[Tile-serving] [openstreetmap/osm2pgsql] Error in `osm2pgsql': corrupted double-linked list: 0x000000005064bed0 (#723)

Paul Norman notifications at github.com
Sat Mar 25 09:14:44 UTC 2017 

I was able to reproduce with tests/liechtenstein-2013-08-03.osm.pbf, which is renumbered.

Adding -fsanitize=address to CXXFLAGS I got

```
Processing: Node(65k 65.7k/s) Way(4k 4.00k/s) Relation(0 0.00/s)=================================================================
==6011==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c00038cd00 at pc 0x5615f61dd076 bp 0x7ffecdd81800 sp 0x7ffecdd817f8
READ of size 8 at 0x60c00038cd00 thread T0
    #0 0x5615f61dd075 in void std::vector<tag_t, std::allocator<tag_t> >::emplace_back<char const*&, char const*&>(char const*&, char const*&) /usr/include/c++/6/bits/vector.tcc:94
    #1 0x5615f620c5cd in lua_tagtransform_t::filter_tags(osmium::OSMObject const&, int*, int*, export_list const&, taglist_t&, bool) /home/pnorman/osm/osm2pgsql/tagtransform-lua.cpp:
108
    #2 0x5615f61a71d6 in relation_helper::get_filtered_tags(tagtransform_t*, export_list const&) const /home/pnorman/osm/osm2pgsql/geometry-processor.cpp:104
    #3 0x5615f61e6dd8 in output_multi_t::process_relation(osmium::Relation const&, bool, bool) /home/pnorman/osm/osm2pgsql/output-multi.cpp:376
    #4 0x5615f61e5a5d in output_multi_t::relation_add(osmium::Relation const&) /home/pnorman/osm/osm2pgsql/output-multi.cpp:211
    #5 0x5615f60fc083 in osmdata_t::relation_add(osmium::Relation const&) /home/pnorman/osm/osm2pgsql/osmdata.cpp:65
    #6 0x5615f613ac00 in parse_osmium_t::relation(osmium::Relation const&) /home/pnorman/osm/osm2pgsql/parse-osmium.cpp:185
    #7 0x5615f618dab8 in void osmium::detail::apply_item_impl<parse_osmium_t&, osmium::memory::Item>(osmium::memory::Item&, parse_osmium_t&) /home/pnorman/osm/osm2pgsql/contrib/libos
mium/osmium/visitor.hpp:68
    #8 0x5615f6187b8d in void osmium::apply_item<osmium::memory::Item, parse_osmium_t&>(osmium::memory::Item&, parse_osmium_t&) /home/pnorman/osm/osm2pgsql/contrib/libosmium/osmium/v
isitor.hpp:206
    #9 0x5615f617f44c in void osmium::apply<osmium::io::InputIterator<osmium::io::Reader, osmium::memory::Item>, parse_osmium_t&>(osmium::io::InputIterator<osmium::io::Reader, osmium
::memory::Item>, osmium::io::InputIterator<osmium::io::Reader, osmium::memory::Item>, parse_osmium_t&) /home/pnorman/osm/osm2pgsql/contrib/libosmium/osmium/visitor.hpp:220
    #10 0x5615f6175a20 in void osmium::apply<osmium::io::Reader, parse_osmium_t&>(osmium::io::Reader&, parse_osmium_t&) /home/pnorman/osm/osm2pgsql/contrib/libosmium/osmium/visitor.h
pp:227
    #11 0x5615f613a607 in parse_osmium_t::stream_file(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::ch
ar_traits<char>, std::allocator<char> > const&) /home/pnorman/osm/osm2pgsql/parse-osmium.cpp:128
    #12 0x5615f60dfe37 in main /home/pnorman/osm/osm2pgsql/osm2pgsql.cpp:86
    #13 0x7f7411c2e2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #14 0x5615f60df649 in _start (/home/pnorman/osm/osm2pgsql/build/osm2pgsql+0x245649)

0x60c00038cd00 is located 8 bytes to the right of 120-byte region [0x60c00038cc80,0x60c00038ccf8)
allocated by thread T0 here:                                                                                                                                                 [17/1949]
    #0 0x7f7414073bf0 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc2bf0)
    #1 0x5615f61abe45 in __gnu_cxx::new_allocator<taglist_t>::allocate(unsigned long, void const*) /usr/include/c++/6/ext/new_allocator.h:104
    #2 0x5615f61ab43c in std::allocator_traits<std::allocator<taglist_t> >::allocate(std::allocator<taglist_t>&, unsigned long) /usr/include/c++/6/bits/alloc_traits.h:416
    #3 0x5615f61aa93f in std::_Vector_base<taglist_t, std::allocator<taglist_t> >::_M_allocate(unsigned long) /usr/include/c++/6/bits/stl_vector.h:170
    #4 0x5615f61aa19a in std::_Vector_base<taglist_t, std::allocator<taglist_t> >::_M_create_storage(unsigned long) /usr/include/c++/6/bits/stl_vector.h:185
    #5 0x5615f61a9216 in std::_Vector_base<taglist_t, std::allocator<taglist_t> >::_Vector_base(unsigned long, std::allocator<taglist_t> const&) (/home/pnorman/osm/osm2pgsql/build/os
m2pgsql+0x30f216)
    #6 0x5615f61a7d59 in std::vector<taglist_t, std::allocator<taglist_t> >::vector(unsigned long, std::allocator<taglist_t> const&) (/home/pnorman/osm/osm2pgsql/build/osm2pgsql+0x30
dd59)
    #7 0x5615f61a70be in relation_helper::get_filtered_tags(tagtransform_t*, export_list const&) const /home/pnorman/osm/osm2pgsql/geometry-processor.cpp:100
    #8 0x5615f61e6dd8 in output_multi_t::process_relation(osmium::Relation const&, bool, bool) /home/pnorman/osm/osm2pgsql/output-multi.cpp:376
    #9 0x5615f61e5a5d in output_multi_t::relation_add(osmium::Relation const&) /home/pnorman/osm/osm2pgsql/output-multi.cpp:211
    #10 0x5615f60fc083 in osmdata_t::relation_add(osmium::Relation const&) /home/pnorman/osm/osm2pgsql/osmdata.cpp:65
    #11 0x5615f613ac00 in parse_osmium_t::relation(osmium::Relation const&) /home/pnorman/osm/osm2pgsql/parse-osmium.cpp:185
    #12 0x5615f618dab8 in void osmium::detail::apply_item_impl<parse_osmium_t&, osmium::memory::Item>(osmium::memory::Item&, parse_osmium_t&) /home/pnorman/osm/osm2pgsql/contrib/libo
smium/osmium/visitor.hpp:68
    #13 0x5615f6187b8d in void osmium::apply_item<osmium::memory::Item, parse_osmium_t&>(osmium::memory::Item&, parse_osmium_t&) /home/pnorman/osm/osm2pgsql/contrib/libosmium/osmium/
visitor.hpp:206
    #14 0x5615f617f44c in void osmium::apply<osmium::io::InputIterator<osmium::io::Reader, osmium::memory::Item>, parse_osmium_t&>(osmium::io::InputIterator<osmium::io::Reader, osmiu
m::memory::Item>, osmium::io::InputIterator<osmium::io::Reader, osmium::memory::Item>, parse_osmium_t&) /home/pnorman/osm/osm2pgsql/contrib/libosmium/osmium/visitor.hpp:220
    #15 0x5615f6175a20 in void osmium::apply<osmium::io::Reader, parse_osmium_t&>(osmium::io::Reader&, parse_osmium_t&) /home/pnorman/osm/osm2pgsql/contrib/libosmium/osmium/visitor.h
pp:227
    #16 0x5615f613a607 in parse_osmium_t::stream_file(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::ch
ar_traits<char>, std::allocator<char> > const&) /home/pnorman/osm/osm2pgsql/parse-osmium.cpp:128
    #17 0x5615f60dfe37 in main /home/pnorman/osm/osm2pgsql/osm2pgsql.cpp:86
    #18 0x7f7411c2e2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/include/c++/6/bits/vector.tcc:94 in void std::vector<tag_t, std::allocator<tag_t> >::emplace_back<char const*&, char const*&>(cha
r const*&, char const*&)
Shadow bytes around the buggy address:
  0x0c1880069950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1880069960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1880069970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1880069980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c1880069990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
=>0x0c18800699a0:[fa]fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c18800699b0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
  0x0c18800699c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c18800699d0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c18800699e0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c18800699f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==6011==ABORTING
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/osm2pgsql/issues/723#issuecomment-289199746
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/tile-serving/attachments/20170325/8f05858b/attachment-0001.html>

More information about the Tile-serving mailing list