HWASan error in BufferArea tests

[savuor]

System Information

OpenCV version: 4.x
OS: Android 14
Device: Google Pixel 8
Compiler: CLang

Detailed description

Running core tests with HWAsan enabled leads to the error in BufferArea.basic test with parameter set to false.

Log

==2396==ERROR: HWAddressSanitizer: tag-mismatch on address 0x0044bb554ce0 at pc 0x0062bc8ab6ac
WRITE of size 8 at 0x0044bb554ce0 tags: 75/07(75) (ptr/mem) in thread T0
Invalid access starting at offset 7
    #0 opencv_test::(anonymous namespace)::BufferArea_basic_Test::Body() in /home/savuor/ocv/4.x/opencv/modules/core/test/test_utils.cpp:399:24
    #1 opencv_test::(anonymous namespace)::BufferArea_basic_Test::TestBody() in /home/savuor/ocv/4.x/opencv/modules/core/test/test_utils.cpp:377:1
    #2 void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:3919:10
    #3 void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:3955:14
    #4 testing::Test::Run() in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:3993:5
    #5 testing::TestInfo::Run() in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:4169:11
    #6 testing::TestCase::Run() in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:4287:28
    #7 testing::internal::UnitTestImpl::RunAllTests() in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:6662:43
    #8 bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:3919:10
    #9 bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:3955:14
    #10 testing::UnitTest::Run() in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:6271:10
    #11 RUN_ALL_TESTS() in /home/savuor/ocv/4.x/opencv/modules/ts/include/opencv2/ts/ts_gtest.h:22240:46
    #12 main in /home/savuor/ocv/4.x/opencv/modules/core/test/test_main.cpp:10:1
Could not find symbols for apex/com.android.runtime/lib64/bionic/hwasan/libc.so
    #13 0x747e8c78f0  (/apex/com.android.runtime/lib64/bionic/hwasan/libc.so+0x5b8f0) (BuildId: a345f50b7faa262077e8d08a5acbfaa7)

[0x0044bb554cc0,0x0044bb554d00) is a small allocated heap chunk; size: 64 offset: 32

Cause: heap-buffer-overflow
0x0044bb554ce0 is located 32 bytes inside a 39-byte region [0x0044bb554cc0,0x0044bb554ce7)
allocated here:
Could not find symbols for apex/com.android.runtime/lib64/bionic/libclang_rt.hwasan-aarch64-android.so
    #0 0x747fb65698  (/apex/com.android.runtime/lib64/bionic/libclang_rt.hwasan-aarch64-android.so+0x23698) (BuildId: 558b5c131872716737ddc0a62f3382dd3df70b9a)
    #1 0x747e8bb36c  (/apex/com.android.runtime/lib64/bionic/hwasan/libc.so+0x4f36c) (BuildId: a345f50b7faa262077e8d08a5acbfaa7)
    #2 cv::fastMalloc(unsigned long) in /home/savuor/ocv/4.x/opencv/modules/core/src/alloc.cpp:137:12
    #3 cv::utils::BufferArea::commit() in /home/savuor/ocv/4.x/opencv/modules/core/src/buffer_area.cpp:149:18
    #4 opencv_test::(anonymous namespace)::BufferArea_basic_Test::Body() in /home/savuor/ocv/4.x/opencv/modules/core/test/test_utils.cpp:389:14
    #5 opencv_test::(anonymous namespace)::BufferArea_basic_Test::TestBody() in /home/savuor/ocv/4.x/opencv/modules/core/test/test_utils.cpp:377:1
    #6 void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:3919:10
    #7 void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:3955:14
    #8 testing::Test::Run() in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:3993:5
    #9 testing::TestInfo::Run() in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:4169:11
    #10 testing::TestCase::Run() in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:4287:28
    #11 testing::internal::UnitTestImpl::RunAllTests() in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:6662:43
    #12 bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:3919:10
    #13 bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:3955:14
    #14 testing::UnitTest::Run() in /home/savuor/ocv/4.x/opencv/modules/ts/src/ts_gtest.cpp:6271:10
    #15 RUN_ALL_TESTS() in /home/savuor/ocv/4.x/opencv/modules/ts/include/opencv2/ts/ts_gtest.h:22240:46
    #16 main in /home/savuor/ocv/4.x/opencv/modules/core/test/test_main.cpp:10:1
    #17 0x747e8c78f0  (/apex/com.android.runtime/lib64/bionic/hwasan/libc.so+0x5b8f0) (BuildId: a345f50b7faa262077e8d08a5acbfaa7)
    #18 _start_main in ??:0:0

Thread: T0 0x006b00002000 stack: [0x007fd5b7d000,0x007fd637d000) sz: 8388608 tls: [0x0074804f1000,0x0074804f4000)
Memory tags around the buggy address (one tag corresponds to 16 bytes):
  0x0044bb554400: 93  93  93  93  33  33  33  33  ea  ea  ea  ea  3e  3e  3e  3e
  0x0044bb554500: c7  c7  c7  c7  70  70  70  70  1f  1f  1f  1f  ab  ab  ab  ab
  0x0044bb554600: 55  55  55  55  97  97  97  97  1b  1b  1b  1b  6f  6f  6f  6f
  0x0044bb554700: 26  26  26  26  4b  4b  4b  4b  27  27  27  27  46  46  46  46
  0x0044bb554800: 17  17  17  17  0c  0c  0c  0c  4c  4c  4c  4c  f9  f9  f9  f9
  0x0044bb554900: fa  fa  fa  fa  c7  c7  c7  c7  cc  cc  cc  cc  36  36  36  36
  0x0044bb554a00: ef  ef  ef  ef  1f  1f  1f  1f  1f  1f  1f  1f  ee  ee  ee  ee
  0x0044bb554b00: f9  f9  f9  f9  d1  d1  d1  d1  b5  b5  b5  b5  ee  ee  ee  ee
=>0x0044bb554c00: 0f  0f  0f  0f  7f  63  63  73  3f  3f  3f  3f  75  75 [07] 3d
  0x0044bb554d00: 9a  9a  9a  9a  36  36  36  36  f5  f5  f5  f5  17  17  08  22
  0x0044bb554e00: 48  48  48  48  2b  2b  2b  2b  fc  fc  fc  fc  a7  a7  a7  a7
  0x0044bb554f00: 31  31  31  31  cc  cc  cc  cc  79  79  79  79  91  91  91  91
  0x0044bb555000: 1f  1f  1f  1f  7f  7f  7f  7f  0b  0b  0b  0b  83  83  83  47
  0x0044bb555100: 8a  8a  8a  8a  9c  9c  9c  9c  30  30  30  30  66  66  66  66
  0x0044bb555200: 3d  3d  3d  3d  b5  b5  b5  b5  1c  1c  1c  1c  77  77  77  77
  0x0044bb555300: bf  bf  bf  bf  5e  5e  5e  5e  aa  aa  aa  aa  20  20  20  20
  0x0044bb555400: 65  65  65  65  e3  e3  e3  e3  0b  0b  0b  0b  f8  f8  f8  f8
Tags for short granules around the buggy address (one tag corresponds to 16 bytes):
  0x0044bb554b00: ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..
=>0x0044bb554c00: 76  75  65  00  ..  ..  ..  ..  ..  ..  ..  ..  ..  .. [75] ..
  0x0044bb554d00: ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  17  ..
See https://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html#short-granules for a description of short granule tags
Registers where the failure occurred (pc 0x0062bc8ab6ac):
    x0  75000044bb554ce0  x1  8100007fd637ac00  x2  75000044bb554cce  x3  75000044bb554cc8
    x4  0000007fd637a368  x5  0000000000000014  x6  0000007fd5b7d000  x7  0000000000000001
    x8  75000044bb554cd0  x9  0200006c00000000  x10 0000000000000002  x11 0000000000000002
    x12 0000000000000002  x13 00000062bb69294a  x14 00000007fd637a37  x15 00000007fd637a39
    x16 000000747fb91918  x17 000000747fb6b330  x18 0000007481368000  x19 00000062bc32feac
    x20 0000006c00000000  x21 0000007fd637b9f0  x22 0000000000000002  x23 0000007fd637b9d8
    x24 0000000000000000  x25 0000000000000000  x26 0000000000000000  x27 0000000000000000
    x28 0000000000000000  x29 0000007fd637ac40  x30 00000062bc8ab6b0   sp 0000007fd637a3e0
Learn more about HWASan reports: https://source.android.com/docs/security/test/memory-safety/hwasan-reports
SUMMARY: HWAddressSanitizer: tag-mismatch (/data/local/tmp/opencv_test_core+0x13b96ac) (BuildId: 331e30f5c55970adaf71d3e3016720b739a1b6a0)
==2396==WARNING: HWASan is ignoring requested __hwasan_handle_longjmp: stack top: 0x007fd6378d60; target 0x000000000000; distance: 0xffffff8029c872a0 (7239932720857309266)

Steps to reproduce

See this instruction in OpenCV Wiki

Issue submission checklist

• I report the issue, it's not a question
• I checked the problem with documentation, FAQ, open issues, forum.opencv.org, Stack Overflow, etc and have not found any solution
• I updated to the latest OpenCV version and the issue is still there
• There is reproducer code and related data files (videos, images, onnx, etc)

[asmorkalov]

-DOPENCV_ENABLE_MEMORY_SANITIZER=ON "fixes" the issue.

[asmorkalov]

BufferArea may allocate buffers for several types and sizes together with the single malloc call. The approach conflicts with memory sanitizers, as the single allocated area used for different data types and sizes. -DOPENCV_ENABLE_MEMORY_SANITIZER=ON disables the solution to work around the false alarm. Closed as not an issue. Added the option to #25746.

[asmorkalov]

Related patch: #16827