Return-Path: X-Original-To: apmail-mesos-issues-archive@minotaur.apache.org Delivered-To: apmail-mesos-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BC767186CA for ; Fri, 1 Apr 2016 20:19:25 +0000 (UTC) Received: (qmail 51068 invoked by uid 500); 1 Apr 2016 20:19:25 -0000 Delivered-To: apmail-mesos-issues-archive@mesos.apache.org Received: (qmail 51029 invoked by uid 500); 1 Apr 2016 20:19:25 -0000 Mailing-List: contact issues-help@mesos.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@mesos.apache.org Delivered-To: mailing list issues@mesos.apache.org Received: (qmail 51011 invoked by uid 99); 1 Apr 2016 20:19:25 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Apr 2016 20:19:25 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 7511E2C1F5A for ; Fri, 1 Apr 2016 20:19:25 +0000 (UTC) Date: Fri, 1 Apr 2016 20:19:25 +0000 (UTC) From: "Neil Conway (JIRA)" To: issues@mesos.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (MESOS-3335) FlagsBase copy-ctor leads to dangling pointer MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/MESOS-3335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Neil Conway updated MESOS-3335: ------------------------------- Attachment: lambda_capture_bug.cpp Attached a reduced test case that demonstrates the problem. > FlagsBase copy-ctor leads to dangling pointer > --------------------------------------------- > > Key: MESOS-3335 > URL: https://issues.apache.org/jira/browse/MESOS-3335 > Project: Mesos > Issue Type: Bug > Reporter: Neil Conway > Priority: Minor > Attachments: lambda_capture_bug.cpp > > > Per [#3328], ubsan detects the following problem: > [ RUN ] FaultToleranceTest.ReregisterCompletedFrameworks > /mesos/3rdparty/libprocess/3rdparty/stout/include/stout/flags/flags.hpp:303:25: runtime error: load of value 33, which is not a valid value for type 'bool' > I believe what is going on here is the following: > * The test calls StartMaster(), which does MesosTest::CreateMasterFlags() > * MesosTest::CreateMasterFlags() allocates a new master::Flags on the stack, which is subsequently copy-constructed back to StartMaster() > * The FlagsBase constructor is: > bq. {{FlagsBase() { add(&help, "help", "...", false); }}} > where "help" is a member variable -- i.e., it is allocated on the stack in this case. > * {{FlagsBase()::add}} captures {{&help}}, e.g.: > {noformat} > flag.stringify = [t1](const FlagsBase&) -> Option { > return stringify(*t1); > };}} > {noformat} > * The implicit copy constructor for FlagsBase is just going to copy the lambda above, i.e., the result of the copy constructor will have a lambda that points into MesosTest::CreateMasterFlags()'s stack frame, which is bad news. > Not sure the right fix -- comments welcome. You could define a copy-ctor for FlagsBase that does something gross (basically remove the old help flag and define a new one that points into the target of the copy), but that seems less, well, gross. > Probably not a pressing-problem to fix -- AFAICS worst symptom is that we end up reading one byte from some random stack location when serving {{state.json}}, for example. -- This message was sent by Atlassian JIRA (v6.3.4#6332)