bka: I have seen value 12 on my setup
=================================================================
==18067==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fe9d56d246b at pc 0x7fea13928580 bp 0x7fe9d56d21f0 sp 0x7fe9d56d21e8
READ of size 1 at 0x7fe9d56d246b thread T77
#0 0x7fea1392857f in std::pair<unsigned char, unsigned char>::pair<unsigned char&, unsigned char&, true>(unsigned char&, unsigned char&) /usr/bin/../lib/gcc/x86_64-redhat-linux/9/../../../../include/c++/9/bits/stl_pair.h:342:10
#1 0x7fea139239f1 in std::pair<std::__decay_and_strip<unsigned char&>::__type, std::__decay_and_strip<unsigned char&>::__type> std::make_pair<unsigned char&, unsigned char&>(unsigned char&, unsigned char&) /usr/bin/../lib/gcc/x86_64-redhat-linux/9/../../../../include/c++/9/bits/stl_pair.h:529:14
#2 0x7fea13910b9a in dss::DSStructureQueryBusInterface::getLastCalledScenes(dsuid_t const&, int) /home/brano/dss/dss-mainline/build-meson/../src/ds485-query.cpp:692:22
#3 0x7fea13729fd4 in dss::Bus::getLastCalledScenes(dsuid_t const&, int) /home/brano/dss/dss-mainline/build-meson/../src/bus.h:48:29
#4 0x7fea1372fe68 in non-virtual thunk to dss::Bus::getLastCalledScenes(dsuid_t const&, int) /home/brano/dss/dss-mainline/build-meson/../src/bus.h
#5 0x7fea13c76202 in dss::BusScanner::scanStatusOfZone(boost::shared_ptr<dss::DSMeter>, boost::shared_ptr<dss::Zone>) /home/brano/dss/dss-mainline/build-meson/../src/model/busscanner.cpp:986:66
#6 0x7fea13c71545 in dss::BusScanner::scanDSMeter(boost::shared_ptr<dss::DSMeter>) /home/brano/dss/dss-mainline/build-meson/../src/model/busscanner.cpp:158:15
#7 0x7fea13e7d992 in dss::MeterMaintenance::dsMeterReady(dsuid_t const&) /home/brano/dss/dss-mainline/build-meson/../src/model/modelmaintenance.cpp:343:22
#8 0x7fea13e7beb1 in dss::MeterMaintenance::readOutPendingMeter() /home/brano/dss/dss-mainline/build-meson/../src/model/modelmaintenance.cpp:238:9
#9 0x7fea13e7af9c in dss::MeterMaintenance::execute() /home/brano/dss/dss-mainline/build-meson/../src/model/modelmaintenance.cpp:199:7
#10 0x7fea149f2616 in dss::Thread::ThreadStarterHelperFunc(void*) /home/brano/dss/dss-mainline/build-meson/../unix/thread.cpp:50:12
#11 0x7fea122d45a1 in start_thread (/lib64/libpthread.so.0+0x85a1)
#12 0x7fea11e96302 in __GI___clone (/lib64/libc.so.6+0xfb302)
Address 0x7fe9d56d246b is located in stack of thread T77 at offset 267 in frame
#0 0x7fea139102af in dss::DSStructureQueryBusInterface::getLastCalledScenes(dsuid_t const&, int) /home/brano/dss/dss-mainline/build-meson/../src/ds485-query.cpp:675
This frame has 21 object(s):
[32, 36) 'zone.addr'
[48, 64) '_dsContextFunc676' (line 676)
[80, 104) '_dsLogContext676' (line 676)
[144, 160) 'lock' (line 677)
[176, 208) 'ref.tmp' (line 679)
[240, 241) 'ref.tmp2' (line 679)
[256, 263) 'groups' (line 682) <== Memory access at offset 267 overflows this variable
[288, 295) 'scenes' (line 683)
[320, 321) 'hsize' (line 684)
[336, 353) 'agg.tmp'
[400, 408) 'ref.tmp30' (line 692)
[432, 434) 'ref.tmp31' (line 692)
[448, 480) 'agg.tmp47'
[512, 520) 'ref.tmp48' (line 694)
[544, 552) 'ref.tmp52' (line 694)
[576, 584) 'ref.tmp56' (line 694)
[608, 640) 'ref.tmp60' (line 694)
[672, 704) 'agg.tmp61'
[736, 737) 'ref.tmp62' (line 694)
[752, 753) 'ref.tmp67' (line 694)
[768, 772) 'ref.tmp68' (line 694)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
Thread T77 created by T0 here:
#0 0x293d06 in __interceptor_pthread_create (/home/brano/dss/dss-mainline/build-meson/src/dss+0x293d06)
#1 0x7fea149f2eda in dss::Thread::run() /home/brano/dss/dss-mainline/build-meson/../unix/thread.cpp:84:13
#2 0x7fea13e88f8d in dss::ModelMaintenance::doStart() /home/brano/dss/dss-mainline/build-meson/../src/model/modelmaintenance.cpp:650:26
#3 0x7fea142b4286 in dss::Subsystem::start() /home/brano/dss/dss-mainline/build-meson/../src/subsystem.cpp:73:7
#4 0x7fea1399ed8b in dss::DSS::run() /home/brano/dss/dss-mainline/build-meson/../src/dss.cpp:831:15
#5 0x399d4f in main /home/brano/dss/dss-mainline/build-meson/../src/main.cpp:248:30
#6 0x7fea11dbef32 in __libc_start_main (/lib64/libc.so.6+0x23f32)
SUMMARY: AddressSanitizer: stack-buffer-overflow /usr/bin/../lib/gcc/x86_64-redhat-linux/9/../../../../include/c++/9/bits/stl_pair.h:342:10 in std::pair<unsigned char, unsigned char>::pair<unsigned char&, unsigned char&, true>(unsigned char&, unsigned char&)
Shadow bytes around the buggy address:
0x0ffdbaad2430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffdbaad2440: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x0ffdbaad2450: 02 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffdbaad2460: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x0ffdbaad2470: 04 f2 00 00 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00
=>0x0ffdbaad2480: f2 f2 f8 f8 f8 f8 f2 f2 f2 f2 f8 f2 07[f2]f2 f2
0x0ffdbaad2490: 07 f2 f2 f2 01 f2 00 00 01 f2 f2 f2 f2 f2 00 f2
0x0ffdbaad24a0: f2 f2 02 f2 00 00 00 00 f2 f2 f2 f2 f8 f2 f2 f2
0x0ffdbaad24b0: f8 f2 f2 f2 f8 f2 f2 f2 f8 f8 f8 f8 f2 f2 f2 f2
0x0ffdbaad24c0: 00 00 00 00 f2 f2 f2 f2 f8 f2 f8 f2 f8 f3 f3 f3
0x0ffdbaad24d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==18067==ABORTING