perfetto: The simplest main with perfetto::Tracing::Initialize() failed under ASAN

Perfetto v24.2, Ubuntu clang version 13.0.0-2.

Code sample:

#include <perfetto.h>
#include <chrono>
#include <thread>

PERFETTO_DEFINE_CATEGORIES(perfetto::Category("trace_category").SetDescription(""));
PERFETTO_TRACK_EVENT_STATIC_STORAGE();

int main(int argc, char** argv) {
  (void)argc; (void)argv;
  perfetto::TracingInitArgs args;
  args.backends |= perfetto::kSystemBackend;
  perfetto::Tracing::Initialize(args);
  // perfetto::TrackEvent::Register();
  std::this_thread::sleep_for(std::chrono::milliseconds(100));
  perfetto::TrackEvent::Flush();
  return 0;
}

This code do nothing. It doesn’t post any user-defined trace events. Failure probability depends on std::this_thread::sleep_for. Zero delay or no delay dramatically decrease failure probability. It fails with or without perfetto::TrackEvent::Register(), perfetto::TrackEvent::Flush().

=================================================================
==92285==ERROR: AddressSanitizer: use-after-poison on address 0x618000000090 at pc 0x55bae63549d9 bp 0x7f3d575fe1a0 sp 0x7f3d575fd960
WRITE of size 48 at 0x618000000090 thread T1
    #0 0x55bae63549d8 in memset (/home/osboxes/Hive/build.debug/test/perfetto_test+0x1e39d8)
    #1 0x55bae640007b in protozero::MessageArena::NewMessage() /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:9762:24
    #2 0x55bae63fff7f in protozero::Message::BeginNestedMessageInternal(unsigned int) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:9694:30
    #3 0x55bae655ebea in protozero::Message* protozero::Message::BeginNestedMessage<protozero::Message>(unsigned int) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.h:1712:28
    #4 0x55bae650bc76 in perfetto::protos::gen::IPCFrame::Serialize(protozero::Message*) const /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:63931:41
    #5 0x55bae650becc in perfetto::protos::gen::IPCFrame::SerializeAsArray() const /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:63919:3
    #6 0x55bae6517722 in perfetto::ipc::BufferedFrameDeserializer::Serialize[abi:cxx11](perfetto::protos::gen::IPCFrame const&) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:66223:40
    #7 0x55bae651865e in perfetto::ipc::ClientImpl::SendFrame(perfetto::protos::gen::IPCFrame const&, int) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:67300:21
    #8 0x55bae6518462 in perfetto::ipc::ClientImpl::BindService(perfetto::base::WeakPtr<perfetto::ipc::ServiceProxy>) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:67253:8
    #9 0x55bae6518dbb in perfetto::ipc::ClientImpl::OnConnect(perfetto::base::UnixSocket*, bool) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:67335:7
    #10 0x55bae65162df in perfetto::base::UnixSocket::OnEvent() /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:65718:31
    #11 0x55bae654e996 in perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125::operator()() const /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:65586:17
    #12 0x55bae654e93c in void std::__invoke_impl<void, perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125&>(std::__invoke_other, perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:61:14
    #13 0x55bae654e8ec in std::enable_if<is_invocable_r_v<void, perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125&>, void>::type std::__invoke_r<void, perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125&>(perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:111:2
    #14 0x55bae654e78c in std::_Function_handler<void (), perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125>::_M_invoke(std::_Any_data const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:291:9
    #15 0x55bae655a9e4 in std::function<void ()>::operator()() const /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:560:9
    #16 0x55bae655bf17 in perfetto::base::RunTaskWithWatchdogGuard(std::function<void ()> const&) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:7135:3
    #17 0x55bae63fd485 in perfetto::base::UnixTaskRunner::RunImmediateAndDelayedTask() /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:8179:5
    #18 0x55bae63fc563 in perfetto::base::UnixTaskRunner::Run() /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:8116:5
    #19 0x55bae63fc27d in perfetto::base::ThreadTaskRunner::RunTaskThread(std::function<void (perfetto::base::UnixTaskRunner*)>) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:7976:15
    #20 0x55bae65f4359 in void std::__invoke_impl<void, void (perfetto::base::ThreadTaskRunner::*)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*, std::function<void (perfetto::base::UnixTaskRunner*)> >(std::__invoke_memfun_deref, void (perfetto::base::ThreadTaskRunner::*&&)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*&&, std::function<void (perfetto::base::UnixTaskRunner*)>&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:74:14
    #21 0x55bae65f4216 in std::__invoke_result<void (perfetto::base::ThreadTaskRunner::*)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*, std::function<void (perfetto::base::UnixTaskRunner*)> >::type std::__invoke<void (perfetto::base::ThreadTaskRunner::*)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*, std::function<void (perfetto::base::UnixTaskRunner*)> >(void (perfetto::base::ThreadTaskRunner::*&&)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*&&, std::function<void (perfetto::base::UnixTaskRunner*)>&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:96:14
    #22 0x55bae65f41ba in void std::thread::_Invoker<std::tuple<void (perfetto::base::ThreadTaskRunner::*)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*, std::function<void (perfetto::base::UnixTaskRunner*)> > >::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_thread.h:253:13
    #23 0x55bae65f4154 in std::thread::_Invoker<std::tuple<void (perfetto::base::ThreadTaskRunner::*)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*, std::function<void (perfetto::base::UnixTaskRunner*)> > >::operator()() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_thread.h:260:11
    #24 0x55bae65f3d78 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (perfetto::base::ThreadTaskRunner::*)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*, std::function<void (perfetto::base::UnixTaskRunner*)> > > >::_M_run() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_thread.h:211:13
    #25 0x7f3d591ec693  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xda693)
    #26 0x7f3d58e80946 in start_thread nptl/pthread_create.c:435:8
    #27 0x7f3d58f10a43 in __clone misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:100

0x618000000090 is located 16 bytes inside of 792-byte region [0x618000000080,0x618000000398)
allocated by thread T1 here:
    #0 0x55bae63eb37d in operator new(unsigned long) (/home/osboxes/Hive/build.debug/test/perfetto_test+0x27a37d)
    #1 0x55bae63f15da in __gnu_cxx::new_allocator<std::_List_node<protozero::MessageArena::Block> >::allocate(unsigned long, void const*) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/ext/new_allocator.h:127:27
    #2 0x55bae63f15da in std::allocator_traits<std::allocator<std::_List_node<protozero::MessageArena::Block> > >::allocate(std::allocator<std::_List_node<protozero::MessageArena::Block> >&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/alloc_traits.h:460:20
    #3 0x55bae63f15da in std::__cxx11::_List_base<protozero::MessageArena::Block, std::allocator<protozero::MessageArena::Block> >::_M_get_node() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/stl_list.h:442:16
    #4 0x55bae63f12ef in void std::__cxx11::list<protozero::MessageArena::Block, std::allocator<protozero::MessageArena::Block> >::_M_insert<>(std::_List_iterator<protozero::MessageArena::Block>) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/stl_list.h:1911:18
    #5 0x55bae6400111 in protozero::MessageArena::MessageArena() /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:9743:11
    #6 0x55bae65ff9ec in protozero::RootMessage<protozero::Message>::RootMessage() /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.h:10581:3
    #7 0x55bae65ff939 in protozero::HeapBuffered<protozero::Message>::HeapBuffered(unsigned long, unsigned long) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.h:10731:3
    #8 0x55bae655e98c in protozero::HeapBuffered<protozero::Message>::HeapBuffered() /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.h:10730:20
    #9 0x55bae650bea1 in perfetto::protos::gen::IPCFrame::SerializeAsArray() const /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:63918:51
    #10 0x55bae6517722 in perfetto::ipc::BufferedFrameDeserializer::Serialize[abi:cxx11](perfetto::protos::gen::IPCFrame const&) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:66223:40
    #11 0x55bae651865e in perfetto::ipc::ClientImpl::SendFrame(perfetto::protos::gen::IPCFrame const&, int) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:67300:21
    #12 0x55bae6518462 in perfetto::ipc::ClientImpl::BindService(perfetto::base::WeakPtr<perfetto::ipc::ServiceProxy>) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:67253:8
    #13 0x55bae6518dbb in perfetto::ipc::ClientImpl::OnConnect(perfetto::base::UnixSocket*, bool) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:67335:7
    #14 0x55bae65162df in perfetto::base::UnixSocket::OnEvent() /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:65718:31
    #15 0x55bae654e996 in perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125::operator()() const /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:65586:17
    #16 0x55bae654e93c in void std::__invoke_impl<void, perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125&>(std::__invoke_other, perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:61:14
    #17 0x55bae654e8ec in std::enable_if<is_invocable_r_v<void, perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125&>, void>::type std::__invoke_r<void, perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125&>(perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:111:2
    #18 0x55bae654e78c in std::_Function_handler<void (), perfetto::base::UnixSocket::DoConnect(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::$_125>::_M_invoke(std::_Any_data const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:291:9
    #19 0x55bae655a9e4 in std::function<void ()>::operator()() const /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:560:9
    #20 0x55bae655bf17 in perfetto::base::RunTaskWithWatchdogGuard(std::function<void ()> const&) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:7135:3
    #21 0x55bae63fd485 in perfetto::base::UnixTaskRunner::RunImmediateAndDelayedTask() /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:8179:5
    #22 0x55bae63fc563 in perfetto::base::UnixTaskRunner::Run() /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:8116:5
    #23 0x55bae63fc27d in perfetto::base::ThreadTaskRunner::RunTaskThread(std::function<void (perfetto::base::UnixTaskRunner*)>) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:7976:15
    #24 0x55bae65f4359 in void std::__invoke_impl<void, void (perfetto::base::ThreadTaskRunner::*)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*, std::function<void (perfetto::base::UnixTaskRunner*)> >(std::__invoke_memfun_deref, void (perfetto::base::ThreadTaskRunner::*&&)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*&&, std::function<void (perfetto::base::UnixTaskRunner*)>&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:74:14
    #25 0x55bae65f4216 in std::__invoke_result<void (perfetto::base::ThreadTaskRunner::*)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*, std::function<void (perfetto::base::UnixTaskRunner*)> >::type std::__invoke<void (perfetto::base::ThreadTaskRunner::*)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*, std::function<void (perfetto::base::UnixTaskRunner*)> >(void (perfetto::base::ThreadTaskRunner::*&&)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*&&, std::function<void (perfetto::base::UnixTaskRunner*)>&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:96:14
    #26 0x55bae65f41ba in void std::thread::_Invoker<std::tuple<void (perfetto::base::ThreadTaskRunner::*)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*, std::function<void (perfetto::base::UnixTaskRunner*)> > >::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_thread.h:253:13
    #27 0x55bae65f4154 in std::thread::_Invoker<std::tuple<void (perfetto::base::ThreadTaskRunner::*)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*, std::function<void (perfetto::base::UnixTaskRunner*)> > >::operator()() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_thread.h:260:11
    #28 0x55bae65f3d78 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (perfetto::base::ThreadTaskRunner::*)(std::function<void (perfetto::base::UnixTaskRunner*)>), perfetto::base::ThreadTaskRunner*, std::function<void (perfetto::base::UnixTaskRunner*)> > > >::_M_run() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_thread.h:211:13
    #29 0x7f3d591ec693  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xda693)

Thread T1 created by T0 here:
    #0 0x55bae63a3c5c in pthread_create (/home/osboxes/Hive/build.debug/test/perfetto_test+0x232c5c)
    #1 0x7f3d591ec969 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xda969)
    #2 0x55bae63fbfc9 in perfetto::base::ThreadTaskRunner::ThreadTaskRunner(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:7961:13
    #3 0x55bae65e53f2 in perfetto::base::ThreadTaskRunner::CreateAndStart(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:7754:12
    #4 0x55bae652fa82 in perfetto::(anonymous namespace)::PlatformPosix::CreateTaskRunner(perfetto::Platform::CreateTaskRunnerArgs const&) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:72540:7
    #5 0x55bae64ac5a9 in perfetto::internal::TracingMuxerImpl::TracingMuxerImpl(perfetto::TracingInitArgs const&) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:42004:24
    #6 0x55bae64af813 in perfetto::internal::TracingMuxerImpl::InitializeInstance(perfetto::TracingInitArgs const&) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:42981:9
    #7 0x55bae64b3002 in perfetto::Tracing::InitializeInternal(perfetto::TracingInitArgs const&) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.cc:43935:3
    #8 0x55bae63ede14 in perfetto::Tracing::Initialize(perfetto::TracingInitArgs const&) /home/osboxes/Hive/build.debug/../subprojects/perfetto-v24.2/sdk/perfetto.h:9888:5
    #9 0x55bae63ede14 in main /home/osboxes/Hive/build.debug/../test/main.cpp:12:2
    #10 0x7f3d58e15fcf in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: use-after-poison (/home/osboxes/Hive/build.debug/test/perfetto_test+0x1e39d8) in memset
Shadow bytes around the buggy address:
  0x0c307fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff8000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c307fff8010: 00 00[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c307fff8020: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c307fff8030: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c307fff8040: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c307fff8050: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c307fff8060: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==92285==ABORTING

Sometimes ASAN reports:

../subprojects/perfetto-v24.2/sdk/perfetto.h:1488:37: runtime error: applying non-zero offset 2 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../subprojects/perfetto-v24.2/sdk/perfetto.h:1488:37 in

About this issue

Original URL
State: closed
Created 2 years ago
Comments: 15 (7 by maintainers)

Commits related to this issue

Issue #271 — committed to vglavnyy/perfetto by vglavnyy 2 years ago

Most upvoted comments

In case anyone else like me is confused as to why this issue was closed without a linked PR/patch to fix the UB problem, here’s a quick summary as I understand it:

There was a patch submitted here (last updated Apr 19 2022): https://android-review.googlesource.com/c/platform/external/perfetto/+/2063169/3/include/perfetto/protozero/scattered_stream_writer.h – that patch was rejected. It seems like the primary reason for rejection was this: (comments)

My theory is that if this UB is ever enforced (i.e. if compilers actually start doing anything different) a lot of code everywhere will stop working and people will stop using that version of the compiler. In other words, pointer arithmetic is, at this point, too big too fail, regardless of the clever and sophisticated way C++ lawyercats worded it.
Later, UBSan was disabled for the offending function on Mar 14 2023. https://sourcegraph.com/github.com/google/perfetto/-/commit/324d911e28a84855ab7ee7c6768f6ab36e203669
The latest release at the time of writing (v33.1) was cut on Mar 3 2023. So if you’re using that, you’re going to run into the UBSan error.
The next release will no longer have this UB error firing, assuming the above patch with PERFETTO_NO_SANITIZE_UNDEFINED is not reverted etc.

varungandhi-src on May 31, 2023