Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[vulkan] Fix heap buffer overflow in Vulkan extension handling discovered by ASAN #7740

Merged
merged 1 commit into from
Aug 7, 2023

Conversation

derek-gerstmann
Copy link
Contributor

No description provided.

@steven-johnson
Copy link
Contributor

Care to clue me in on which bits of code were causing the overflow?

@derek-gerstmann
Copy link
Contributor Author

Care to clue me in on which bits of code were causing the overflow?

StringTable::resize() wasn't populating the pointer tables correctly, which caused the StringTable::assign(ctx, n, str) to write into bad memory.

@derek-gerstmann
Copy link
Contributor Author

derek-gerstmann commented Aug 3, 2023

I'm still trying to diagnose ASAN leaks, but even with a debug runtime (and CMAKE_BUILD_TYPE=Debug), I don't get symbols for JIT-ed modules. What am I missing ... ?

ASAN_SYMBOLIZER_PATH=$LLVM_ROOT/bin/llvm-symbolizer HL_JIT_TARGET=host-vulkan-vk_int8-vk_int16-vk_int64-vk_float16-vk_float64-vk_v13-debug-asan ./build-asan/test/correctness/correctness_hello_gpu

...

Success!
halide_vulkan_device_free (user_context: 0x0, halide_buffer: 0x60f000000068)
    Time: 4.200000e-04 ms
LLVMSymbolizer: error reading file: Invalid argument

=================================================================
==920779==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4096 byte(s) in 1 object(s) allocated from:
    #0 0x5636148d786e in malloc /home/dg/Workspace/OpenSource/LLVM/Repos/llvm-v16/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x7fabf9854054  (<unknown module>)
    #2 0x7fabf9853f0b  (<unknown module>)
    #3 0x7fabf9853e2a  (<unknown module>)
    #4 0x7fabf9851bd7  (<unknown module>)
    #5 0x7fabfcb05393  (<unknown module>)
    #6 0x7fac0196e7a4 in Halide::Internal::JITCache::call_jit_code(Halide::Target const&, void const* const*) /home/dg/Workspace/OpenSource/Halide/Repos/diagnose_vulkan/src/JITModule.cpp:1202:16
    #7 0x7fac01c0b526 in Halide::Pipeline::call_jit_code(Halide::Target const&, Halide::Internal::JITCallArgs const&) /home/dg/Workspace/OpenSource/Halide/Repos/diagnose_vulkan/src/Pipeline.cpp:911:32
    #8 0x7fac01c07cba in Halide::Pipeline::realize(Halide::JITUserContext*, Halide::Pipeline::RealizationArg, Halide::Target const&) /home/dg/Workspace/OpenSource/Halide/Repos/diagnose_vulkan/src/Pipeline.cpp:1012:23
    #9 0x7fac01c05f61 in Halide::Pipeline::realize(Halide::JITUserContext*, std::vector<int, std::allocator<int>>, Halide::Target const&) /home/dg/Workspace/OpenSource/Halide/Repos/diagnose_vulkan/src/Pipeline.cpp:722:9
    #10 0x7fac01c04956 in Halide::Pipeline::realize(std::vector<int, std::allocator<int>>, Halide::Target const&) /home/dg/Workspace/OpenSource/Halide/Repos/diagnose_vulkan/src/Pipeline.cpp:702:12
    #11 0x7fac013b728c in Halide::Func::realize(std::vector<int, std::allocator<int>>, Halide::Target const&) /home/dg/Workspace/OpenSource/Halide/Repos/diagnose_vulkan/src/Func.cpp:3185:23
    #12 0x5636149159aa in main /home/dg/Workspace/OpenSource/Halide/Repos/diagnose_vulkan/test/correctness/hello_gpu.cpp:23:27
    #13 0x7fabfcfbc082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16

@steven-johnson
Copy link
Contributor

I'm still trying to diagnose ASAN leaks, but even with a debug runtime (and CMAKE_BUILD_TYPE=Debug), I don't get symbols for JIT-ed modules. What am I missing ... ?

You're not missing anything -- this has never worked AFAICT

@steven-johnson steven-johnson merged commit 7b45542 into main Aug 7, 2023
@steven-johnson steven-johnson deleted the dg/fix_vulkan_extension_buffer_overflow branch August 7, 2023 19:29
ardier pushed a commit to ardier/Halide-mutation that referenced this pull request Mar 3, 2024
…ered by ASAN (halide#7740)

Fix heap buffer overflow in Vulkan extension handling discovered by ASAN

Co-authored-by: Derek Gerstmann <dgerstmann@adobe.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants