Skip to content

fix unintended dereference (seg fault)#24

Merged
skbill84 merged 1 commit intowangyiqiu:masterfrom
John-194:seg_fault_fix
Jun 27, 2025
Merged

fix unintended dereference (seg fault)#24
skbill84 merged 1 commit intowangyiqiu:masterfrom
John-194:seg_fault_fix

Conversation

@John-194
Copy link
Copy Markdown
Contributor

@John-194 John-194 commented Jun 25, 2025
edited
Loading

This fixes a rare segmentation fault.

What was happening:
grid.h table = new tableT(cellMax*2, cellHash<dim, objT>(myHash)); passes a temporary cellHash.

original code:

 Table(intT size, HASH hashF) :  
    m((intT)1 << utils::log2Up(100+(intT)(2.0*(float)size))),
    mask(m-1),
    empty(hashF.empty()),  
    hashStruct(hashF),
    TA(newA(eType,m)),
    compactL(NULL),
	  load(2.0)
      { clearA(TA,m,empty);
      }

Problem: hashF is the temporary, empty() returns pointer to cell, which is a part of the tmp. The tmp cell gets deleted after the Table initialization list finishes. hashF (tmp) gets copied to hashStruct via copy constructor, but empty(hashF.empty()) ends up dereferenced.
Fix: Initialize empty from the copy of hashF (hashStruct). This only works after the initialization list has finished.

snippet of ASAN error message:

==6037==ERROR: AddressSanitizer: heap-use-after-free on address 0xffffab64a928 at pc 0xffffa53db448 bp 0xffff935cb950 sp 0xffff935cb960
READ of size 8 at 0xffffab64a928 thread T9
    #0 0xffffa53db444 in point<2>::isEmpty() include/dbscan/point.h:31
    #1 0xffffa53db444 in cell<2, point<2> >::isEmpty() include/dbscan/cell.h:111
    #2 0xffffa53db444 in cellHash<2, point<2> >::cmp(cell<2, point<2> >, cell<2, point<2> >) include/dbscan/cell.h:166
    #3 0xffffa53db444 in Table<cellHash<2, point<2> >, int>::insert(cell<2, point<2> >) include/dbscan/pbbs/ndHash.h:134
    #4 0xffffa53db444 in grid<2, point<2> >::insertParallel(point<2>, point<2>, int, int, int)::{lambda(int)#5}::operator()(int) const include/dbscan/grid.h:232
    #5 0xffffa5402438 in void parlay::fork_joinscheduler::parfor<grid<2, point<2> >::insertParallel(point<2>, point<2>, int, int, int)::{lambda(int)#5}>(unsigned long, unsigned long, grid<2, point<2> >::insertParallel(point<2>, point<2>, int, int, int)::{lambda(int)#5}, unsigned long, bool) include/dbscan/pbbs/scheduler.h:373

@skbill84
Copy link
Copy Markdown
Collaborator

skbill84 commented Jun 27, 2025

Fantastic catch! Thanks so much for digging into this. Really appreciate your thoroughness here.

@skbill84 skbill84 merged commit ff7c764 into wangyiqiu:master Jun 27, 2025
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@John-194 @skbill84