From 9075ce8ad14f4c1dd45f44be63ab0b567194bf9b Mon Sep 17 00:00:00 2001 From: Donald Buczek Date: Sat, 7 Oct 2017 15:54:26 +0200 Subject: [PATCH] main.cpp: Remove fixed size tid array This fixed size array, which overflows when more than 64 threads are requested, is not used. Remove it. Bug identified by address sanitizer: #0 0x449813 in Do_PairAlign() /scratch/cluster/buczek/bsmap/bsmap.git/main.cpp:129 #1 0x4527e4 in RunProcess() /scratch/cluster/buczek/bsmap/bsmap.git/main.cpp:498 #2 0x40613c in main /scratch/cluster/buczek/bsmap/bsmap.git/main.cpp:609 #3 0x7f0dff71803f in __libc_start_main ../csu/libc-start.c:308 #4 0x40a0c9 in _start (/scratch/cluster02/buczek/bsmap/bsmap.git/bsmap+0x40a0c9) 0x00000069b9e0 is located 32 bytes to the left of global variable 'read_time' defined in 'main.cpp:45:19' (0x69ba00) of size 4 0x00000069b9e0 is located 0 bytes to the right of global variable 'tid' defined in 'main.cpp:46:9' (0x69b960) of size 128 SUMMARY: AddressSanitizer: global-buffer-overflow /scratch/cluster/buczek/bsmap/bsmap.git/main.cpp:129 in Do_PairAlign() Shadow bytes around the buggy address: 0x0000800cb6e0: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 0x0000800cb6f0: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x0000800cb700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800cb710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000800cb720: 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 =>0x0000800cb730: 00 00 00 00 00 00 00 00 00 00 00 00[f9]f9 f9 f9 0x0000800cb740: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 0x0000800cb750: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 0x0000800cb760: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 0x0000800cb770: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 0x0000800cb780: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==6441==ABORTING --- main.cpp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/main.cpp b/main.cpp index aeba443..45486cf 100644 --- a/main.cpp +++ b/main.cpp @@ -43,7 +43,6 @@ bit32_t n_aligned_pairs=0, n_unique_pairs=0, n_multiple_pairs=0; //number of pa bit32_t n_aligned_a=0, n_unique_a=0, n_multiple_a=0; //number of a reads aligned bit32_t n_aligned_b=0, n_unique_b=0, n_multiple_b=0; //number of b reads aligned bit32_t ref_time, read_time; -bit16_t tid[64]; char version[] = "2.90"; ostringstream message; @@ -56,7 +55,7 @@ void info(int level) { pthread_mutex_t mutex_fin=PTHREAD_MUTEX_INITIALIZER; pthread_mutex_t mutex_fout=PTHREAD_MUTEX_INITIALIZER; -void *t_SingleAlign(void *tid) { +void *t_SingleAlign(void *) { SingleAlign a; int n; bit32_t cur_at; @@ -85,13 +84,13 @@ void *t_SingleAlign(void *tid) { void Do_SingleAlign() { vector pthread_ids(param.num_procs); for(int i=0; i