From 04ed374de86e72c7d2866238d8fc585f999e4310 Mon Sep 17 00:00:00 2001 From: Filip Gawin Date: Sat, 13 Jan 2018 18:40:36 +0100 Subject: [PATCH] Fix UB in tests To do left improving memory managment Errors before: ==2615==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000180bc0 at pc 0x5654893d23b8 bp 0x7fff38d87e30 sp 0x7fff38d87e20 READ of size 8 at 0x607000180bc0 thread T0 #0 0x5654893d23b7 in CharacterTests::test_activities::test_method() /run/media/filip/Zewn/openrw/openrw/tests/test_Character.cpp:119 #1 0x5654893cd98e in test_activities_invoker /run/media/filip/Zewn/openrw/openrw/tests/test_Character.cpp:35 #2 0x5654893b91dc in boost::detail::function::void_function_invoker0::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:118 #3 0x7f12da644bfd in boost::detail::function::function_obj_invoker0::invoke(boost::detail::function::function_buffer&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4cbfd) #4 0x7f12da644034 in boost::execution_monitor::catch_signals(boost::function const&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4c034) #5 0x7f12da644123 in boost::execution_monitor::execute(boost::function const&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4c123) #6 0x7f12da6448ee in boost::execution_monitor::vexecute(boost::function const&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4c8ee) #7 0x7f12da6740c1 in boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::function const&, unsigned int) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x7c0c1) #8 0x7f12da64f8a5 in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned int, boost::unit_test::framework::state::random_generator_helper const*) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x578a5) #9 0x7f12da64fa90 in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned int, boost::unit_test::framework::state::random_generator_helper const*) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x57a90) #10 0x7f12da64fa90 in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned int, boost::unit_test::framework::state::random_generator_helper const*) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x57a90) #11 0x7f12da6487ad in boost::unit_test::framework::run(unsigned long, bool) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x507ad) #12 0x7f12da6717df in boost::unit_test::unit_test_main(bool (*)(), int, char**) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x797df) #13 0x56548936d8b2 in main /usr/include/boost/test/unit_test.hpp:63 #14 0x7f12d6511f49 in __libc_start_main (/usr/lib/libc.so.6+0x20f49) #15 0x56548936d5f9 in _start (/run/media/filip/Zewn/openrw/openrw/build/tests/run_tests+0x29c5f9) 0x607000180bc0 is located 0 bytes inside of 72-byte region [0x607000180bc0,0x607000180c08) freed by thread T0 here: #0 0x7f12dabc6b51 in operator delete(void*, unsigned long) /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:140 #1 0x56548966974e in DefaultAIController::~DefaultAIController() /run/media/filip/Zewn/openrw/openrw/rwengine/src/ai/DefaultAIController.hpp:6 #2 0x5654896295cf in CharacterObject::~CharacterObject() /run/media/filip/Zewn/openrw/openrw/rwengine/src/objects/CharacterObject.cpp:65 #3 0x56548962960b in CharacterObject::~CharacterObject() /run/media/filip/Zewn/openrw/openrw/rwengine/src/objects/CharacterObject.cpp:66 #4 0x5654895b7116 in GameWorld::destroyObject(GameObject*) /run/media/filip/Zewn/openrw/openrw/rwengine/src/engine/GameWorld.cpp:490 #5 0x5654893d2385 in CharacterTests::test_activities::test_method() /run/media/filip/Zewn/openrw/openrw/tests/test_Character.cpp:118 #6 0x5654893cd98e in test_activities_invoker /run/media/filip/Zewn/openrw/openrw/tests/test_Character.cpp:35 #7 0x5654893b91dc in boost::detail::function::void_function_invoker0::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:118 #8 0x7f12da644bfd in boost::detail::function::function_obj_invoker0::invoke(boost::detail::function::function_buffer&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4cbfd) previously allocated by thread T0 here: #0 0x7f12dabc5489 in operator new(unsigned long) /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:80 #1 0x5654895b4dfb in GameWorld::createPedestrian(unsigned short, glm::tvec3 const&, glm::tquat const&, unsigned int) /run/media/filip/Zewn/openrw/openrw/rwengine/src/engine/GameWorld.cpp:342 #2 0x5654893d033f in CharacterTests::test_activities::test_method() /run/media/filip/Zewn/openrw/openrw/tests/test_Character.cpp:66 #3 0x5654893cd98e in test_activities_invoker /run/media/filip/Zewn/openrw/openrw/tests/test_Character.cpp:35 #4 0x5654893b91dc in boost::detail::function::void_function_invoker0::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:118 #5 0x7f12da644bfd in boost::detail::function::function_obj_invoker0::invoke(boost::detail::function::function_buffer&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4cbfd) ==3090==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7f3c775fb9b0 bp 0x7ffe01a710d0 sp 0x7ffe01a71090 T0) ==3090==The signal is caused by a READ memory access. ==3090==Hint: address points to the zero page. #0 0x7f3c775fb9af in std::__cxx11::basic_string, std::allocator >::compare(char const*) const /build/gcc/src/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:1417 #1 0x55867dd0c094 in bool std::operator==, std::allocator >(std::__cxx11::basic_string, std::allocator > const&, char const*) /usr/include/c++/7.2.1/bits/basic_string.h:6033 #2 0x55867df6db4a in PickupObject::PickupObject(GameWorld*, glm::tvec3 const&, BaseModelInfo*, PickupObject::PickupType) /run/media/filip/Zewn/openrw/openrw/rwengine/src/objects/PickupObject.cpp:106 #3 0x55867ddf0874 in TestPickup::TestPickup(GameWorld*, glm::tvec3 const&) /run/media/filip/Zewn/openrw/openrw/tests/test_Pickup.cpp:13 #4 0x55867ddec0e7 in PickupTests::test_pickup_interaction::test_method() /run/media/filip/Zewn/openrw/openrw/tests/test_Pickup.cpp:31 #5 0x55867ddeb1d3 in test_pickup_interaction_invoker /run/media/filip/Zewn/openrw/openrw/tests/test_Pickup.cpp:25 #6 0x55867dce61dc in boost::detail::function::void_function_invoker0::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:118 #7 0x7f3c7ad0dbfd in boost::detail::function::function_obj_invoker0::invoke(boost::detail::function::function_buffer&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4cbfd) #8 0x7f3c7ad0d034 in boost::execution_monitor::catch_signals(boost::function const&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4c034) #9 0x7f3c7ad0d123 in boost::execution_monitor::execute(boost::function const&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4c123) #10 0x7f3c7ad0d8ee in boost::execution_monitor::vexecute(boost::function const&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4c8ee) #11 0x7f3c7ad3d0c1 in boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::function const&, unsigned int) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x7c0c1) #12 0x7f3c7ad188a5 in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned int, boost::unit_test::framework::state::random_generator_helper const*) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x578a5) #13 0x7f3c7ad18a90 in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned int, boost::unit_test::framework::state::random_generator_helper const*) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x57a90) #14 0x7f3c7ad18a90 in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned int, boost::unit_test::framework::state::random_generator_helper const*) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x57a90) #15 0x7f3c7ad117ad in boost::unit_test::framework::run(unsigned long, bool) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x507ad) #16 0x7f3c7ad3a7df in boost::unit_test::unit_test_main(bool (*)(), int, char**) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x797df) #17 0x55867dc9a8b2 in main /usr/include/boost/test/unit_test.hpp:63 #18 0x7f3c76bdaf49 in __libc_start_main (/usr/lib/libc.so.6+0x20f49) #19 0x55867dc9a5f9 in _start (/run/media/filip/Zewn/openrw/openrw/build/tests/run_tests+0x29c5f9) After: Running 83 test cases... /run/media/filip/Zewn/openrw/fix/openrw/rwlib/source/loaders/LoaderDFF.cpp:443: atomic geometry 5 out of bounds /run/media/filip/Zewn/openrw/fix/openrw/tests/test_Character.cpp(55): error: in "CharacterTests/test_activities": check glm::distance(character->getPosition(), {10.f, 10.f, 0.f}) < 0.1f has failed [16.1732807 >= 0.100000001] /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:241: Unknown configuration key: dontknow.dontcare /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:241: Unknown configuration key: game.unknownkey /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:241: Unknown configuration key: game.unknownkey /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:241: Unknown configuration key: dontknow.dontcare /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:281: /tmp/openrw_test_5b4c3aa7ce85ce01: cannot open file /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:153: /tmp/openrw_test_6207ffcf1d7aff10: cannot open file /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:153: /tmp/openrw_test_b42233e4ef0d1dc9(2): key expected /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:153: /tmp/openrw_test_2ffbe4602f4463c2(7): duplicate key name /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:189: No such node (game.path) /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:196: conversion of data to type "b" failed /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:189: No such node (game.path) /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:153: /tmp/openrw_test_315c7da7bec0926d/openrw_test_9568c08f1efce794: cannot open file /run/media/filip/Zewn/openrw/fix/openrw/rwgame/GameConfig.cpp:153: /tmp/openrw_test_a76ac2982867b30c: cannot open file /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/engine/GameWorld.cpp:402: Unimplemented: Non-weapon pickups /run/media/filip/Zewn/openrw/fix/openrw/rwlib/source/loaders/LoaderDFF.cpp:443: atomic geometry 5 out of bounds /run/media/filip/Zewn/openrw/fix/openrw/rwlib/source/loaders/LoaderDFF.cpp:443: atomic geometry 5 out of bounds /run/media/filip/Zewn/openrw/fix/openrw/rwlib/source/loaders/LoaderDFF.cpp:443: atomic geometry 5 out of bounds /run/media/filip/Zewn/openrw/fix/openrw/rwlib/source/loaders/LoaderDFF.cpp:443: atomic geometry 5 out of bounds /run/media/filip/Zewn/openrw/fix/openrw/rwlib/source/loaders/LoaderDFF.cpp:443: atomic geometry 5 out of bounds /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/engine/GameWorld.cpp:485: destroying object not in allObjects *** 1 failure is detected in the test module "openrw" ================================================================= ==10085==ERROR: LeakSanitizer: detected memory leaks Direct leak of 1632 byte(s) in 1 object(s) allocated from: #0 0x7faa95181489 in operator new(unsigned long) /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:80 #1 0x55b118a0417a in GameWorldTests::test_offsetgametime::test_method() /run/media/filip/Zewn/openrw/fix/openrw/tests/test_GameWorld.cpp:21 #2 0x55b118a02bfc in test_offsetgametime_invoker /run/media/filip/Zewn/openrw/fix/openrw/tests/test_GameWorld.cpp:19 #3 0x55b1189471dc in boost::detail::function::void_function_invoker0::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:118 #4 0x7faa94c00bfd in boost::detail::function::function_obj_invoker0::invoke(boost::detail::function::function_buffer&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4cbfd) Direct leak of 104 byte(s) in 1 object(s) allocated from: #0 0x7faa95181489 in operator new(unsigned long) /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:80 #1 0x55b118b45638 in GameWorld::createEffect(VisualFX::EffectType) /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/engine/GameWorld.cpp:506 #2 0x55b118bd37b5 in ProjectileObject::explode() /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/objects/ProjectileObject.cpp:82 #3 0x55b118bd2c11 in ProjectileObject::checkPhysicsContact() /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/objects/ProjectileObject.cpp:45 #4 0x55b118bd5bfa in ProjectileObject::tick(float) /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/objects/ProjectileObject.cpp:179 #5 0x55b118ab33f3 in WeaponTests::TestProjectile::test_method() /run/media/filip/Zewn/openrw/fix/openrw/tests/test_Weapon.cpp:105 #6 0x55b118aaebdb in TestProjectile_invoker /run/media/filip/Zewn/openrw/fix/openrw/tests/test_Weapon.cpp:28 #7 0x55b1189471dc in boost::detail::function::void_function_invoker0::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:118 #8 0x7faa94c00bfd in boost::detail::function::function_obj_invoker0::invoke(boost::detail::function::function_buffer&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4cbfd) Direct leak of 104 byte(s) in 1 object(s) allocated from: #0 0x7faa95181489 in operator new(unsigned long) /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:80 #1 0x55b118b45638 in GameWorld::createEffect(VisualFX::EffectType) /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/engine/GameWorld.cpp:506 #2 0x55b118bd37b5 in ProjectileObject::explode() /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/objects/ProjectileObject.cpp:82 #3 0x55b118bd5c61 in ProjectileObject::tick(float) /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/objects/ProjectileObject.cpp:183 #4 0x55b118ab07e7 in WeaponTests::TestProjectile::test_method() /run/media/filip/Zewn/openrw/fix/openrw/tests/test_Weapon.cpp:45 #5 0x55b118aaebdb in TestProjectile_invoker /run/media/filip/Zewn/openrw/fix/openrw/tests/test_Weapon.cpp:28 #6 0x55b1189471dc in boost::detail::function::void_function_invoker0::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:118 #7 0x7faa94c00bfd in boost::detail::function::function_obj_invoker0::invoke(boost::detail::function::function_buffer&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4cbfd) Direct leak of 104 byte(s) in 1 object(s) allocated from: #0 0x7faa95181489 in operator new(unsigned long) /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cc:80 #1 0x55b118b45638 in GameWorld::createEffect(VisualFX::EffectType) /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/engine/GameWorld.cpp:506 #2 0x55b118bd37b5 in ProjectileObject::explode() /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/objects/ProjectileObject.cpp:82 #3 0x55b118bd2c11 in ProjectileObject::checkPhysicsContact() /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/objects/ProjectileObject.cpp:45 #4 0x55b118bd5bfa in ProjectileObject::tick(float) /run/media/filip/Zewn/openrw/fix/openrw/rwengine/src/objects/ProjectileObject.cpp:179 #5 0x55b118ab1e30 in WeaponTests::TestProjectile::test_method() /run/media/filip/Zewn/openrw/fix/openrw/tests/test_Weapon.cpp:78 #6 0x55b118aaebdb in TestProjectile_invoker /run/media/filip/Zewn/openrw/fix/openrw/tests/test_Weapon.cpp:28 #7 0x55b1189471dc in boost::detail::function::void_function_invoker0::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:118 #8 0x7faa94c00bfd in boost::detail::function::function_obj_invoker0::invoke(boost::detail::function::function_buffer&) (/usr/lib/libboost_unit_test_framework.so.1.66.0+0x4cbfd) Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x7faa9517fef9 in __interceptor_realloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:75 #1 0x7faa8ff7fb5c (/usr/lib/libX11.so.6+0x54b5c) Indirect leak of 160 byte(s) in 2 object(s) allocated from: #0 0x7faa9517fce1 in __interceptor_calloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:70 #1 0x7faa8ff7fb2e (/usr/lib/libX11.so.6+0x54b2e) Indirect leak of 16 byte(s) in 2 object(s) allocated from: #0 0x7faa9517fae9 in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:62 #1 0x7faa8ff805ad (/usr/lib/libX11.so.6+0x555ad) SUMMARY: AddressSanitizer: 2136 byte(s) leaked in 9 allocation(s). --- tests/test_Character.cpp | 2 -- tests/test_Pickup.cpp | 7 ++++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/test_Character.cpp b/tests/test_Character.cpp index d88e7c02..5e65af5f 100644 --- a/tests/test_Character.cpp +++ b/tests/test_Character.cpp @@ -28,7 +28,6 @@ BOOST_AUTO_TEST_CASE(test_create) { BOOST_CHECK_EQUAL(controller->getNextActivity(), nullptr); Global::get().e->destroyObject(character); - delete controller; } } @@ -116,7 +115,6 @@ BOOST_AUTO_TEST_CASE(test_activities) { BOOST_CHECK_EQUAL(nullptr, character->getCurrentVehicle()); Global::get().e->destroyObject(character); - delete controller; } } diff --git a/tests/test_Pickup.cpp b/tests/test_Pickup.cpp index 06d5d060..a8c61dc2 100644 --- a/tests/test_Pickup.cpp +++ b/tests/test_Pickup.cpp @@ -4,13 +4,14 @@ #include #include #include "test_Globals.hpp" +#if RW_TEST_WITH_DATA class TestPickup : public PickupObject { public: bool picked_up = false; TestPickup(GameWorld* engine, const glm::vec3& position) - : PickupObject(engine, position, 0, OnStreet) { + : PickupObject(engine, position, Global::get().d->modelinfo[0].get(), OnStreet) { } bool onCharacterTouch(CharacterObject*) { @@ -21,7 +22,6 @@ public: BOOST_AUTO_TEST_SUITE(PickupTests) -#if RW_TEST_WITH_DATA BOOST_AUTO_TEST_CASE(test_pickup_interaction) { { auto character = @@ -90,6 +90,7 @@ BOOST_AUTO_TEST_CASE(test_item_pickup) { Global::get().e->destroyObject(character); } } -#endif BOOST_AUTO_TEST_SUITE_END() + +#endif