:4861:43
root-project#27 0x00007f4120b40825 genreflex::invokeRootCling(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, bool, bool, bool, bool, bool, bool, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:5326:46
root-project#28 0x00007f4120b426f6 GenReflexMain(int, char**) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:6026:36
root-project#29 0x00007f4120b42b8d ROOT_rootcling_Driver /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:6097:29
root-project#30 0x0000000000401259 main /home/sss/root/root-6.24.06/src/root/main/src/rootcling.cxx:43:51
root-project#31 0x00007f411f73ab75 __libc_start_main (/lib64/libc.so.6+0x27b75)
root-project#32 0x000000000040110e _start (/home/sss/root/root-6.24.06/rootsys/bin/genreflex+0x40110e)
Stack dump:
0.	Program arguments: rootcling -v2 -f x_gen.cxx -inlineInputHeader -Ixheaders x.h sel.xml 




sel.xml:
<lcgdict>
  <class pattern="*iterator<*pair<const*,const*"/>
</lcgdict>



x.h:
#include <string>
#include <map>
void foo (std::map<unsigned, std::string>& m, const std::string& s)
{
  m.emplace (0, s);
}


or:
#include <string>

template <class T>
struct tree_iterator {};

using value_type = std::pair<const unsigned, std::string>;
using xiterator = tree_iterator<value_type>;

class xtree
{
public:
  std::pair<xiterator, bool> emplace()
  {
    return  std::pair<xiterator, bool>(xiterator(), false);
  }
};


Difficult to reduce it further due to how rootcling implicitly
reads headers.
scott-snyder pushed a commit to scott-snyder/root that referenced this pull request Jun 3, 2022
Work around cling failure with gcc12 headers.
7158f04 
With gcc12 headers, i see a cling failure.  In dbg:


[sss@karma dvtest]$ genreflex x.h --selection_file=sel.xml -o x_gen.cxx -Ixheaders 2>&1|tee log

genreflex: /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/tools/clang/include/clang/AST/TemplateBase.h:257: clang::QualType clang::TemplateArgument::getAsType() const: Assertion `getKind() == Type && "Unexpected kind"' failed.
 #0 0x00007f4124e1bac2 llvm::sys::PrintStackTrace(llvm::raw_ostream&) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:533:22
 root-project#1 0x00007f4124e1bb5e PrintStackTraceSignalHandler(void*) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:594:1
 root-project#2 0x00007f4124e19bd7 llvm::sys::RunSignalHandlers() /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Signals.cpp:68:20
 root-project#3 0x00007f4124e1b53c SignalHandler(int) /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/lib/Support/Unix/Signals.inc:385:1
 root-project#4 0x00007f411fc77a20 __restore_rt (/lib64/libpthread.so.0+0x13a20)
 root-project#5 0x00007f411f7502a2 raise (/lib64/libc.so.6+0x3d2a2)
 root-project#6 0x00007f411f7398a4 abort (/lib64/libc.so.6+0x268a4)
 root-project#7 0x00007f411f739789 _nl_load_domain.cold (/lib64/libc.so.6+0x26789)
 root-project#8 0x00007f411f748a16 (/lib64/libc.so.6+0x35a16)
 root-project#9 0x00007f4120a43c9d clang::TemplateArgument::getAsType() const /home/sss/root/root-6.24.06/src/root/interpreter/llvm/src/tools/clang/include/clang/AST/TemplateBase.h:257:5
root-project#10 0x00007f4120a57b3f ROOT::TMetaUtils::ReSubstTemplateArg(clang::QualType, clang::Type const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/clingutils/src/TClingUtils.cxx:4752:49
root-project#11 0x00007f4120a57c5b ROOT::TMetaUtils::ReSubstTemplateArg(clang::QualType, clang::Type const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/clingutils/src/TClingUtils.cxx:4775:58
root-project#12 0x00007f4120d05fd7 TClingBaseClassInfo::InternalNext(int) /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:341:67
root-project#13 0x00007f4120d06098 TClingBaseClassInfo::Next(int) /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:351:1
root-project#14 0x00007f4120d060b7 TClingBaseClassInfo::Next() /home/sss/root/root-6.24.06/src/root/core/metacling/src/TClingBaseClassInfo.cxx:356:1
root-project#15 0x00007f4120bc82c1 TCling::CreateListOfBaseClasses(TClass*) const /home/sss/root/root-6.24.06/src/root/core/metacling/src/TCling.cxx:4267:17
root-project#16 0x00007f41200c4aa1 TClass::GetListOfBases() /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:3649:4
root-project#17 0x00007f41200c166a TClass::GetBaseClass(TClass const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:2659:37
root-project#18 0x00007f41200c16f2 TClass::GetBaseClass(TClass const*) (.localalias) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:2668:30
root-project#19 0x00007f41200c8cfe TClass::InheritsFrom(TClass const*) const /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:4889:38
root-project#20 0x00007f41200ccc8b TClass::Property() const /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:6054:4
root-project#21 0x00007f41200d0a69 TClass::IsClassStructOrUnion() const /home/sss/root/root-6.24.06/src/root/core/meta/inc/TClass.h:352:58
root-project#22 0x00007f41200c5141 TClass::GetListOfDataMembers(bool) /home/sss/root/root-6.24.06/src/root/core/meta/src/TClass.cxx:3757:4
root-project#23 0x00007f412927255a CloseStreamerInfoROOTFile /home/sss/root/root-6.24.06/src/root/io/rootpcm/src/rootclingIO.cxx:162:42
root-project#24 0x00007f4120b2fc66 FinalizeStreamerInfoWriting(cling::Interpreter&, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:2627:8
root-project#25 0x00007f4120b3054e GenerateFullDict(std::ostream&, cling::Interpreter&, RScanner&, std::__cxx11::list<ROOT::TMetaUtils::RConstructorType, std::allocator<ROOT::TMetaUtils::RConstructorType> > const&, bool, bool, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:2769:51
root-project#26 0x00007f4120b3cec9 RootClingMain(int, char**, bool) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:4861:43
root-project#27 0x00007f4120b40825 genreflex::invokeRootCling(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, bool, bool, bool, bool, bool, bool, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:5326:46
root-project#28 0x00007f4120b426f6 GenReflexMain(int, char**) /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:6026:36
root-project#29 0x00007f4120b42b8d ROOT_rootcling_Driver /home/sss/root/root-6.24.06/src/root/core/dictgen/src/rootcling_impl.cxx:6097:29
root-project#30 0x0000000000401259 main /home/sss/root/root-6.24.06/src/root/main/src/rootcling.cxx:43:51
root-project#31 0x00007f411f73ab75 __libc_start_main (/lib64/libc.so.6+0x27b75)
root-project#32 0x000000000040110e _start (/home/sss/root/root-6.24.06/rootsys/bin/genreflex+0x40110e)
Stack dump:
0.	Program arguments: rootcling -v2 -f x_gen.cxx -inlineInputHeader -Ixheaders x.h sel.xml 




sel.xml:
<lcgdict>
  <class pattern="*iterator<*pair<const*,const*"/>
</lcgdict>



x.h:
#include <string>
#include <map>
void foo (std::map<unsigned, std::string>& m, const std::string& s)
{
  m.emplace (0, s);
}


or:
#include <string>

template <class T>
struct tree_iterator {};

using value_type = std::pair<const unsigned, std::string>;
using xiterator = tree_iterator<value_type>;

class xtree
{
public:
  std::pair<xiterator, bool> emplace()
  {
    return  std::pair<xiterator, bool>(xiterator(), false);
  }
};


Difficult to reduce it further due to how rootcling implicitly
reads headers.
@iamaanand iamaanand mentioned this pull request Jul 28, 2022
Closed
SamuelChegeMburu referenced this pull request May 12, 2023
@linev
[tutorials] improve graphics/gtime.C tutorial
404e28a 
At each step draw newly created graph with reasonable content
Avoid writing value to vector out of bounds
@huagenxu huagenxu mentioned this pull request Aug 25, 2023
Closed
1 task
@dalel487 dalel487 mentioned this pull request Nov 9, 2023
Closed
1 task
vepadulano added a commit to vepadulano/root that referenced this pull request Jun 11, 2024
@vepadulano
[tree] Avoid heap-use-after-free in BulkApiSillyStruct test
8c5cfc6 
```
480: ==2560128==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000011648 at pc 0x7fb9d1ae089e bp 0x7ffd8e35b0a0 sp 0x7ffd8e35b098
480: READ of size 8 at 0x617000011648 thread T0
480:     #0 0x7fb9d1ae089d in TTree::GetNotify() const /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/inc/TTree.h:503
480:     #1 0x7fb9d1ae089d in void TNotifyLinkBase::RemoveLink<TTree>(TTree&) /home/vpadulan/Programs/rootproject/rootsrc/core/base/inc/TNotifyLin
k.h:104
480:     #2 0x7fb9d1ae089d in TTreeReader::~TTreeReader() /home/vpadulan/Programs/rootproject/rootsrc/tree/treeplayer/src/TTreeReader.cxx:252
480:     #3 0x433968 in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bulk
ApiSillyStruct.cxx:104
480:     root-project#4 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)()
, char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x4
70bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#5 0x45a5f3 in testing::Test::Run() [clone .part.0] (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-
asan/tree/tree/test/testBulkApiSillyStruct+0x45a5f3) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#6 0x45a969 in testing::TestInfo::Run() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tr
ee/test/testBulkApiSillyStruct+0x45a969) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#7 0x45ab10 in testing::TestSuite::Run() [clone .part.0] (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-tes
ting-asan/tree/tree/test/testBulkApiSillyStruct+0x45ab10) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#8 0x4675be in testing::internal::UnitTestImpl::RunAllTests() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-fre
e-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x4675be) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#9 0x45af6c in testing::UnitTest::Run() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tr
ee/test/testBulkApiSillyStruct+0x45af6c) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#10 0x425456 in main (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApi
SillyStruct+0x425456) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#11 0x7fb9cd446149 in __libc_start_call_main (/lib64/libc.so.6+0x28149) (BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
480:     root-project#12 0x7fb9cd44620a in __libc_start_main_impl (/lib64/libc.so.6+0x2820a) (BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
480:     root-project#13 0x4257b4 in _start (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkA
piSillyStruct+0x4257b4) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)

480: 0x617000011648 is located 328 bytes inside of 712-byte region [0x617000011500,0x6170000117c8)
480: freed by thread T0 here:
480:     #0 0x7fb9d1eda878 in operator delete(void*) (/lib64/libasan.so.8+0xda878) (BuildId: 2e1c50524ff1a2e7e73c4565b46f3f51892353ea)
480:     #1 0x7fb9cdfb4f25 in TCollection::GarbageCollect(TObject*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/TCollection.cxx:736
480:     #2 0x7fb9cdfe8a27 in TList::Delete(char const*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/TList.cxx:535
480:     #3 0x7fb9cdfc53d7 in THashList::Delete(char const*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/THashList.cxx:215
480:     root-project#4 0x7fb9ce8d285d in TDirectoryFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TDirectoryFile.cxx:585
480:     root-project#5 0x7fb9ce8d285d in TDirectoryFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TDirectoryFile.cxx:561
480:     root-project#6 0x7fb9ce9468e4 in TFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:989
480:     root-project#7 0x7fb9ce9481fd in TFile::~TFile() /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:566
480:     root-project#8 0x7fb9ce948fd0 in TFile::~TFile() /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:603
480:     root-project#9 0x4338cd in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bulk
ApiSillyStruct.cxx:103
480:     root-project#10 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(
), char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x
470bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)

480: previously allocated by thread T0 here:
480:     #0 0x7fb9d1ed9e38 in operator new(unsigned long) (/lib64/libasan.so.8+0xd9e38) (BuildId: 2e1c50524ff1a2e7e73c4565b46f3f51892353ea)
480:     #1 0x7fb9cdebbfd0 in TStorage::ObjectAlloc(unsigned long) /home/vpadulan/Programs/rootproject/rootsrc/core/base/src/TStorage.cxx:293
480:     #2 0x7fb9d12cc209 in TObject::operator new(unsigned long) /home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-tes
ting-asan/include/TObject.h:181
480:     #3 0x7fb9d12cc209 in new_TTree /home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/G__Tree
.cxx:4363
480:     root-project#4 0x7fb9ce10a49c in TClass::NewObject(TClass::ENewType, bool) const /home/vpadulan/Programs/rootproject/rootsrc/core/meta/src/TClass.cxx
:5003
480:     root-project#5 0x7fb9ce113c7d in TClass::New(TClass::ENewType, bool) const /home/vpadulan/Programs/rootproject/rootsrc/core/meta/src/TClass.cxx:4980
480:     root-project#6 0x7fb9ce9cda38 in TKey::ReadObjectAny(TClass const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TKey.cxx:1086
480:     root-project#7 0x7fb9ce8d10a7 in TDirectoryFile::GetObjectChecked(char const*, TClass const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/T
DirectoryFile.cxx:1111
480:     root-project#8 0x7fb9d1ade1d1 in void TDirectory::GetObject<TTree>(char const*, TTree*&) /home/vpadulan/Programs/rootproject/rootsrc/core/base/inc/TD
irectory.h:214
480:     root-project#9 0x7fb9d1ade1d1 in TTreeReader::TTreeReader(char const*, TDirectory*, TEntryList*) /home/vpadulan/Programs/rootproject/rootsrc/tree/tre
eplayer/src/TTreeReader.cxx:232
480:     root-project#10 0x433332 in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bu$
kApiSillyStruct.cxx:87
480:     root-project#11 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(
), char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x
470bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:
480: SUMMARY: AddressSanitizer: heap-use-after-free /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/inc/TTree.h:503 in TTree::GetNotify() co
nst
```
vepadulano added a commit to vepadulano/root that referenced this pull request Jun 12, 2024
@vepadulano
[tree] Avoid heap-use-after-free in BulkApiSillyStruct test
2b2d443 
The destructor of TTreeReader was making use of the TFile after its destruction.

```
480: ==2560128==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000011648 at pc 0x7fb9d1ae089e bp 0x7ffd8e35b0a0 sp 0x7ffd8e35b098
480: READ of size 8 at 0x617000011648 thread T0
480:     #0 0x7fb9d1ae089d in TTree::GetNotify() const /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/inc/TTree.h:503
480:     #1 0x7fb9d1ae089d in void TNotifyLinkBase::RemoveLink<TTree>(TTree&) /home/vpadulan/Programs/rootproject/rootsrc/core/base/inc/TNotifyLin
k.h:104
480:     #2 0x7fb9d1ae089d in TTreeReader::~TTreeReader() /home/vpadulan/Programs/rootproject/rootsrc/tree/treeplayer/src/TTreeReader.cxx:252
480:     #3 0x433968 in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bulk
ApiSillyStruct.cxx:104
480:     root-project#4 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)()
, char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x4
70bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#5 0x45a5f3 in testing::Test::Run() [clone .part.0] (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-
asan/tree/tree/test/testBulkApiSillyStruct+0x45a5f3) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#6 0x45a969 in testing::TestInfo::Run() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tr
ee/test/testBulkApiSillyStruct+0x45a969) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#7 0x45ab10 in testing::TestSuite::Run() [clone .part.0] (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-tes
ting-asan/tree/tree/test/testBulkApiSillyStruct+0x45ab10) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#8 0x4675be in testing::internal::UnitTestImpl::RunAllTests() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-fre
e-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x4675be) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#9 0x45af6c in testing::UnitTest::Run() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tr
ee/test/testBulkApiSillyStruct+0x45af6c) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#10 0x425456 in main (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApi
SillyStruct+0x425456) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#11 0x7fb9cd446149 in __libc_start_call_main (/lib64/libc.so.6+0x28149) (BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
480:     root-project#12 0x7fb9cd44620a in __libc_start_main_impl (/lib64/libc.so.6+0x2820a) (BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
480:     root-project#13 0x4257b4 in _start (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkA
piSillyStruct+0x4257b4) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)

480: 0x617000011648 is located 328 bytes inside of 712-byte region [0x617000011500,0x6170000117c8)
480: freed by thread T0 here:
480:     #0 0x7fb9d1eda878 in operator delete(void*) (/lib64/libasan.so.8+0xda878) (BuildId: 2e1c50524ff1a2e7e73c4565b46f3f51892353ea)
480:     #1 0x7fb9cdfb4f25 in TCollection::GarbageCollect(TObject*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/TCollection.cxx:736
480:     #2 0x7fb9cdfe8a27 in TList::Delete(char const*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/TList.cxx:535
480:     #3 0x7fb9cdfc53d7 in THashList::Delete(char const*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/THashList.cxx:215
480:     root-project#4 0x7fb9ce8d285d in TDirectoryFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TDirectoryFile.cxx:585
480:     root-project#5 0x7fb9ce8d285d in TDirectoryFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TDirectoryFile.cxx:561
480:     root-project#6 0x7fb9ce9468e4 in TFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:989
480:     root-project#7 0x7fb9ce9481fd in TFile::~TFile() /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:566
480:     root-project#8 0x7fb9ce948fd0 in TFile::~TFile() /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:603
480:     root-project#9 0x4338cd in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bulk
ApiSillyStruct.cxx:103
480:     root-project#10 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(
), char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x
470bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)

480: previously allocated by thread T0 here:
480:     #0 0x7fb9d1ed9e38 in operator new(unsigned long) (/lib64/libasan.so.8+0xd9e38) (BuildId: 2e1c50524ff1a2e7e73c4565b46f3f51892353ea)
480:     #1 0x7fb9cdebbfd0 in TStorage::ObjectAlloc(unsigned long) /home/vpadulan/Programs/rootproject/rootsrc/core/base/src/TStorage.cxx:293
480:     #2 0x7fb9d12cc209 in TObject::operator new(unsigned long) /home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-tes
ting-asan/include/TObject.h:181
480:     #3 0x7fb9d12cc209 in new_TTree /home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/G__Tree
.cxx:4363
480:     root-project#4 0x7fb9ce10a49c in TClass::NewObject(TClass::ENewType, bool) const /home/vpadulan/Programs/rootproject/rootsrc/core/meta/src/TClass.cxx
:5003
480:     root-project#5 0x7fb9ce113c7d in TClass::New(TClass::ENewType, bool) const /home/vpadulan/Programs/rootproject/rootsrc/core/meta/src/TClass.cxx:4980
480:     root-project#6 0x7fb9ce9cda38 in TKey::ReadObjectAny(TClass const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TKey.cxx:1086
480:     root-project#7 0x7fb9ce8d10a7 in TDirectoryFile::GetObjectChecked(char const*, TClass const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/T
DirectoryFile.cxx:1111
480:     root-project#8 0x7fb9d1ade1d1 in void TDirectory::GetObject<TTree>(char const*, TTree*&) /home/vpadulan/Programs/rootproject/rootsrc/core/base/inc/TD
irectory.h:214
480:     root-project#9 0x7fb9d1ade1d1 in TTreeReader::TTreeReader(char const*, TDirectory*, TEntryList*) /home/vpadulan/Programs/rootproject/rootsrc/tree/tre
eplayer/src/TTreeReader.cxx:232
480:     root-project#10 0x433332 in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bu$
kApiSillyStruct.cxx:87
480:     root-project#11 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(
), char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x
470bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:
480: SUMMARY: AddressSanitizer: heap-use-after-free /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/inc/TTree.h:503 in TTree::GetNotify() co
nst
```
vepadulano added a commit that referenced this pull request Jun 12, 2024
@vepadulano
[tree] Avoid heap-use-after-free in BulkApiSillyStruct test
b73c036 
The destructor of TTreeReader was making use of the TFile after its destruction.

```
480: ==2560128==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000011648 at pc 0x7fb9d1ae089e bp 0x7ffd8e35b0a0 sp 0x7ffd8e35b098
480: READ of size 8 at 0x617000011648 thread T0
480:     #0 0x7fb9d1ae089d in TTree::GetNotify() const /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/inc/TTree.h:503
480:     #1 0x7fb9d1ae089d in void TNotifyLinkBase::RemoveLink<TTree>(TTree&) /home/vpadulan/Programs/rootproject/rootsrc/core/base/inc/TNotifyLin
k.h:104
480:     #2 0x7fb9d1ae089d in TTreeReader::~TTreeReader() /home/vpadulan/Programs/rootproject/rootsrc/tree/treeplayer/src/TTreeReader.cxx:252
480:     #3 0x433968 in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bulk
ApiSillyStruct.cxx:104
480:     #4 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)()
, char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x4
70bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #5 0x45a5f3 in testing::Test::Run() [clone .part.0] (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-
asan/tree/tree/test/testBulkApiSillyStruct+0x45a5f3) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #6 0x45a969 in testing::TestInfo::Run() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tr
ee/test/testBulkApiSillyStruct+0x45a969) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #7 0x45ab10 in testing::TestSuite::Run() [clone .part.0] (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-tes
ting-asan/tree/tree/test/testBulkApiSillyStruct+0x45ab10) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #8 0x4675be in testing::internal::UnitTestImpl::RunAllTests() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-fre
e-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x4675be) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #9 0x45af6c in testing::UnitTest::Run() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tr
ee/test/testBulkApiSillyStruct+0x45af6c) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #10 0x425456 in main (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApi
SillyStruct+0x425456) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #11 0x7fb9cd446149 in __libc_start_call_main (/lib64/libc.so.6+0x28149) (BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
480:     #12 0x7fb9cd44620a in __libc_start_main_impl (/lib64/libc.so.6+0x2820a) (BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
480:     #13 0x4257b4 in _start (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkA
piSillyStruct+0x4257b4) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)

480: 0x617000011648 is located 328 bytes inside of 712-byte region [0x617000011500,0x6170000117c8)
480: freed by thread T0 here:
480:     #0 0x7fb9d1eda878 in operator delete(void*) (/lib64/libasan.so.8+0xda878) (BuildId: 2e1c50524ff1a2e7e73c4565b46f3f51892353ea)
480:     #1 0x7fb9cdfb4f25 in TCollection::GarbageCollect(TObject*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/TCollection.cxx:736
480:     #2 0x7fb9cdfe8a27 in TList::Delete(char const*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/TList.cxx:535
480:     #3 0x7fb9cdfc53d7 in THashList::Delete(char const*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/THashList.cxx:215
480:     #4 0x7fb9ce8d285d in TDirectoryFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TDirectoryFile.cxx:585
480:     #5 0x7fb9ce8d285d in TDirectoryFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TDirectoryFile.cxx:561
480:     #6 0x7fb9ce9468e4 in TFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:989
480:     #7 0x7fb9ce9481fd in TFile::~TFile() /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:566
480:     #8 0x7fb9ce948fd0 in TFile::~TFile() /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:603
480:     #9 0x4338cd in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bulk
ApiSillyStruct.cxx:103
480:     #10 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(
), char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x
470bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)

480: previously allocated by thread T0 here:
480:     #0 0x7fb9d1ed9e38 in operator new(unsigned long) (/lib64/libasan.so.8+0xd9e38) (BuildId: 2e1c50524ff1a2e7e73c4565b46f3f51892353ea)
480:     #1 0x7fb9cdebbfd0 in TStorage::ObjectAlloc(unsigned long) /home/vpadulan/Programs/rootproject/rootsrc/core/base/src/TStorage.cxx:293
480:     #2 0x7fb9d12cc209 in TObject::operator new(unsigned long) /home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-tes
ting-asan/include/TObject.h:181
480:     #3 0x7fb9d12cc209 in new_TTree /home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/G__Tree
.cxx:4363
480:     #4 0x7fb9ce10a49c in TClass::NewObject(TClass::ENewType, bool) const /home/vpadulan/Programs/rootproject/rootsrc/core/meta/src/TClass.cxx
:5003
480:     #5 0x7fb9ce113c7d in TClass::New(TClass::ENewType, bool) const /home/vpadulan/Programs/rootproject/rootsrc/core/meta/src/TClass.cxx:4980
480:     #6 0x7fb9ce9cda38 in TKey::ReadObjectAny(TClass const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TKey.cxx:1086
480:     #7 0x7fb9ce8d10a7 in TDirectoryFile::GetObjectChecked(char const*, TClass const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/T
DirectoryFile.cxx:1111
480:     #8 0x7fb9d1ade1d1 in void TDirectory::GetObject<TTree>(char const*, TTree*&) /home/vpadulan/Programs/rootproject/rootsrc/core/base/inc/TD
irectory.h:214
480:     #9 0x7fb9d1ade1d1 in TTreeReader::TTreeReader(char const*, TDirectory*, TEntryList*) /home/vpadulan/Programs/rootproject/rootsrc/tree/tre
eplayer/src/TTreeReader.cxx:232
480:     #10 0x433332 in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bu$
kApiSillyStruct.cxx:87
480:     #11 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(
), char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x
470bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:
480: SUMMARY: AddressSanitizer: heap-use-after-free /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/inc/TTree.h:503 in TTree::GetNotify() co
nst
```
guitargeek pushed a commit to guitargeek/root that referenced this pull request Jun 13, 2024
@vepadulano @guitargeek
[tree] Avoid heap-use-after-free in BulkApiSillyStruct test
652b06e 
The destructor of TTreeReader was making use of the TFile after its destruction.

```
480: ==2560128==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000011648 at pc 0x7fb9d1ae089e bp 0x7ffd8e35b0a0 sp 0x7ffd8e35b098
480: READ of size 8 at 0x617000011648 thread T0
480:     #0 0x7fb9d1ae089d in TTree::GetNotify() const /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/inc/TTree.h:503
480:     #1 0x7fb9d1ae089d in void TNotifyLinkBase::RemoveLink<TTree>(TTree&) /home/vpadulan/Programs/rootproject/rootsrc/core/base/inc/TNotifyLin
k.h:104
480:     #2 0x7fb9d1ae089d in TTreeReader::~TTreeReader() /home/vpadulan/Programs/rootproject/rootsrc/tree/treeplayer/src/TTreeReader.cxx:252
480:     root-project#3 0x433968 in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bulk
ApiSillyStruct.cxx:104
480:     root-project#4 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)()
, char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x4
70bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#5 0x45a5f3 in testing::Test::Run() [clone .part.0] (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-
asan/tree/tree/test/testBulkApiSillyStruct+0x45a5f3) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#6 0x45a969 in testing::TestInfo::Run() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tr
ee/test/testBulkApiSillyStruct+0x45a969) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#7 0x45ab10 in testing::TestSuite::Run() [clone .part.0] (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-tes
ting-asan/tree/tree/test/testBulkApiSillyStruct+0x45ab10) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#8 0x4675be in testing::internal::UnitTestImpl::RunAllTests() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-fre
e-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x4675be) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#9 0x45af6c in testing::UnitTest::Run() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tr
ee/test/testBulkApiSillyStruct+0x45af6c) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#10 0x425456 in main (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApi
SillyStruct+0x425456) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#11 0x7fb9cd446149 in __libc_start_call_main (/lib64/libc.so.6+0x28149) (BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
480:     root-project#12 0x7fb9cd44620a in __libc_start_main_impl (/lib64/libc.so.6+0x2820a) (BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
480:     root-project#13 0x4257b4 in _start (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkA
piSillyStruct+0x4257b4) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)

480: 0x617000011648 is located 328 bytes inside of 712-byte region [0x617000011500,0x6170000117c8)
480: freed by thread T0 here:
480:     #0 0x7fb9d1eda878 in operator delete(void*) (/lib64/libasan.so.8+0xda878) (BuildId: 2e1c50524ff1a2e7e73c4565b46f3f51892353ea)
480:     #1 0x7fb9cdfb4f25 in TCollection::GarbageCollect(TObject*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/TCollection.cxx:736
480:     #2 0x7fb9cdfe8a27 in TList::Delete(char const*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/TList.cxx:535
480:     root-project#3 0x7fb9cdfc53d7 in THashList::Delete(char const*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/THashList.cxx:215
480:     root-project#4 0x7fb9ce8d285d in TDirectoryFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TDirectoryFile.cxx:585
480:     root-project#5 0x7fb9ce8d285d in TDirectoryFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TDirectoryFile.cxx:561
480:     root-project#6 0x7fb9ce9468e4 in TFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:989
480:     root-project#7 0x7fb9ce9481fd in TFile::~TFile() /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:566
480:     root-project#8 0x7fb9ce948fd0 in TFile::~TFile() /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:603
480:     root-project#9 0x4338cd in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bulk
ApiSillyStruct.cxx:103
480:     root-project#10 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(
), char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x
470bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)

480: previously allocated by thread T0 here:
480:     #0 0x7fb9d1ed9e38 in operator new(unsigned long) (/lib64/libasan.so.8+0xd9e38) (BuildId: 2e1c50524ff1a2e7e73c4565b46f3f51892353ea)
480:     #1 0x7fb9cdebbfd0 in TStorage::ObjectAlloc(unsigned long) /home/vpadulan/Programs/rootproject/rootsrc/core/base/src/TStorage.cxx:293
480:     #2 0x7fb9d12cc209 in TObject::operator new(unsigned long) /home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-tes
ting-asan/include/TObject.h:181
480:     root-project#3 0x7fb9d12cc209 in new_TTree /home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/G__Tree
.cxx:4363
480:     root-project#4 0x7fb9ce10a49c in TClass::NewObject(TClass::ENewType, bool) const /home/vpadulan/Programs/rootproject/rootsrc/core/meta/src/TClass.cxx
:5003
480:     root-project#5 0x7fb9ce113c7d in TClass::New(TClass::ENewType, bool) const /home/vpadulan/Programs/rootproject/rootsrc/core/meta/src/TClass.cxx:4980
480:     root-project#6 0x7fb9ce9cda38 in TKey::ReadObjectAny(TClass const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TKey.cxx:1086
480:     root-project#7 0x7fb9ce8d10a7 in TDirectoryFile::GetObjectChecked(char const*, TClass const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/T
DirectoryFile.cxx:1111
480:     root-project#8 0x7fb9d1ade1d1 in void TDirectory::GetObject<TTree>(char const*, TTree*&) /home/vpadulan/Programs/rootproject/rootsrc/core/base/inc/TD
irectory.h:214
480:     root-project#9 0x7fb9d1ade1d1 in TTreeReader::TTreeReader(char const*, TDirectory*, TEntryList*) /home/vpadulan/Programs/rootproject/rootsrc/tree/tre
eplayer/src/TTreeReader.cxx:232
480:     root-project#10 0x433332 in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bu$
kApiSillyStruct.cxx:87
480:     root-project#11 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(
), char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x
470bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:
480: SUMMARY: AddressSanitizer: heap-use-after-free /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/inc/TTree.h:503 in TTree::GetNotify() co
nst
```
guitargeek pushed a commit that referenced this pull request Jun 13, 2024
@vepadulano @guitargeek
[tree] Avoid heap-use-after-free in BulkApiSillyStruct test
5296450 
The destructor of TTreeReader was making use of the TFile after its destruction.

```
480: ==2560128==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000011648 at pc 0x7fb9d1ae089e bp 0x7ffd8e35b0a0 sp 0x7ffd8e35b098
480: READ of size 8 at 0x617000011648 thread T0
480:     #0 0x7fb9d1ae089d in TTree::GetNotify() const /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/inc/TTree.h:503
480:     #1 0x7fb9d1ae089d in void TNotifyLinkBase::RemoveLink<TTree>(TTree&) /home/vpadulan/Programs/rootproject/rootsrc/core/base/inc/TNotifyLin
k.h:104
480:     #2 0x7fb9d1ae089d in TTreeReader::~TTreeReader() /home/vpadulan/Programs/rootproject/rootsrc/tree/treeplayer/src/TTreeReader.cxx:252
480:     #3 0x433968 in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bulk
ApiSillyStruct.cxx:104
480:     #4 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)()
, char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x4
70bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #5 0x45a5f3 in testing::Test::Run() [clone .part.0] (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-
asan/tree/tree/test/testBulkApiSillyStruct+0x45a5f3) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #6 0x45a969 in testing::TestInfo::Run() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tr
ee/test/testBulkApiSillyStruct+0x45a969) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #7 0x45ab10 in testing::TestSuite::Run() [clone .part.0] (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-tes
ting-asan/tree/tree/test/testBulkApiSillyStruct+0x45ab10) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #8 0x4675be in testing::internal::UnitTestImpl::RunAllTests() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-fre
e-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x4675be) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #9 0x45af6c in testing::UnitTest::Run() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tr
ee/test/testBulkApiSillyStruct+0x45af6c) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #10 0x425456 in main (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApi
SillyStruct+0x425456) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     #11 0x7fb9cd446149 in __libc_start_call_main (/lib64/libc.so.6+0x28149) (BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
480:     #12 0x7fb9cd44620a in __libc_start_main_impl (/lib64/libc.so.6+0x2820a) (BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
480:     #13 0x4257b4 in _start (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkA
piSillyStruct+0x4257b4) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)

480: 0x617000011648 is located 328 bytes inside of 712-byte region [0x617000011500,0x6170000117c8)
480: freed by thread T0 here:
480:     #0 0x7fb9d1eda878 in operator delete(void*) (/lib64/libasan.so.8+0xda878) (BuildId: 2e1c50524ff1a2e7e73c4565b46f3f51892353ea)
480:     #1 0x7fb9cdfb4f25 in TCollection::GarbageCollect(TObject*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/TCollection.cxx:736
480:     #2 0x7fb9cdfe8a27 in TList::Delete(char const*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/TList.cxx:535
480:     #3 0x7fb9cdfc53d7 in THashList::Delete(char const*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/THashList.cxx:215
480:     #4 0x7fb9ce8d285d in TDirectoryFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TDirectoryFile.cxx:585
480:     #5 0x7fb9ce8d285d in TDirectoryFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TDirectoryFile.cxx:561
480:     #6 0x7fb9ce9468e4 in TFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:989
480:     #7 0x7fb9ce9481fd in TFile::~TFile() /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:566
480:     #8 0x7fb9ce948fd0 in TFile::~TFile() /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:603
480:     #9 0x4338cd in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bulk
ApiSillyStruct.cxx:103
480:     #10 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(
), char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x
470bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)

480: previously allocated by thread T0 here:
480:     #0 0x7fb9d1ed9e38 in operator new(unsigned long) (/lib64/libasan.so.8+0xd9e38) (BuildId: 2e1c50524ff1a2e7e73c4565b46f3f51892353ea)
480:     #1 0x7fb9cdebbfd0 in TStorage::ObjectAlloc(unsigned long) /home/vpadulan/Programs/rootproject/rootsrc/core/base/src/TStorage.cxx:293
480:     #2 0x7fb9d12cc209 in TObject::operator new(unsigned long) /home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-tes
ting-asan/include/TObject.h:181
480:     #3 0x7fb9d12cc209 in new_TTree /home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/G__Tree
.cxx:4363
480:     #4 0x7fb9ce10a49c in TClass::NewObject(TClass::ENewType, bool) const /home/vpadulan/Programs/rootproject/rootsrc/core/meta/src/TClass.cxx
:5003
480:     #5 0x7fb9ce113c7d in TClass::New(TClass::ENewType, bool) const /home/vpadulan/Programs/rootproject/rootsrc/core/meta/src/TClass.cxx:4980
480:     #6 0x7fb9ce9cda38 in TKey::ReadObjectAny(TClass const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TKey.cxx:1086
480:     #7 0x7fb9ce8d10a7 in TDirectoryFile::GetObjectChecked(char const*, TClass const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/T
DirectoryFile.cxx:1111
480:     #8 0x7fb9d1ade1d1 in void TDirectory::GetObject<TTree>(char const*, TTree*&) /home/vpadulan/Programs/rootproject/rootsrc/core/base/inc/TD
irectory.h:214
480:     #9 0x7fb9d1ade1d1 in TTreeReader::TTreeReader(char const*, TDirectory*, TEntryList*) /home/vpadulan/Programs/rootproject/rootsrc/tree/tre
eplayer/src/TTreeReader.cxx:232
480:     #10 0x433332 in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bu$
kApiSillyStruct.cxx:87
480:     #11 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(
), char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x
470bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:
480: SUMMARY: AddressSanitizer: heap-use-after-free /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/inc/TTree.h:503 in TTree::GetNotify() co
nst
```
@Nowakus Nowakus mentioned this pull request Jul 2, 2024
Open
1 task
silverweed pushed a commit to silverweed/root that referenced this pull request Aug 19, 2024
@vepadulano
[tree] Avoid heap-use-after-free in BulkApiSillyStruct test
7ea0d16 
The destructor of TTreeReader was making use of the TFile after its destruction.

```
480: ==2560128==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000011648 at pc 0x7fb9d1ae089e bp 0x7ffd8e35b0a0 sp 0x7ffd8e35b098
480: READ of size 8 at 0x617000011648 thread T0
480:     #0 0x7fb9d1ae089d in TTree::GetNotify() const /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/inc/TTree.h:503
480:     root-project#1 0x7fb9d1ae089d in void TNotifyLinkBase::RemoveLink<TTree>(TTree&) /home/vpadulan/Programs/rootproject/rootsrc/core/base/inc/TNotifyLin
k.h:104
480:     root-project#2 0x7fb9d1ae089d in TTreeReader::~TTreeReader() /home/vpadulan/Programs/rootproject/rootsrc/tree/treeplayer/src/TTreeReader.cxx:252
480:     root-project#3 0x433968 in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bulk
ApiSillyStruct.cxx:104
480:     root-project#4 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)()
, char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x4
70bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#5 0x45a5f3 in testing::Test::Run() [clone .part.0] (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-
asan/tree/tree/test/testBulkApiSillyStruct+0x45a5f3) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#6 0x45a969 in testing::TestInfo::Run() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tr
ee/test/testBulkApiSillyStruct+0x45a969) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#7 0x45ab10 in testing::TestSuite::Run() [clone .part.0] (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-tes
ting-asan/tree/tree/test/testBulkApiSillyStruct+0x45ab10) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#8 0x4675be in testing::internal::UnitTestImpl::RunAllTests() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-fre
e-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x4675be) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#9 0x45af6c in testing::UnitTest::Run() (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tr
ee/test/testBulkApiSillyStruct+0x45af6c) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#10 0x425456 in main (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApi
SillyStruct+0x425456) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:     root-project#11 0x7fb9cd446149 in __libc_start_call_main (/lib64/libc.so.6+0x28149) (BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
480:     root-project#12 0x7fb9cd44620a in __libc_start_main_impl (/lib64/libc.so.6+0x2820a) (BuildId: 0d710e9d9dc10c500b8119c85da75004183618e2)
480:     root-project#13 0x4257b4 in _start (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkA
piSillyStruct+0x4257b4) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)

480: 0x617000011648 is located 328 bytes inside of 712-byte region [0x617000011500,0x6170000117c8)
480: freed by thread T0 here:
480:     #0 0x7fb9d1eda878 in operator delete(void*) (/lib64/libasan.so.8+0xda878) (BuildId: 2e1c50524ff1a2e7e73c4565b46f3f51892353ea)
480:     root-project#1 0x7fb9cdfb4f25 in TCollection::GarbageCollect(TObject*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/TCollection.cxx:736
480:     root-project#2 0x7fb9cdfe8a27 in TList::Delete(char const*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/TList.cxx:535
480:     root-project#3 0x7fb9cdfc53d7 in THashList::Delete(char const*) /home/vpadulan/Programs/rootproject/rootsrc/core/cont/src/THashList.cxx:215
480:     root-project#4 0x7fb9ce8d285d in TDirectoryFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TDirectoryFile.cxx:585
480:     root-project#5 0x7fb9ce8d285d in TDirectoryFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TDirectoryFile.cxx:561
480:     root-project#6 0x7fb9ce9468e4 in TFile::Close(char const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:989
480:     root-project#7 0x7fb9ce9481fd in TFile::~TFile() /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:566
480:     root-project#8 0x7fb9ce948fd0 in TFile::~TFile() /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TFile.cxx:603
480:     root-project#9 0x4338cd in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bulk
ApiSillyStruct.cxx:103
480:     root-project#10 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(
), char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x
470bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)

480: previously allocated by thread T0 here:
480:     #0 0x7fb9d1ed9e38 in operator new(unsigned long) (/lib64/libasan.so.8+0xd9e38) (BuildId: 2e1c50524ff1a2e7e73c4565b46f3f51892353ea)
480:     root-project#1 0x7fb9cdebbfd0 in TStorage::ObjectAlloc(unsigned long) /home/vpadulan/Programs/rootproject/rootsrc/core/base/src/TStorage.cxx:293
480:     root-project#2 0x7fb9d12cc209 in TObject::operator new(unsigned long) /home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-tes
ting-asan/include/TObject.h:181
480:     root-project#3 0x7fb9d12cc209 in new_TTree /home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/G__Tree
.cxx:4363
480:     root-project#4 0x7fb9ce10a49c in TClass::NewObject(TClass::ENewType, bool) const /home/vpadulan/Programs/rootproject/rootsrc/core/meta/src/TClass.cxx
:5003
480:     root-project#5 0x7fb9ce113c7d in TClass::New(TClass::ENewType, bool) const /home/vpadulan/Programs/rootproject/rootsrc/core/meta/src/TClass.cxx:4980
480:     root-project#6 0x7fb9ce9cda38 in TKey::ReadObjectAny(TClass const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/TKey.cxx:1086
480:     root-project#7 0x7fb9ce8d10a7 in TDirectoryFile::GetObjectChecked(char const*, TClass const*) /home/vpadulan/Programs/rootproject/rootsrc/io/io/src/T
DirectoryFile.cxx:1111
480:     root-project#8 0x7fb9d1ade1d1 in void TDirectory::GetObject<TTree>(char const*, TTree*&) /home/vpadulan/Programs/rootproject/rootsrc/core/base/inc/TD
irectory.h:214
480:     root-project#9 0x7fb9d1ade1d1 in TTreeReader::TTreeReader(char const*, TDirectory*, TEntryList*) /home/vpadulan/Programs/rootproject/rootsrc/tree/tre
eplayer/src/TTreeReader.cxx:232
480:     root-project#10 0x433332 in BulkApiSillyStructTest_stdReadSplitBranch_Test::TestBody() /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/test/Bu$
kApiSillyStruct.cxx:87
480:     root-project#11 0x470bac in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(
), char const*) (/home/vpadulan/Programs/rootproject/rootbuild/bulksilly-heap-use-after-free-testing-asan/tree/tree/test/testBulkApiSillyStruct+0x
470bac) (BuildId: 45d8d15c24ba2aae252398ec00943aba7665b034)
480:
480: SUMMARY: AddressSanitizer: heap-use-after-free /home/vpadulan/Programs/rootproject/rootsrc/tree/tree/inc/TTree.h:503 in TTree::GetNotify() co
nst
```
vepadulano added a commit to vepadulano/root that referenced this pull request Sep 22, 2024
@vepadulano
[treeplayer] Fix memory management of C-style array branches in test
2ffefcf 
The test was dynamically allocating the array data members of the `Data` struct, but never deallocating them. This commit polishes the `Data` struct definition and ensures proper management of the data members.

The previous way of writing data to the TTree was leading to a bad memory access in the ReadBasicPointer inlined function in TStreamerInfoReadBuffer.cxx while reading the `double*` array. In particular, the issue arises when accessing and then deallocating the array at the current index provided by the `TCompInfo` object.

```
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf140 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf184 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(TBuffer&, char** const&, TStreamerInfo::TCompInfo* const*, int, int, int, int, int) [inlined] TBuffer::BufferSize(this=0x000060e00010ef00) const at TBuffer.h:98:41 [opt]
   95  	   TObject *GetParent()  const;
   96  	   char    *Buffer()     const { return fBuffer; }
   97  	   char    *GetCurrent() const { return fBufCur; }
-> 98  	   Int_t    BufferSize() const { return fBufSize; }
   99  	   void     DetachBuffer() { fBuffer = nullptr; }
   100 	   Int_t    Length()     const { return (Int_t)(fBufCur - fBuffer); }
   101 	   void     Expand(Int_t newsize, Bool_t copy = kTRUE);  // expand buffer to newsize
Target 0: (repro.out) stopped.
(lldb) p fBufSize
(Int_t) 32008
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf194 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
    frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate:
->  0x107bac674 <+76>: casalb w8, w9, [x22]
    0x107bac678 <+80>: cmp    w8, #0x2
    0x107bac67c <+84>: b.ne   0x107bac6f4    ; <+204>
    0x107bac680 <+88>: mov    x8, #-0x100000000 ; =-4294967296
Target 0: (repro.out) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
  * frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
    frame #1: 0x0000000107c0c444 libclang_rt.asan_osx_dynamic.dylib`wrap__ZdaPv + 232
    frame #2: 0x00000001044d4a60 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
    frame #3: 0x0000000103ffc888 libRIO.so`TStreamerInfoActions::GenericReadAction(buf=0x000060e00010ef00, addr=0x0000602000056bd0, config=0x0000604000149910) at TStreamerInfoActions.cxx:195:45
    frame root-project#4: 0x0000000103caa5ec libRIO.so`TStreamerInfoActions::TConfiguredAction::operator()(this=0x00006030001693f0, buffer=0x000060e00010ef00, object=0x0000602000056bd0) const at TStreamerInfoActions.h:123:17
    frame root-project#5: 0x0000000103ca9ef8 libRIO.so`TBufferFile::ApplySequence(this=0x000060e00010ef00, sequence=0x000060600011ac20, obj=0x0000602000056bd0) at TBufferFile.cxx:3702:10
    frame root-project#6: 0x00000001064bc570 libTree.so`TBranchElement::ReadLeavesMemberBranchCount(this=0x0000619000566380, b=0x000060e00010ef00) at TBranchElement.cxx:4603:6
    frame root-project#7: 0x0000000106455ce4 libTree.so`TBranch::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranch.cxx:1753:4
    frame root-project#8: 0x00000001064a1764 libTree.so`TBranchElement::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranchElement.cxx:2783:27
    frame root-project#9: 0x000000010739915c libTreePlayer.so`ROOT::Detail::TBranchProxy::Read(this=0x00006110000c9580) at TBranchProxy.h:163:42
    frame root-project#10: 0x0000000107649ba8 libTreePlayer.so`(anonymous namespace)::TObjectArrayReader::At(this=0x0000603000169900, proxy=0x00006110000c9580, idx=1) at TTreeReaderArray.cxx:176:22
    frame root-project#11: 0x000000010000c2e4 repro.out`ROOT::Internal::TTreeReaderArrayBase::UntypedAt(this=0x000000016fdfe740, idx=1) const at TTreeReaderArray.h:41:62
    frame root-project#12: 0x000000010000c200 repro.out`TTreeReaderArray<double>::At(this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:205:54
    frame root-project#13: 0x00000001000065e0 repro.out`TTreeReaderArray<double>::operator[](this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:207:44
    frame root-project#14: 0x0000000100007b48 repro.out`simpleTest() at repro.cpp:123:26
    frame root-project#15: 0x0000000100007e10 repro.out`main at repro.cpp:128:5
    frame root-project#16: 0x000000018c718274 dyld`start + 2840
```
vepadulano added a commit to vepadulano/root that referenced this pull request Sep 22, 2024
@vepadulano
[treeplayer] Fix memory management of C-style array branches in test
ae17514 
The test was dynamically allocating the array data members of the `Data` struct, but never deallocating them. This commit polishes the `Data` struct definition and ensures proper management of the data members.

The previous way of writing data to the TTree was leading to a bad memory access in the ReadBasicPointer inlined function in TStreamerInfoReadBuffer.cxx while reading the `double*` array. In particular, the issue arises when accessing and then deallocating the array at the current index provided by the `TCompInfo` object.

```
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf140 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf184 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(TBuffer&, char** const&, TStreamerInfo::TCompInfo* const*, int, int, int, int, int) [inlined] TBuffer::BufferSize(this=0x000060e00010ef00) const at TBuffer.h:98:41 [opt]
   95  	   TObject *GetParent()  const;
   96  	   char    *Buffer()     const { return fBuffer; }
   97  	   char    *GetCurrent() const { return fBufCur; }
-> 98  	   Int_t    BufferSize() const { return fBufSize; }
   99  	   void     DetachBuffer() { fBuffer = nullptr; }
   100 	   Int_t    Length()     const { return (Int_t)(fBufCur - fBuffer); }
   101 	   void     Expand(Int_t newsize, Bool_t copy = kTRUE);  // expand buffer to newsize
Target 0: (repro.out) stopped.
(lldb) p fBufSize
(Int_t) 32008
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf194 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
    frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate:
->  0x107bac674 <+76>: casalb w8, w9, [x22]
    0x107bac678 <+80>: cmp    w8, #0x2
    0x107bac67c <+84>: b.ne   0x107bac6f4    ; <+204>
    0x107bac680 <+88>: mov    x8, #-0x100000000 ; =-4294967296
Target 0: (repro.out) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
  * frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
    frame #1: 0x0000000107c0c444 libclang_rt.asan_osx_dynamic.dylib`wrap__ZdaPv + 232
    frame #2: 0x00000001044d4a60 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
    frame #3: 0x0000000103ffc888 libRIO.so`TStreamerInfoActions::GenericReadAction(buf=0x000060e00010ef00, addr=0x0000602000056bd0, config=0x0000604000149910) at TStreamerInfoActions.cxx:195:45
    frame root-project#4: 0x0000000103caa5ec libRIO.so`TStreamerInfoActions::TConfiguredAction::operator()(this=0x00006030001693f0, buffer=0x000060e00010ef00, object=0x0000602000056bd0) const at TStreamerInfoActions.h:123:17
    frame root-project#5: 0x0000000103ca9ef8 libRIO.so`TBufferFile::ApplySequence(this=0x000060e00010ef00, sequence=0x000060600011ac20, obj=0x0000602000056bd0) at TBufferFile.cxx:3702:10
    frame root-project#6: 0x00000001064bc570 libTree.so`TBranchElement::ReadLeavesMemberBranchCount(this=0x0000619000566380, b=0x000060e00010ef00) at TBranchElement.cxx:4603:6
    frame root-project#7: 0x0000000106455ce4 libTree.so`TBranch::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranch.cxx:1753:4
    frame root-project#8: 0x00000001064a1764 libTree.so`TBranchElement::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranchElement.cxx:2783:27
    frame root-project#9: 0x000000010739915c libTreePlayer.so`ROOT::Detail::TBranchProxy::Read(this=0x00006110000c9580) at TBranchProxy.h:163:42
    frame root-project#10: 0x0000000107649ba8 libTreePlayer.so`(anonymous namespace)::TObjectArrayReader::At(this=0x0000603000169900, proxy=0x00006110000c9580, idx=1) at TTreeReaderArray.cxx:176:22
    frame root-project#11: 0x000000010000c2e4 repro.out`ROOT::Internal::TTreeReaderArrayBase::UntypedAt(this=0x000000016fdfe740, idx=1) const at TTreeReaderArray.h:41:62
    frame root-project#12: 0x000000010000c200 repro.out`TTreeReaderArray<double>::At(this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:205:54
    frame root-project#13: 0x00000001000065e0 repro.out`TTreeReaderArray<double>::operator[](this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:207:44
    frame root-project#14: 0x0000000100007b48 repro.out`simpleTest() at repro.cpp:123:26
    frame root-project#15: 0x0000000100007e10 repro.out`main at repro.cpp:128:5
    frame root-project#16: 0x000000018c718274 dyld`start + 2840
```
vepadulano added a commit to vepadulano/root that referenced this pull request Sep 23, 2024
@vepadulano
[treeplayer] Fix memory management of C-style array branches in test
e735a43 
The test was dynamically allocating the array data members of the `Data` struct, but never deallocating them. This commit polishes the `Data` struct definition and ensures proper management of the data members.

The previous way of writing data to the TTree was leading to a bad memory access in the ReadBasicPointer inlined function in TStreamerInfoReadBuffer.cxx while reading the `double*` array. In particular, the issue arises when accessing and then deallocating the array at the current index provided by the `TCompInfo` object.

```
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf140 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf184 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(TBuffer&, char** const&, TStreamerInfo::TCompInfo* const*, int, int, int, int, int) [inlined] TBuffer::BufferSize(this=0x000060e00010ef00) const at TBuffer.h:98:41 [opt]
   95  	   TObject *GetParent()  const;
   96  	   char    *Buffer()     const { return fBuffer; }
   97  	   char    *GetCurrent() const { return fBufCur; }
-> 98  	   Int_t    BufferSize() const { return fBufSize; }
   99  	   void     DetachBuffer() { fBuffer = nullptr; }
   100 	   Int_t    Length()     const { return (Int_t)(fBufCur - fBuffer); }
   101 	   void     Expand(Int_t newsize, Bool_t copy = kTRUE);  // expand buffer to newsize
Target 0: (repro.out) stopped.
(lldb) p fBufSize
(Int_t) 32008
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf194 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
    frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate:
->  0x107bac674 <+76>: casalb w8, w9, [x22]
    0x107bac678 <+80>: cmp    w8, #0x2
    0x107bac67c <+84>: b.ne   0x107bac6f4    ; <+204>
    0x107bac680 <+88>: mov    x8, #-0x100000000 ; =-4294967296
Target 0: (repro.out) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
  * frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
    frame #1: 0x0000000107c0c444 libclang_rt.asan_osx_dynamic.dylib`wrap__ZdaPv + 232
    frame #2: 0x00000001044d4a60 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
    frame #3: 0x0000000103ffc888 libRIO.so`TStreamerInfoActions::GenericReadAction(buf=0x000060e00010ef00, addr=0x0000602000056bd0, config=0x0000604000149910) at TStreamerInfoActions.cxx:195:45
    frame root-project#4: 0x0000000103caa5ec libRIO.so`TStreamerInfoActions::TConfiguredAction::operator()(this=0x00006030001693f0, buffer=0x000060e00010ef00, object=0x0000602000056bd0) const at TStreamerInfoActions.h:123:17
    frame root-project#5: 0x0000000103ca9ef8 libRIO.so`TBufferFile::ApplySequence(this=0x000060e00010ef00, sequence=0x000060600011ac20, obj=0x0000602000056bd0) at TBufferFile.cxx:3702:10
    frame root-project#6: 0x00000001064bc570 libTree.so`TBranchElement::ReadLeavesMemberBranchCount(this=0x0000619000566380, b=0x000060e00010ef00) at TBranchElement.cxx:4603:6
    frame root-project#7: 0x0000000106455ce4 libTree.so`TBranch::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranch.cxx:1753:4
    frame root-project#8: 0x00000001064a1764 libTree.so`TBranchElement::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranchElement.cxx:2783:27
    frame root-project#9: 0x000000010739915c libTreePlayer.so`ROOT::Detail::TBranchProxy::Read(this=0x00006110000c9580) at TBranchProxy.h:163:42
    frame root-project#10: 0x0000000107649ba8 libTreePlayer.so`(anonymous namespace)::TObjectArrayReader::At(this=0x0000603000169900, proxy=0x00006110000c9580, idx=1) at TTreeReaderArray.cxx:176:22
    frame root-project#11: 0x000000010000c2e4 repro.out`ROOT::Internal::TTreeReaderArrayBase::UntypedAt(this=0x000000016fdfe740, idx=1) const at TTreeReaderArray.h:41:62
    frame root-project#12: 0x000000010000c200 repro.out`TTreeReaderArray<double>::At(this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:205:54
    frame root-project#13: 0x00000001000065e0 repro.out`TTreeReaderArray<double>::operator[](this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:207:44
    frame root-project#14: 0x0000000100007b48 repro.out`simpleTest() at repro.cpp:123:26
    frame root-project#15: 0x0000000100007e10 repro.out`main at repro.cpp:128:5
    frame root-project#16: 0x000000018c718274 dyld`start + 2840
```
vepadulano added a commit to vepadulano/root that referenced this pull request Sep 23, 2024
@vepadulano
[treeplayer] Fix memory management of C-style array branches in test
93e27a8 
The test was dynamically allocating the array data members of the `Data` struct, but never deallocating them. This commit polishes the `Data` struct definition and ensures proper management of the data members.

The previous way of writing data to the TTree was leading to a bad memory access in the ReadBasicPointer inlined function in TStreamerInfoReadBuffer.cxx while reading the `double*` array. In particular, the issue arises when accessing and then deallocating the array at the current index provided by the `TCompInfo` object.

```
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf140 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf184 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(TBuffer&, char** const&, TStreamerInfo::TCompInfo* const*, int, int, int, int, int) [inlined] TBuffer::BufferSize(this=0x000060e00010ef00) const at TBuffer.h:98:41 [opt]
   95  	   TObject *GetParent()  const;
   96  	   char    *Buffer()     const { return fBuffer; }
   97  	   char    *GetCurrent() const { return fBufCur; }
-> 98  	   Int_t    BufferSize() const { return fBufSize; }
   99  	   void     DetachBuffer() { fBuffer = nullptr; }
   100 	   Int_t    Length()     const { return (Int_t)(fBufCur - fBuffer); }
   101 	   void     Expand(Int_t newsize, Bool_t copy = kTRUE);  // expand buffer to newsize
Target 0: (repro.out) stopped.
(lldb) p fBufSize
(Int_t) 32008
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf194 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
    frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate:
->  0x107bac674 <+76>: casalb w8, w9, [x22]
    0x107bac678 <+80>: cmp    w8, #0x2
    0x107bac67c <+84>: b.ne   0x107bac6f4    ; <+204>
    0x107bac680 <+88>: mov    x8, #-0x100000000 ; =-4294967296
Target 0: (repro.out) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
  * frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
    frame #1: 0x0000000107c0c444 libclang_rt.asan_osx_dynamic.dylib`wrap__ZdaPv + 232
    frame #2: 0x00000001044d4a60 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
    frame #3: 0x0000000103ffc888 libRIO.so`TStreamerInfoActions::GenericReadAction(buf=0x000060e00010ef00, addr=0x0000602000056bd0, config=0x0000604000149910) at TStreamerInfoActions.cxx:195:45
    frame root-project#4: 0x0000000103caa5ec libRIO.so`TStreamerInfoActions::TConfiguredAction::operator()(this=0x00006030001693f0, buffer=0x000060e00010ef00, object=0x0000602000056bd0) const at TStreamerInfoActions.h:123:17
    frame root-project#5: 0x0000000103ca9ef8 libRIO.so`TBufferFile::ApplySequence(this=0x000060e00010ef00, sequence=0x000060600011ac20, obj=0x0000602000056bd0) at TBufferFile.cxx:3702:10
    frame root-project#6: 0x00000001064bc570 libTree.so`TBranchElement::ReadLeavesMemberBranchCount(this=0x0000619000566380, b=0x000060e00010ef00) at TBranchElement.cxx:4603:6
    frame root-project#7: 0x0000000106455ce4 libTree.so`TBranch::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranch.cxx:1753:4
    frame root-project#8: 0x00000001064a1764 libTree.so`TBranchElement::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranchElement.cxx:2783:27
    frame root-project#9: 0x000000010739915c libTreePlayer.so`ROOT::Detail::TBranchProxy::Read(this=0x00006110000c9580) at TBranchProxy.h:163:42
    frame root-project#10: 0x0000000107649ba8 libTreePlayer.so`(anonymous namespace)::TObjectArrayReader::At(this=0x0000603000169900, proxy=0x00006110000c9580, idx=1) at TTreeReaderArray.cxx:176:22
    frame root-project#11: 0x000000010000c2e4 repro.out`ROOT::Internal::TTreeReaderArrayBase::UntypedAt(this=0x000000016fdfe740, idx=1) const at TTreeReaderArray.h:41:62
    frame root-project#12: 0x000000010000c200 repro.out`TTreeReaderArray<double>::At(this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:205:54
    frame root-project#13: 0x00000001000065e0 repro.out`TTreeReaderArray<double>::operator[](this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:207:44
    frame root-project#14: 0x0000000100007b48 repro.out`simpleTest() at repro.cpp:123:26
    frame root-project#15: 0x0000000100007e10 repro.out`main at repro.cpp:128:5
    frame root-project#16: 0x000000018c718274 dyld`start + 2840
```
vepadulano added a commit to vepadulano/root that referenced this pull request Sep 23, 2024
@vepadulano
[treeplayer] Fix memory management of C-style array branches in test
b642f50 
The test was dynamically allocating the array data members of the `Data` struct, but never deallocating them. This commit polishes the `Data` struct definition and ensures proper management of the data members.

The previous way of writing data to the TTree was leading to a bad memory access in the ReadBasicPointer inlined function in TStreamerInfoReadBuffer.cxx while reading the `double*` array. In particular, the issue arises when accessing and then deallocating the array at the current index provided by the `TCompInfo` object.

```
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf140 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf184 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(TBuffer&, char** const&, TStreamerInfo::TCompInfo* const*, int, int, int, int, int) [inlined] TBuffer::BufferSize(this=0x000060e00010ef00) const at TBuffer.h:98:41 [opt]
   95  	   TObject *GetParent()  const;
   96  	   char    *Buffer()     const { return fBuffer; }
   97  	   char    *GetCurrent() const { return fBufCur; }
-> 98  	   Int_t    BufferSize() const { return fBufSize; }
   99  	   void     DetachBuffer() { fBuffer = nullptr; }
   100 	   Int_t    Length()     const { return (Int_t)(fBufCur - fBuffer); }
   101 	   void     Expand(Int_t newsize, Bool_t copy = kTRUE);  // expand buffer to newsize
Target 0: (repro.out) stopped.
(lldb) p fBufSize
(Int_t) 32008
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf194 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
    frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate:
->  0x107bac674 <+76>: casalb w8, w9, [x22]
    0x107bac678 <+80>: cmp    w8, #0x2
    0x107bac67c <+84>: b.ne   0x107bac6f4    ; <+204>
    0x107bac680 <+88>: mov    x8, #-0x100000000 ; =-4294967296
Target 0: (repro.out) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
  * frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
    frame #1: 0x0000000107c0c444 libclang_rt.asan_osx_dynamic.dylib`wrap__ZdaPv + 232
    frame #2: 0x00000001044d4a60 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
    frame #3: 0x0000000103ffc888 libRIO.so`TStreamerInfoActions::GenericReadAction(buf=0x000060e00010ef00, addr=0x0000602000056bd0, config=0x0000604000149910) at TStreamerInfoActions.cxx:195:45
    frame root-project#4: 0x0000000103caa5ec libRIO.so`TStreamerInfoActions::TConfiguredAction::operator()(this=0x00006030001693f0, buffer=0x000060e00010ef00, object=0x0000602000056bd0) const at TStreamerInfoActions.h:123:17
    frame root-project#5: 0x0000000103ca9ef8 libRIO.so`TBufferFile::ApplySequence(this=0x000060e00010ef00, sequence=0x000060600011ac20, obj=0x0000602000056bd0) at TBufferFile.cxx:3702:10
    frame root-project#6: 0x00000001064bc570 libTree.so`TBranchElement::ReadLeavesMemberBranchCount(this=0x0000619000566380, b=0x000060e00010ef00) at TBranchElement.cxx:4603:6
    frame root-project#7: 0x0000000106455ce4 libTree.so`TBranch::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranch.cxx:1753:4
    frame root-project#8: 0x00000001064a1764 libTree.so`TBranchElement::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranchElement.cxx:2783:27
    frame root-project#9: 0x000000010739915c libTreePlayer.so`ROOT::Detail::TBranchProxy::Read(this=0x00006110000c9580) at TBranchProxy.h:163:42
    frame root-project#10: 0x0000000107649ba8 libTreePlayer.so`(anonymous namespace)::TObjectArrayReader::At(this=0x0000603000169900, proxy=0x00006110000c9580, idx=1) at TTreeReaderArray.cxx:176:22
    frame root-project#11: 0x000000010000c2e4 repro.out`ROOT::Internal::TTreeReaderArrayBase::UntypedAt(this=0x000000016fdfe740, idx=1) const at TTreeReaderArray.h:41:62
    frame root-project#12: 0x000000010000c200 repro.out`TTreeReaderArray<double>::At(this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:205:54
    frame root-project#13: 0x00000001000065e0 repro.out`TTreeReaderArray<double>::operator[](this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:207:44
    frame root-project#14: 0x0000000100007b48 repro.out`simpleTest() at repro.cpp:123:26
    frame root-project#15: 0x0000000100007e10 repro.out`main at repro.cpp:128:5
    frame root-project#16: 0x000000018c718274 dyld`start + 2840
```
vepadulano added a commit to vepadulano/root that referenced this pull request Sep 24, 2024
@vepadulano
[treeplayer] Fix memory management of C-style array branches in test
50db7ec 
The test was dynamically allocating the array data members of the `Data` struct, but never deallocating them. This commit polishes the `Data` struct definition and ensures proper management of the data members.

The previous way of writing data to the TTree was leading to a bad memory access in the ReadBasicPointer inlined function in TStreamerInfoReadBuffer.cxx while reading the `double*` array. In particular, the issue arises when accessing and then deallocating the array at the current index provided by the `TCompInfo` object.

```
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf140 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf184 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(TBuffer&, char** const&, TStreamerInfo::TCompInfo* const*, int, int, int, int, int) [inlined] TBuffer::BufferSize(this=0x000060e00010ef00) const at TBuffer.h:98:41 [opt]
   95  	   TObject *GetParent()  const;
   96  	   char    *Buffer()     const { return fBuffer; }
   97  	   char    *GetCurrent() const { return fBufCur; }
-> 98  	   Int_t    BufferSize() const { return fBufSize; }
   99  	   void     DetachBuffer() { fBuffer = nullptr; }
   100 	   Int_t    Length()     const { return (Int_t)(fBufCur - fBuffer); }
   101 	   void     Expand(Int_t newsize, Bool_t copy = kTRUE);  // expand buffer to newsize
Target 0: (repro.out) stopped.
(lldb) p fBufSize
(Int_t) 32008
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf194 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
    frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate:
->  0x107bac674 <+76>: casalb w8, w9, [x22]
    0x107bac678 <+80>: cmp    w8, #0x2
    0x107bac67c <+84>: b.ne   0x107bac6f4    ; <+204>
    0x107bac680 <+88>: mov    x8, #-0x100000000 ; =-4294967296
Target 0: (repro.out) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
  * frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
    frame #1: 0x0000000107c0c444 libclang_rt.asan_osx_dynamic.dylib`wrap__ZdaPv + 232
    frame #2: 0x00000001044d4a60 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
    frame #3: 0x0000000103ffc888 libRIO.so`TStreamerInfoActions::GenericReadAction(buf=0x000060e00010ef00, addr=0x0000602000056bd0, config=0x0000604000149910) at TStreamerInfoActions.cxx:195:45
    frame root-project#4: 0x0000000103caa5ec libRIO.so`TStreamerInfoActions::TConfiguredAction::operator()(this=0x00006030001693f0, buffer=0x000060e00010ef00, object=0x0000602000056bd0) const at TStreamerInfoActions.h:123:17
    frame root-project#5: 0x0000000103ca9ef8 libRIO.so`TBufferFile::ApplySequence(this=0x000060e00010ef00, sequence=0x000060600011ac20, obj=0x0000602000056bd0) at TBufferFile.cxx:3702:10
    frame root-project#6: 0x00000001064bc570 libTree.so`TBranchElement::ReadLeavesMemberBranchCount(this=0x0000619000566380, b=0x000060e00010ef00) at TBranchElement.cxx:4603:6
    frame root-project#7: 0x0000000106455ce4 libTree.so`TBranch::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranch.cxx:1753:4
    frame root-project#8: 0x00000001064a1764 libTree.so`TBranchElement::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranchElement.cxx:2783:27
    frame root-project#9: 0x000000010739915c libTreePlayer.so`ROOT::Detail::TBranchProxy::Read(this=0x00006110000c9580) at TBranchProxy.h:163:42
    frame root-project#10: 0x0000000107649ba8 libTreePlayer.so`(anonymous namespace)::TObjectArrayReader::At(this=0x0000603000169900, proxy=0x00006110000c9580, idx=1) at TTreeReaderArray.cxx:176:22
    frame root-project#11: 0x000000010000c2e4 repro.out`ROOT::Internal::TTreeReaderArrayBase::UntypedAt(this=0x000000016fdfe740, idx=1) const at TTreeReaderArray.h:41:62
    frame root-project#12: 0x000000010000c200 repro.out`TTreeReaderArray<double>::At(this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:205:54
    frame root-project#13: 0x00000001000065e0 repro.out`TTreeReaderArray<double>::operator[](this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:207:44
    frame root-project#14: 0x0000000100007b48 repro.out`simpleTest() at repro.cpp:123:26
    frame root-project#15: 0x0000000100007e10 repro.out`main at repro.cpp:128:5
    frame root-project#16: 0x000000018c718274 dyld`start + 2840
```
vepadulano added a commit that referenced this pull request Sep 24, 2024
@vepadulano
[treeplayer] Fix memory management of C-style array branches in test
5ad0863 
The test was dynamically allocating the array data members of the `Data` struct, but never deallocating them. This commit polishes the `Data` struct definition and ensures proper management of the data members.

The previous way of writing data to the TTree was leading to a bad memory access in the ReadBasicPointer inlined function in TStreamerInfoReadBuffer.cxx while reading the `double*` array. In particular, the issue arises when accessing and then deallocating the array at the current index provided by the `TCompInfo` object.

```
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf140 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb)
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf184 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(TBuffer&, char** const&, TStreamerInfo::TCompInfo* const*, int, int, int, int, int) [inlined] TBuffer::BufferSize(this=0x000060e00010ef00) const at TBuffer.h:98:41 [opt]
   95  	   TObject *GetParent()  const;
   96  	   char    *Buffer()     const { return fBuffer; }
   97  	   char    *GetCurrent() const { return fBufCur; }
-> 98  	   Int_t    BufferSize() const { return fBufSize; }
   99  	   void     DetachBuffer() { fBuffer = nullptr; }
   100 	   Int_t    Length()     const { return (Int_t)(fBufCur - fBuffer); }
   101 	   void     Expand(Int_t newsize, Bool_t copy = kTRUE);  // expand buffer to newsize
Target 0: (repro.out) stopped.
(lldb) p fBufSize
(Int_t) 32008
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = step in
    frame #0: 0x00000001044cf194 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
   920 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong:   ReadBasicPointer(Long_t);  continue;
   921 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kLong64: ReadBasicPointer(Long64_t);  continue;
   922 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kFloat:  ReadBasicPointer(Float_t);  continue;
-> 923 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kDouble: ReadBasicPointer(Double_t);  continue;
   924 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUChar:  ReadBasicPointer(UChar_t);  continue;
   925 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUShort: ReadBasicPointer(UShort_t);  continue;
   926 	         case TStreamerInfo::kOffsetP + TStreamerInfo::kUInt:   ReadBasicPointer(UInt_t);  continue;
Target 0: (repro.out) stopped.
(lldb) s
Process 13498 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
    frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate:
->  0x107bac674 <+76>: casalb w8, w9, [x22]
    0x107bac678 <+80>: cmp    w8, #0x2
    0x107bac67c <+84>: b.ne   0x107bac6f4    ; <+204>
    0x107bac680 <+88>: mov    x8, #-0x100000000 ; =-4294967296
Target 0: (repro.out) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbebebebebebebeae)
  * frame #0: 0x0000000107bac674 libclang_rt.asan_osx_dynamic.dylib`__asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) + 76
    frame #1: 0x0000000107c0c444 libclang_rt.asan_osx_dynamic.dylib`wrap__ZdaPv + 232
    frame #2: 0x00000001044d4a60 libRIO.so`int TStreamerInfo::ReadBuffer<char**>(this=<unavailable>, b=<unavailable>, arr=<unavailable>, compinfo=<unavailable>, first=<unavailable>, last=<unavailable>, narr=<unavailable>, eoffset=<unavailable>, arrayMode=0) at TStreamerInfoReadBuffer.cxx:923:65 [opt]
    frame #3: 0x0000000103ffc888 libRIO.so`TStreamerInfoActions::GenericReadAction(buf=0x000060e00010ef00, addr=0x0000602000056bd0, config=0x0000604000149910) at TStreamerInfoActions.cxx:195:45
    frame #4: 0x0000000103caa5ec libRIO.so`TStreamerInfoActions::TConfiguredAction::operator()(this=0x00006030001693f0, buffer=0x000060e00010ef00, object=0x0000602000056bd0) const at TStreamerInfoActions.h:123:17
    frame #5: 0x0000000103ca9ef8 libRIO.so`TBufferFile::ApplySequence(this=0x000060e00010ef00, sequence=0x000060600011ac20, obj=0x0000602000056bd0) at TBufferFile.cxx:3702:10
    frame #6: 0x00000001064bc570 libTree.so`TBranchElement::ReadLeavesMemberBranchCount(this=0x0000619000566380, b=0x000060e00010ef00) at TBranchElement.cxx:4603:6
    frame #7: 0x0000000106455ce4 libTree.so`TBranch::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranch.cxx:1753:4
    frame #8: 0x00000001064a1764 libTree.so`TBranchElement::GetEntry(this=0x0000619000566380, entry=0, getall=0) at TBranchElement.cxx:2783:27
    frame #9: 0x000000010739915c libTreePlayer.so`ROOT::Detail::TBranchProxy::Read(this=0x00006110000c9580) at TBranchProxy.h:163:42
    frame #10: 0x0000000107649ba8 libTreePlayer.so`(anonymous namespace)::TObjectArrayReader::At(this=0x0000603000169900, proxy=0x00006110000c9580, idx=1) at TTreeReaderArray.cxx:176:22
    frame #11: 0x000000010000c2e4 repro.out`ROOT::Internal::TTreeReaderArrayBase::UntypedAt(this=0x000000016fdfe740, idx=1) const at TTreeReaderArray.h:41:62
    frame #12: 0x000000010000c200 repro.out`TTreeReaderArray<double>::At(this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:205:54
    frame #13: 0x00000001000065e0 repro.out`TTreeReaderArray<double>::operator[](this=0x000000016fdfe740, idx=1) at TTreeReaderArray.h:207:44
    frame #14: 0x0000000100007b48 repro.out`simpleTest() at repro.cpp:123:26
    frame #15: 0x0000000100007e10 repro.out`main at repro.cpp:128:5
    frame #16: 0x000000018c718274 dyld`start + 2840
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Dr15Jones @pcanal