Skip to content

heap-buffer-overflow in MatioFilterTest::testImportCell()

MatioFilterTest::testImportCell() is failing with the activated address sanitizer with

=================================================================
==8022==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50c000073140 at pc 0x7f58238023d6 bp 0x7fff6d597670 sp 0x7fff6d596e30
READ of size 140 at 0x50c000073140 thread T0
    #0 0x7f58238023d5 in memcpy (/lib64/libasan.so.8+0xf93d5) (BuildId: 752eb14d218b669aabc831998f712b1ece1d51e6)
    #1 0x7f580de5576a  (/lib64/libQt6Core.so.6+0x26076a) (BuildId: 413a14922f1c89ba55498437a4864e6905787e54)
    #2 0x7f580de3f982 in QString::fromUtf16(char16_t const*, long long) (/lib64/libQt6Core.so.6+0x24a982) (BuildId: 413a14922f1c89ba55498437a4864e6905787e54)
    #3 0xcf75a4 in QString::fromUtf16(unsigned short const*, long long) /usr/include/qt6/QtCore/qstring.h:615
    #4 0xcf75a4 in MatioFilterPrivate::readCurrentVar(QString const&, AbstractDataSource*, AbstractFileFilter::ImportMode, unsigned long) /builds/education/labplot/src/backend/datasources/filters/MatioFilter.cpp:952
    #5 0xcfb2fc in MatioFilterPrivate::readDataFromFile(QString const&, AbstractDataSource*, AbstractFileFilter::ImportMode) /builds/education/labplot/src/backend/datasources/filters/MatioFilter.cpp:613
    #6 0xcfbb59 in MatioFilter::readDataFromFile(QString const&, AbstractDataSource*, AbstractFileFilter::ImportMode) /builds/education/labplot/src/backend/datasources/filters/MatioFilter.cpp:238
    #7 0x96c6c9 in MatioFilterTest::testImportCell() /builds/education/labplot/tests/import_export/Matio/MatioFilterTest.cpp:383
    #8 0x96065c in MatioFilterTest::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /builds/education/labplot/_build/tests/import_export/Matio/MatioFilterTest_autogen/EWIEGA46WW/moc_MatioFilterTest.cpp:226
    #9 0x7f580dd9287e in QMetaMethodInvoker::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) (/lib64/libQt6Core.so.6+0x19d87e) (BuildId: 413a14922f1c89ba55498437a4864e6905787e54)
    #10 0x7f580dd93311 in QMetaMethod::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) (/lib64/libQt6Core.so.6+0x19e311) (BuildId: 413a14922f1c89ba55498437a4864e6905787e54)
    #11 0x7f581ffd3341  (/lib64/libQt6Test.so.6+0x27341) (BuildId: ad9f61ca89934a019a495d6b1308db4cc7c7b066)
    #12 0x7f581ffddcb9 in QTest::qRun() (/lib64/libQt6Test.so.6+0x31cb9) (BuildId: ad9f61ca89934a019a495d6b1308db4cc7c7b066)
    #13 0x7f581ffd631a in QTest::qExec(QObject*, int, char**) (/lib64/libQt6Test.so.6+0x2a31a) (BuildId: ad9f61ca89934a019a495d6b1308db4cc7c7b066)
    #14 0x8b93eb in main /builds/education/labplot/tests/import_export/Matio/MatioFilterTest.cpp:521
    #15 0x7f580d7c21ef in __libc_start_call_main (/lib64/libc.so.6+0x2a1ef) (BuildId: 018b5a861c206a5cd40e2e036df48649de8d41e5)
    #16 0x7f580d7c22b8 in __libc_start_main_alias_2 (/lib64/libc.so.6+0x2a2b8) (BuildId: 018b5a861c206a5cd40e2e036df48649de8d41e5)
    #17 0x9603c4 in _start ../sysdeps/x86_64/start.S:115
0x50c000073140 is located 0 bytes after 128-byte region [0x50c0000730c0,0x50c000073140)
allocated by thread T0 here:
    #0 0x7f58238040a0 in calloc (/lib64/libasan.so.8+0xfb0a0) (BuildId: 752eb14d218b669aabc831998f712b1ece1d51e6)
    #1 0x7f58228e6b12  (/lib64/libmatio.so.11+0x2ab12) (BuildId: 7dc5920cec4c6d42809e6534018f1c0d6a9db4aa)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.8+0xf93d5) (BuildId: 752eb14d218b669aabc831998f712b1ece1d51e6) in memcpy
Shadow bytes around the buggy address:
  0x50c000072e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x50c000072f00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x50c000072f80: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
  0x50c000073000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x50c000073080: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
=>0x50c000073100: 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa
  0x50c000073180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
  0x50c000073200: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x50c000073280: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
  0x50c000073300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
  0x50c000073380: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==8022==ABORTING

The test was deactivated in !492 (merged) in order not to block the CI builds.