Giters

AcademySoftwareFoundation / OpenShadingLanguage

Advanced shading language for production GI renderers

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Read after free in TypeSpec::struct_list()

rasmusbonnedal opened this issue · comments

commented

Problem

I compile a shader with a struct using OSLCompiler. When OSLCompiler is destructed it performs SymbolTable::delete_syms() which clears TypeSpec::struct_list().

Some operations, like ShadingSystem::oslquery() and Symbol::print() access entries in TypeSpec::struct_list() which was deleted when OSLCompiler went out of scope.

Related to #1427

Steps to Reproduce

The problem can be triggered with testshade, Visual Studio 2019, debug configuration.

  1. Run testshade
>bin\debug\testshade --inbuffer ..\osl-v1.12.6.0-beta\testsuite\struct\test.osl
  1. Result
 0# boost::stacktrace::basic_stacktrace<std::allocator<boost::stacktrace::frame> >::init at C:\WORK\GIT\strala\winbuild\install\deps-debug\include\boost-1_78\boost\stacktrace\stacktrace.hpp:76
 1# boost::stacktrace::basic_stacktrace<std::allocator<boost::stacktrace::frame> >::basic_stacktrace<std::allocator<boost::stacktrace::frame> > at C:\WORK\GIT\strala\winbuild\install\deps-debug\include\boost-1_78\boost\stacktrace\stacktrace.hpp:129
 2# OpenImageIO_v2_3::Sysutil::stacktrace at C:\WORK\GIT\strala\winbuild\src\oiio-v2.3.12.0\src\libutil\sysutil.cpp:660
 3# OpenImageIO_v2_3::stacktrace_signal_handler at C:\WORK\GIT\strala\winbuild\src\oiio-v2.3.12.0\src\libutil\sysutil.cpp:680
 4# raise in ucrtbased
 5# setmbcp in ucrtbased
 6# CrtSetReportHookW2 in ucrtbased
 7# VCrtDbgReportA in ucrtbased
 8# CrtDbgReport in ucrtbased
 9# std::vector<std::shared_ptr<OSL_v1_12::pvt::StructSpec>,std::allocator<std::shared_ptr<OSL_v1_12::pvt::StructSpec> > >::operator[] at C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.29.30133\include\vector:1552
10# OSL_v1_12::pvt::TypeSpec::structspec at C:\WORK\GIT\osl-v1.12.6.0-beta\src\include\osl_pvt.h:175
11# OSL_v1_12::pvt::TypeSpec::structspec at C:\WORK\GIT\osl-v1.12.6.0-beta\src\include\osl_pvt.h:169
12# OSL_v1_12::ShadingSystem::oslquery at C:\WORK\GIT\osl-v1.12.6.0-beta\src\liboslexec\shadingsys.cpp:4216
13# setup_output_images at C:\WORK\GIT\osl-v1.12.6.0-beta\src\testshade\testshade.cpp:1030
14# test_shade at C:\WORK\GIT\osl-v1.12.6.0-beta\src\testshade\testshade.cpp:2043
15# main at C:\WORK\GIT\osl-v1.12.6.0-beta\src\testshade\testshademain.cpp:29
16# invoke_main at D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:79
17# __scrt_common_main_seh at D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
18# __scrt_common_main at D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:331
19# mainCRTStartup at D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp:17
20# BaseThreadInitThunk in KERNEL32
21# RtlUserThreadStart in ntdll

Versions

  • OSL branch/version: v1.12.6.0-beta
  • OS: Windows 11
  • C++ compiler: Visual Studio 2019 16.11.18
  • LLVM version: 13.0.1
  • OIIO version: v1.11.17.0