923267 – dev-libs/libxslt-1.1.39 [debug]: xsltproc: AddressSanitizer: attempting free on address which was not malloc()-ed

Bug 923267 - dev-libs/libxslt-1.1.39 [debug]: xsltproc: AddressSanitizer: attempting free on address which was not malloc()-ed

Summary: dev-libs/libxslt-1.1.39 [debug]: xsltproc: AddressSanitizer: attempting free ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Sam James

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-01-29 14:13 UTC by Agostino Sarubbo
Modified:	2024-01-30 13:46 UTC (History)
CC List:	1 user (show)

See Also:	https://gitlab.gnome.org/GNOME/libxslt/-/issues/105
Package list:
Runtime testing required:	---

Attachments
emerge --info (file_923267.txt,6.68 KB, text/plain) 2024-01-29 14:14 UTC, Agostino Sarubbo	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2024-01-29 14:13:56 UTC

I have trouble in emerging dev-util/gdbus-codegen-2.78.4-r1, it fails in that way:

munmap_chunk(): invalid pointer
/var/tmp/portage/dev-util/gdbus-codegen-2.78.4-r1/temp/environment: line 2228:   103 Aborted                 xsltproc --nonet --stringparam man.output.quietly 1 --stringparam funcsynopsis.style ansi --stringparam man.th.extra1.suppress 1 --stringparam man.authors.section.enabled 0 --stringparam man.copyright.section.enabled 0 -o "${2}" http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl "${1}"

Since the program that fails is xsltproc I recompiled dev-libs/libxslt with asan, to get more info.

So, by doing:
cd /var/tmp/portage/dev-util/gdbus-codegen-2.78.4-r1/work/glib-2.78.4/docs/reference/gio
xsltproc --nonet --stringparam man.output.quietly 1 --stringparam funcsynopsis.style ansi --stringparam man.th.extra1.suppress 1 --stringparam man.authors.section.enabled 0 --stringparam man.copyright.section.enabled 0 -o gdbus-codegen.1 http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl gdbus-codegen.xml

I get:

==45796==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x60b000001d48 in thread T0
    #0 0x7b01eecdb550  (/usr/lib/gcc/x86_64-pc-linux-gnu/13/libasan.so.8+0xdb550)
    #1 0x7b01eeb6537f in xsltFreeParserContext /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/pattern.c:285
    #2 0x7b01eeb756b8 in xsltCompilePatternInternal /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/pattern.c:1978
    #3 0x7b01eeb75d0b in xsltAddTemplate /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/pattern.c:2080
    #4 0x7b01eeb53d20 in xsltParseStylesheetTemplate /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:5464
    #5 0x7b01eeb54cdd in xsltParseStylesheetTop /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6196
    #6 0x7b01eeb552bd in xsltParseStylesheetProcess /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6452
    #7 0x7b01eeb9fe06 in xsltParseStylesheetInclude /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/imports.c:265
    #8 0x7b01eeb5493f in xsltParseStylesheetTop /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6174
    #9 0x7b01eeb552bd in xsltParseStylesheetProcess /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6452
    #10 0x7b01eeb558f7 in xsltParseStylesheetUser /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6660
    #11 0x7b01eeb556af in xsltParseStylesheetImportedDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6530
    #12 0x7b01eeb9f980 in xsltParseStylesheetImport /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/imports.c:171
    #13 0x7b01eeb541ab in xsltParseStylesheetTop /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6121
    #14 0x7b01eeb552bd in xsltParseStylesheetProcess /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6452
    #15 0x7b01eeb558f7 in xsltParseStylesheetUser /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6660
    #16 0x7b01eeb556af in xsltParseStylesheetImportedDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6530
    #17 0x7b01eeb55a6b in xsltParseStylesheetDoc /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/libxslt/xslt.c:6703
    #18 0x5bc9a33a8f47 in main /var/tmp/portage/dev-libs/libxslt-1.1.39/work/libxslt-1.1.39/xsltproc/xsltproc.c:855
    #19 0x7b01ee812c89  (/lib64/libc.so.6+0x23c89)
    #20 0x7b01ee812d44 in __libc_start_main (/lib64/libc.so.6+0x23d44)
    #21 0x5bc9a33a4410 in _start (/usr/bin/xsltproc+0x5410)

0x60b000001d48 is located 40 bytes inside of 104-byte region [0x60b000001d20,0x60b000001d88)
allocated by thread T0 here:
    #0 0x7b01eecdc9ff in __interceptor_malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/13/libasan.so.8+0xdc9ff)
    #1 0x7b01eea4218a in xmlMallocLoc (/usr/lib64/libxml2.so.2+0x7d18a)

SUMMARY: AddressSanitizer: bad-free (/usr/lib/gcc/x86_64-pc-linux-gnu/13/libasan.so.8+0xdb550) 
==45796==ABORTING

Comment 1 Agostino Sarubbo gentoo-dev

2024-01-29 14:14:14 UTC

Created attachment 883560 [details]
emerge --info

Comment 2 Larry the Git Cow gentoo-dev

2024-01-30 13:46:34 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d9375035fbff02076875336fbbebdbd3163243e

commit 3d9375035fbff02076875336fbbebdbd3163243e
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-01-30 13:45:12 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-01-30 13:46:00 +0000

    dev-libs/libxslt: drop --with-mem-debug with USE=debug
    
    Per https://gitlab.gnome.org/GNOME/libxslt/-/issues/105#note_1990977, this is
    both ancient & obsolete, but it also needs libxml2 to be built with the matching
    option. Drop it.
    
    Bug: https://gitlab.gnome.org/GNOME/libxslt/-/issues/105
    Closes: https://bugs.gentoo.org/923267
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxslt/libxslt-1.1.39.ebuild | 3 +--
 dev-libs/libxslt/libxslt-9999.ebuild   | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)