Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

run_tests_cli test failure because of a use-after-free #1692

Open
asarubbo opened this issue Sep 12, 2024 · 1 comment
Open

run_tests_cli test failure because of a use-after-free #1692

asarubbo opened this issue Sep 12, 2024 · 1 comment
Labels
bug Originally reported in Jira or Bugzilla Priority: MEDIUM Triaged Someone on the DNF 5 team has read the issue and determined the next steps to take

Comments

@asarubbo
Copy link

asarubbo commented Sep 12, 2024
edited
Loading

I get a test failure compiling dnf5-5.2.6.0 on gentoo/guru; here is the stacktrace if compiled with asan:

 ~ $ ASAN_OPTIONS=symbolize=1,detect_odr_violation=0,detect_leaks=0 ./run_tests_cli
RepoqueryTest::test_format_set_with_simple_str (duration: 23ms) : OK
RepoqueryTest::test_format_set_with_tags (duration: 20ms) : OK
RepoqueryTest::test_format_set_with_invalid_tags (duration: 20ms) : OK
RepoqueryTest::test_format_set_with_tags_with_spacing (duration: 20ms) : OK
RepoqueryTest::test_pkg_attr_uniq_sorted (duration: 20ms) : OK
RepoqueryTest::test_requires_filelists (duration: 19ms) : OK
ArgumentParserTest::test_argument_parser (duration: 1ms) : OK
UTF8Test::test_length_en (duration: 0ms) : OK
UTF8Test::test_length_cs (duration: 0ms) : OK
UTF8Test::test_length_cn (duration: 0ms) : OK
UTF8Test::test_length_ja (duration: 0ms) : OK
UTF8Test::test_width_en (duration: 0ms) : OK
UTF8Test::test_width_cs (duration: 0ms) : OK
UTF8Test::test_width_cn (duration: 0ms) : OK
UTF8Test::test_width_ja (duration: 0ms) : OK
UTF8Test::test_substr_length_en (duration: 0ms) : OK
UTF8Test::test_substr_length_cs (duration: 0ms) : OK
UTF8Test::test_substr_length_cn (duration: 0ms) : OK
UTF8Test::test_substr_length_ja (duration: 0ms) : OK
UTF8Test::test_substr_width_en (duration: 0ms) : OK
UTF8Test::test_substr_width_cs (duration: 0ms) : OK
UTF8Test::test_substr_width_cn (duration: 0ms) : OK
UTF8Test::test_substr_width_ja (duration: 0ms) : OK
OK (23)
=================================================================
==27676==ERROR: AddressSanitizer: heap-use-after-free on address 0x507000001f48 at pc 0x63a15f705c79 bp 0x7ffc326527e0 sp 0x7ffc326527d0
READ of size 8 at 0x507000001f48 thread T0
    #0 0x63a15f705c78 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_S_right(std::_Rb_tree_node_base*) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:786
    #1 0x63a15f6deecf in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_erase(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x82decf)
    #2 0x76e8125406e9 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::~_Rb_tree() /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:982
    #3 0x76e81256faa5 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, libdnf5::sack::QueryCmp, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::~map() (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/libdnf5/libdnf5.so.2+0x8dfaa5)
    #4 0x76e812b6d750 in __cxa_finalize (/lib64/libc.so.6+0x3e750)
    #5 0x76e811f51ae6  (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/libdnf5/libdnf5.so.2+0x2c1ae6)

0x507000001f48 is located 24 bytes inside of 72-byte region [0x507000001f30,0x507000001f78)
freed by thread T0 here:
    #0 0x63a15f212858 in operator delete(void*, unsigned long) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x361858)
    #1 0x63a15f72e2fd in std::__new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::deallocate(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*, unsigned long) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x87d2fd)
    #2 0x63a15f71a609 in std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::deallocate(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*, unsigned long) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/allocator.h:208
    #3 0x63a15f71a609 in std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > > >::deallocate(std::allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >&, std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*, unsigned long) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/alloc_traits.h:513
    #4 0x63a15f71a609 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_put_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:563
    #5 0x63a15f705cf3 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_drop_node(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:630
    #6 0x63a15f6def04 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_erase(std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >*) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x82df04)
    #7 0x63a15f6a56a7 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::~_Rb_tree() /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:982
    #8 0x63a15f73b855 in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, libdnf5::sack::QueryCmp, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::~map() (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x88a855)
    #9 0x76e812b6dc90  (/lib64/libc.so.6+0x3ec90)

previously allocated by thread T0 here:
    #0 0x63a15f2117b8 in operator new(unsigned long) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x3607b8)
    #1 0x63a15f73284b in std::__new_allocator<std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::allocate(unsigned long, void const*) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x88184b)
    #2 0x63a15f72a8c6 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_get_node() (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x8798c6)
    #3 0x63a15f72536b in std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >* std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_create_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&>(std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:609
    #4 0x63a15f71ae5d in std::_Rb_tree_node<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >* std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_Alloc_node::operator()<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&>(std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&) const /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:527
    #5 0x63a15f70697e in std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_insert_<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&, std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_Alloc_node>(std::_Rb_tree_node_base*, std::_Rb_tree_node_base*, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&, std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_Alloc_node&) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:1827
    #6 0x63a15f6df25d in std::_Rb_tree_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_insert_unique_<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&, std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_Alloc_node>(std::_Rb_tree_const_iterator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const&, std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_Alloc_node&) (/var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0_build/test/libdnf5-cli/run_tests_cli+0x82e25d)
    #7 0x63a15f6a589f in std::enable_if<std::is_same<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::iterator_traits<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const*>::value_type>::value, void>::type std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_M_insert_range_unique<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const*>(std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const*, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> const*) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:1100
    #8 0x63a15f672a8a in std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, libdnf5::sack::QueryCmp, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::map(std::initializer_list<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > const&, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > const&) /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_map.h:244
    #9 0x63a15f63a878 in __static_initialization_and_destruction_0 /var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0/libdnf5/rpm/versionlock_config.cpp:126
    #10 0x63a15f63abba in _GLOBAL__sub_I_versionlock_config.cpp /var/tmp/portage/sys-apps/dnf5-5.2.6.0/work/dnf5-5.2.6.0/libdnf5/rpm/versionlock_config.cpp:290
    #11 0x76e812b5529d in __libc_start_main (/lib64/libc.so.6+0x2629d)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/lib/gcc/x86_64-pc-linux-gnu/14/include/g++-v14/bits/stl_tree.h:786 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp>, std::_Select1st<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libdnf5::sack::QueryCmp> > >::_S_right(std::_Rb_tree_node_base*)
Shadow bytes around the buggy address:
  0x507000001c80: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
  0x507000001d00: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 00 00
  0x507000001d80: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
  0x507000001e00: 00 00 00 00 00 fa fa fa fa fa fd fd fd fd fd fd
  0x507000001e80: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x507000001f00: fd fa fa fa fa fa fd fd fd[fd]fd fd fd fd fd fa
  0x507000001f80: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
  0x507000002000: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x507000002080: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fd fd
  0x507000002100: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
  0x507000002180: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==27676==ABORTING

Downstream report: https://bugs.gentoo.org/939518
@ppisar ppisar added bug Originally reported in Jira or Bugzilla Priority: MEDIUM Triaged Someone on the DNF 5 team has read the issue and determined the next steps to take labels Sep 12, 2024
@ppisar
Copy link
Contributor

ppisar commented Sep 12, 2024

I confirm this issue when configuring current HEAD with CXXFLAGS='-O0 -g -fsanitize=address' and running the tests with ASAN_OPTIONS=detect_odr_violation=0 (otherwise the test fails sooner of one-defintion-rule violation).

Many other tests fail on the same place.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Originally reported in Jira or Bugzilla Priority: MEDIUM Triaged Someone on the DNF 5 team has read the issue and determined the next steps to take
Projects
DNF team
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ppisar @asarubbo