Crashes on rustc 1.67

[danielzgtg]

bingrep segfaults on everything:

cargo run --release target/release/bingrep
    Finished release [optimized] target(s) in 0.02s
     Running `target/release/bingrep target/release/bingrep`
ELF DYN X86_64-little-endian @ 0x34bb0:

e_phoff: 0x40 e_shoff: 0x720d00 e_flags: 0x0 e_ehsize: 64 e_phentsize: 56 e_phnum: 14 e_shentsize: 64 e_shnum: 42 e_shstrndx: 41

ProgramHeaders(14):
Segmentation fault (core dumped)

It happens whether built from 8596f7f or if v0.10.2 is cargo installed. It crashes on itself, ls, and cat.

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.10
Release:        22.10
Codename:       kinetic
$ rustc --version
rustc 1.69.0-nightly (c8e6a9e8b 2023-01-23)
$ cargo --version
cargo 1.69.0-nightly (985d561f0 2023-01-20)

Here is the debug debugging output:

$ RUST_BACKTRACE=1 cargo run -- target/debug/bingrep
    Finished dev [unoptimized + debuginfo] target(s) in 0.03s
     Running `target/debug/bingrep target/debug/bingrep`
ELF DYN X86_64-little-endian @ 0x7b520:

e_phoff: 0x40 e_shoff: 0x3236158 e_flags: 0x0 e_ehsize: 64 e_phentsize: 56 e_phnum: 14 e_shentsize: 64 e_shnum: 44 e_shstrndx: 43

ProgramHeaders(14):
thread 'main' panicked at 'attempt to add with overflow', /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/traits/accum.rs:149:1
stack backtrace:
   0: rust_begin_unwind
             at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/std/src/panicking.rs:575:5
   1: core::panicking::panic_fmt
             at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/panicking.rs:64:14
   2: core::panicking::panic
             at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/panicking.rs:114:5
   3: <usize as core::iter::traits::accum::Sum>::sum::{{closure}}
             at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/traits/accum.rs:53:28
   4: core::iter::adapters::map::map_fold::{{closure}}
             at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/adapters/map.rs:84:21
   5: core::iter::traits::iterator::Iterator::fold
             at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/traits/iterator.rs:2438:21
   6: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::fold
             at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/adapters/map.rs:124:9
   7: <usize as core::iter::traits::accum::Sum>::sum
             at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/traits/accum.rs:50:17
   8: core::iter::traits::iterator::Iterator::sum
             at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/iter/traits/iterator.rs:3408:9
   9: prettytable::row::Row::column_count
             at /home/home/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/row.rs:36:9
  10: prettytable::TableSlice::get_column_num
             at /home/home/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/lib.rs:75:21
  11: prettytable::TableSlice::get_all_column_width
             at /home/home/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/lib.rs:117:22
  12: prettytable::TableSlice::__print
             at /home/home/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/lib.rs:142:25
  13: prettytable::TableSlice::print_term
             at /home/home/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/lib.rs:174:9
  14: prettytable::Table::print_term
             at /home/home/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/lib.rs:362:9
  15: bingrep::format::print_table_to_stdout
             at ./src/format.rs:305:32
  16: bingrep::format::flush
             at ./src/format.rs:291:5
  17: bingrep::format_elf::Elf::print
             at ./src/format_elf.rs:512:9
  18: bingrep::parse_elf_file
             at ./src/main.rs:104:9
  19: bingrep::run
             at ./src/main.rs:205:29
  20: bingrep::main
             at ./src/main.rs:216:11
  21: core::ops::function::FnOnce::call_once
             at /rustc/c8e6a9e8b6251bbc8276cb78cabe1998deecbed7/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

Here is the release debugging output:

$ gdb target/release/bingrep
GNU gdb (Ubuntu 12.1-3ubuntu2) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from target/release/bingrep...
(gdb) r target/release/bingrep
Starting program: /home/home/CLionProjects/bingrep/target/release/bingrep target/release/bingrep

This GDB supports auto-downloading debuginfo from the following URLs:
https://debuginfod.ubuntu.com
Enable debuginfod for this session? (y or [n]) n
Debuginfod has been disabled.
To make this setting permanent, add 'set debuginfod enabled off' to .gdbinit.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ELF DYN X86_64-little-endian @ 0x34bb0:

e_phoff: 0x40 e_shoff: 0x720d00 e_flags: 0x0 e_ehsize: 64 e_phentsize: 56 e_phnum: 14 e_shentsize: 64 e_shnum: 42 e_shstrndx: 41

ProgramHeaders(14):

Program received signal SIGSEGV, Segmentation fault.
0x0000555555707670 in prettytable::TableSlice::get_all_column_width ()
(gdb) bt
#0  0x0000555555707670 in prettytable::TableSlice::get_all_column_width ()
#1  0x00005555555b59c1 in prettytable::Table::print_term ()
#2  0x00005555555d157b in bingrep::format::print_table_to_stdout ()
#3  0x00005555555bfda5 in bingrep::format_elf::Elf::print ()
#4  0x00005555555b1b77 in bingrep::parse_elf_file ()
#5  0x00005555555b3db7 in bingrep::main ()
#6  0x00005555555d57d3 in std::sys_common::backtrace::__rust_begin_short_backtrace ()
#7  0x00005555555b5139 in _ZN3std2rt10lang_start28_$u7b$$u7b$closure$u7d$$u7d$17hcc4805e891370521E.llvm.6285060230740621483 ()
#8  0x000055555572cabc in core::ops::function::impls::{impl#2}::call_once<(), (dyn core::ops::function::Fn<(), Output=i32> + core::marker::Sync + core::panic::unwind_safe::RefUnwindSafe)> () at library/core/src/ops/function.rs:287
#9  std::panicking::try::do_call<&(dyn core::ops::function::Fn<(), Output=i32> + core::marker::Sync + core::panic::unwind_safe::RefUnwindSafe), i32> ()
    at library/std/src/panicking.rs:483
#10 std::panicking::try<i32, &(dyn core::ops::function::Fn<(), Output=i32> + core::marker::Sync + core::panic::unwind_safe::RefUnwindSafe)> ()
    at library/std/src/panicking.rs:447
#11 std::panic::catch_unwind<&(dyn core::ops::function::Fn<(), Output=i32> + core::marker::Sync + core::panic::unwind_safe::RefUnwindSafe), i32> ()
    at library/std/src/panic.rs:140
#12 std::rt::lang_start_internal::{closure#2} () at library/std/src/rt.rs:148
#13 std::panicking::try::do_call<std::rt::lang_start_internal::{closure_env#2}, isize> () at library/std/src/panicking.rs:483
#14 std::panicking::try<isize, std::rt::lang_start_internal::{closure_env#2}> () at library/std/src/panicking.rs:447
#15 std::panic::catch_unwind<std::rt::lang_start_internal::{closure_env#2}, isize> () at library/std/src/panic.rs:140
#16 std::rt::lang_start_internal () at library/std/src/rt.rs:148
#17 0x00005555555b4a25 in main ()

[m4b]

Interesting; so i'm not able to repro this on archlinux. A segfault is quite surprising, even more so since the function it's crashing in has no unsafe, nor in that module afaics: https://docs.rs/prettytable/latest/src/prettytable/lib.rs.html nor in https://docs.rs/prettytable/latest/src/prettytable/lib.rs.html (the table mod).

what rustc are you using to compile and also to cargo install? You didn't receive the bingrep binary from somewhere else right?

[m4b]

I just saw that you're compiling with nightly? have you tried building with stable rust? if that also segfaults then it's not nightly, but it's not inconceivable nightly rust could be miscompiling something (albeit highly unlikely)?

[danielzgtg]

I have now tried stable Rust and it still crashes. It's the same on my Intel and my AMD computers.

I ran everything again in Docker so that it would be a clean setup, and more reproducible for you. Attached is the console output.

bingrepdocker.txt

EDIT: This also happens on ubuntu:focal-20221130 and ubuntu:bionic-20221215. This must be a regression either in bingrep, its dependencies, or in Rust, because bingrep was working fine on Ubuntu at least a few years ago. If it still works on your archlinux machine, then there might be some cached files is the build directory or your home's .cargo. If you don't have Docker, then have you tried creating a new Linux user account, installing rustup into it, and cloning the repository to a new directory?

EDIT2: I've tested both Konsole and xterm. This also happens on archlinux: bingrepdockerarch.txt

EDIT3: Also happens on ubuntu-20.04.5-live-server-amd64.iso with Linux ubuntu-server 5.4.0-125-generic #141-Ubuntu SMP Web Aug 10 13:42:03 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

[m4b]

something seems very wrong, your bingrepdockerarch.txt says it crashes on this line with a segfault: https://docs.rs/prettytable/latest/src/prettytable/cell.rs.html#197
this should basically be impossible in safe rust.

[m4b]

wow ok i just repro'd this on an older ubuntu machine i have sitting around, fresh clone, fresh rustup... this is pretty wild! i''m at a loss at the moment what could be the issue here

[m4b]

I have a similar backtrace in debug:

Program received signal SIGSEGV, Segmentation fault.
prettytable::cell::Cell::get_hspan (self=0x110000) at src/cell.rs:197
197	        self.hspan
(gdb) bt
#0  prettytable::cell::Cell::get_hspan (self=0x110000) at src/cell.rs:197
#1  0x0000555555aed9df in prettytable::row::Row::column_count::{{closure}} (c=0x110000) at src/row.rs:36
#2  0x0000555555af0a41 in core::iter::adapters::map::map_fold::{{closure}} (acc=0, elt=0x110000) at /rustc/fc594f15669680fa70d255faec3ca3fb507c3405/library/core/src/iter/adapters/map.rs:84
#3  0x0000555555af899c in core::iter::traits::iterator::Iterator::fold (self=..., init=0, f=...)
    at /rustc/fc594f15669680fa70d255faec3ca3fb507c3405/library/core/src/iter/traits/iterator.rs:2414
#4  0x0000555555af06c2 in <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::fold (self=..., init=0, g=...)
    at /rustc/fc594f15669680fa70d255faec3ca3fb507c3405/library/core/src/iter/adapters/map.rs:124
#5  0x0000555555afc358 in <usize as core::iter::traits::accum::Sum>::sum (iter=...) at /rustc/fc594f15669680fa70d255faec3ca3fb507c3405/library/core/src/iter/traits/accum.rs:42
#6  0x0000555555af0814 in core::iter::traits::iterator::Iterator::sum (self=...) at /rustc/fc594f15669680fa70d255faec3ca3fb507c3405/library/core/src/iter/traits/iterator.rs:3381
#7  0x0000555555aed9af in prettytable::row::Row::column_count (self=0x555555d11368) at src/row.rs:36
#8  0x0000555555af5a5f in prettytable::TableSlice::get_column_num (self=0x7fffffff92e8) at src/lib.rs:75
#9  0x0000555555af5b9f in prettytable::TableSlice::get_all_column_width (self=0x7fffffff92e8) at src/lib.rs:117
#10 0x0000555555af5d54 in prettytable::TableSlice::__print (self=0x7fffffff92e8, out=..., f=0x555555d16210) at src/lib.rs:142
#11 0x0000555555af73c1 in prettytable::TableSlice::print_term (self=0x7fffffff92e8, out=...) at src/lib.rs:174
#12 0x000055555562a6e2 in prettytable::Table::print_term (self=0x7fffffff92e8, out=...) at /home/git/.cargo/registry/src/github.com-1ecc6299db9ec823/prettytable-rs-0.9.0/src/lib.rs:362
#13 0x0000555555628b22 in bingrep::format::print_table_to_stdout (table=0x7fffffff92e8, force_colorize=false) at src/format.rs:305
#14 0x00005555556289b3 in bingrep::format::flush (fmt=0x7fffffff9040, writer=0x7fffffff8ff0, table=0x7fffffff92e8, color=false) at src/format.rs:291
#15 0x0000555555614e7e in bingrep::format_elf::Elf::print (self=0x7fffffffaca8) at src/format_elf.rs:512
#16 0x00005555555d5492 in bingrep::parse_elf_file (opt=..., bytes=..., elf=...) at src/main.rs:104
#17 0x00005555555d7ceb in bingrep::run (opt=...) at src/main.rs:205
#18 0x00005555555d80de in bingrep::main () at src/main.rs:216

[m4b]

ok this is worrisome, if i:

rustup install stable 1.60.0
rustup default 1.60.0
cargo run -- `which ls`

it runs without issue. so this looks like this could be a regression in rustc compiler somehow?

[bjorn3]

What happens if you run it under valgrind? You may need to compile the latest valgrind from source. Newer rustc use DWARF5 for debuginfo which older valgrind don't understand. Alternatively strip --strip-debug to strip debuginfo may help getting it working on older valgrind.

[m4b]

Ok rustc 1.66.0 also runs fine for me, but 1.67.0 segfaults. I'm (shockingly) leaning more towards this being a rustc miscompile?

~/bingrep$ rustup default stable
info: using existing install for 'stable-x86_64-unknown-linux-gnu'
info: default toolchain set to 'stable-x86_64-unknown-linux-gnu'

  stable-x86_64-unknown-linux-gnu unchanged - rustc 1.67.0 (fc594f156 2023-01-24)

~/bingrep$ cargo run -- `which ls`
    Finished dev [unoptimized + debuginfo] target(s) in 0.46s
     Running `target/debug/bingrep /bin/ls`
ELF DYN X86_64-little-endian @ 0x67d0:

e_phoff: 0x40 e_shoff: 0x223c0 e_flags: 0x0 e_ehsize: 64 e_phentsize: 56 e_phnum: 13 e_shentsize: 64 e_shnum: 30 e_shstrndx: 29

ProgramHeaders(13):
Segmentation fault (core dumped)

~/bingrep$ rustup default 1.66.0
info: using existing install for '1.66.0-x86_64-unknown-linux-gnu'
info: default toolchain set to '1.66.0-x86_64-unknown-linux-gnu'

  1.66.0-x86_64-unknown-linux-gnu unchanged - rustc 1.66.0 (69f9c33d7 2022-12-12)

~/bingrep$ cargo run -- `which ls` | tail
    Finished dev [unoptimized + debuginfo] target(s) in 0.45s
     Running `target/debug/bingrep /bin/ls`
Libraries(2):
 libselinux.so.1
       libc.so.6

Soname: None
Interpreter: /lib64/ld-linux-x86-64.so.2
is_64: true
is_lib: true
little_endian: true
entry: 67d0

@danielzgtg could you confirm if 1.66.0 runs fine for you?

[m4b]

@bjorn3 here is valgrind output with strip debug info as you suggested:

valgrind target/debug/bingrep `which ls`
==11789== Memcheck, a memory error detector
==11789== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==11789== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==11789== Command: target/debug/bingrep /bin/ls
==11789== 
==11789== Syscall param statx(file_name) points to unaddressable byte(s)
==11789==    at 0x4B0088E: statx (statx.c:29)
==11789==    by 0x72C7F1: std::sys::unix::fs::try_statx (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x7219B2: std::fs::buffer_capacity_required (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x7218DB: std::fs::read::inner (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DE40E: std::fs::read (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x18AC70: bingrep::run (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x18C0DD: bingrep::main (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1A238A: core::ops::function::FnOnce::call_once (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1A4CDD: std::sys_common::backtrace::__rust_begin_short_backtrace (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1A5250: std::rt::lang_start::{{closure}} (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x72093B: std::rt::lang_start_internal (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1A5229: std::rt::lang_start (in /home/git/bingrep/target/debug/bingrep)
==11789==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==11789== 
==11789== Syscall param statx(buf) points to unaddressable byte(s)
==11789==    at 0x4B0088E: statx (statx.c:29)
==11789==    by 0x72C7F1: std::sys::unix::fs::try_statx (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x7219B2: std::fs::buffer_capacity_required (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x7218DB: std::fs::read::inner (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DE40E: std::fs::read (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x18AC70: bingrep::run (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x18C0DD: bingrep::main (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1A238A: core::ops::function::FnOnce::call_once (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1A4CDD: std::sys_common::backtrace::__rust_begin_short_backtrace (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1A5250: std::rt::lang_start::{{closure}} (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x72093B: std::rt::lang_start_internal (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1A5229: std::rt::lang_start (in /home/git/bingrep/target/debug/bingrep)
==11789==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==11789== 
ELF DYN X86_64-little-endian @ 0x67d0:

e_phoff: 0x40 e_shoff: 0x223c0 e_flags: 0x0 e_ehsize: 64 e_phentsize: 56 e_phnum: 13 e_shentsize: 64 e_shnum: 30 e_shstrndx: 29

ProgramHeaders(13):
==11789== Conditional jump or move depends on uninitialised value(s)
==11789==    at 0x6D3B1E: core::ptr::mut_ptr::<impl *mut T>::guaranteed_eq (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B0565: core::ptr::mut_ptr::<impl *mut T>::is_null (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B2B8A: <alloc::vec::Vec<T,A> as core::ops::deref::Deref>::deref (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A198A: prettytable::row::Row::column_count (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9A5E: prettytable::TableSlice::get_column_num (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9B9E: prettytable::TableSlice::get_all_column_width (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9D53: prettytable::TableSlice::__print (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AB3C0: prettytable::TableSlice::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DE6E1: prettytable::Table::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DCB21: bingrep::format::print_table_to_stdout (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DC9B2: bingrep::format::flush (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1C8E7D: bingrep::format_elf::Elf::print (in /home/git/bingrep/target/debug/bingrep)
==11789== 
==11789== Conditional jump or move depends on uninitialised value(s)
==11789==    at 0x6B057E: core::ptr::mut_ptr::<impl *mut T>::is_null (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B2B8A: <alloc::vec::Vec<T,A> as core::ops::deref::Deref>::deref (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A198A: prettytable::row::Row::column_count (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9A5E: prettytable::TableSlice::get_column_num (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9B9E: prettytable::TableSlice::get_all_column_width (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9D53: prettytable::TableSlice::__print (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AB3C0: prettytable::TableSlice::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DE6E1: prettytable::Table::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DCB21: bingrep::format::print_table_to_stdout (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DC9B2: bingrep::format::flush (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1C8E7D: bingrep::format_elf::Elf::print (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x189491: bingrep::parse_elf_file (in /home/git/bingrep/target/debug/bingrep)
==11789== 
==11789== Conditional jump or move depends on uninitialised value(s)
==11789==    at 0x6B0600: core::ptr::const_ptr::<impl *const T>::is_null (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6ACC6F: core::slice::iter::Iter<T>::new (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B08E6: core::slice::<impl [T]>::iter (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A1996: prettytable::row::Row::column_count (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9A5E: prettytable::TableSlice::get_column_num (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9B9E: prettytable::TableSlice::get_all_column_width (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9D53: prettytable::TableSlice::__print (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AB3C0: prettytable::TableSlice::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DE6E1: prettytable::Table::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DCB21: bingrep::format::print_table_to_stdout (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DC9B2: bingrep::format::flush (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1C8E7D: bingrep::format_elf::Elf::print (in /home/git/bingrep/target/debug/bingrep)
==11789== 
==11789== Conditional jump or move depends on uninitialised value(s)
==11789==    at 0x6B0630: core::ptr::const_ptr::<impl *const T>::is_null (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6ACC6F: core::slice::iter::Iter<T>::new (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B08E6: core::slice::<impl [T]>::iter (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A1996: prettytable::row::Row::column_count (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9A5E: prettytable::TableSlice::get_column_num (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9B9E: prettytable::TableSlice::get_all_column_width (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9D53: prettytable::TableSlice::__print (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AB3C0: prettytable::TableSlice::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DE6E1: prettytable::Table::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DCB21: bingrep::format::print_table_to_stdout (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DC9B2: bingrep::format::flush (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1C8E7D: bingrep::format_elf::Elf::print (in /home/git/bingrep/target/debug/bingrep)
==11789== 
==11789== Conditional jump or move depends on uninitialised value(s)
==11789==    at 0x6D3B1E: core::ptr::mut_ptr::<impl *mut T>::guaranteed_eq (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B0565: core::ptr::mut_ptr::<impl *mut T>::is_null (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6ACF8E: <core::slice::iter::Iter<T> as core::iter::traits::iterator::Iterator>::next (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AC91A: core::iter::traits::iterator::Iterator::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A46C1: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B0357: <usize as core::iter::traits::accum::Sum>::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A4813: core::iter::traits::iterator::Iterator::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A19AE: prettytable::row::Row::column_count (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9A5E: prettytable::TableSlice::get_column_num (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9B9E: prettytable::TableSlice::get_all_column_width (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9D53: prettytable::TableSlice::__print (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AB3C0: prettytable::TableSlice::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789== 
==11789== Conditional jump or move depends on uninitialised value(s)
==11789==    at 0x6B057E: core::ptr::mut_ptr::<impl *mut T>::is_null (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6ACF8E: <core::slice::iter::Iter<T> as core::iter::traits::iterator::Iterator>::next (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AC91A: core::iter::traits::iterator::Iterator::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A46C1: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B0357: <usize as core::iter::traits::accum::Sum>::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A4813: core::iter::traits::iterator::Iterator::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A19AE: prettytable::row::Row::column_count (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9A5E: prettytable::TableSlice::get_column_num (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9B9E: prettytable::TableSlice::get_all_column_width (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9D53: prettytable::TableSlice::__print (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AB3C0: prettytable::TableSlice::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DE6E1: prettytable::Table::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789== 
==11789== Conditional jump or move depends on uninitialised value(s)
==11789==    at 0x6B0600: core::ptr::const_ptr::<impl *const T>::is_null (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6ACFB5: <core::slice::iter::Iter<T> as core::iter::traits::iterator::Iterator>::next (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AC91A: core::iter::traits::iterator::Iterator::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A46C1: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B0357: <usize as core::iter::traits::accum::Sum>::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A4813: core::iter::traits::iterator::Iterator::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A19AE: prettytable::row::Row::column_count (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9A5E: prettytable::TableSlice::get_column_num (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9B9E: prettytable::TableSlice::get_all_column_width (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9D53: prettytable::TableSlice::__print (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AB3C0: prettytable::TableSlice::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DE6E1: prettytable::Table::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789== 
==11789== Conditional jump or move depends on uninitialised value(s)
==11789==    at 0x6B0630: core::ptr::const_ptr::<impl *const T>::is_null (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6ACFB5: <core::slice::iter::Iter<T> as core::iter::traits::iterator::Iterator>::next (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AC91A: core::iter::traits::iterator::Iterator::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A46C1: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B0357: <usize as core::iter::traits::accum::Sum>::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A4813: core::iter::traits::iterator::Iterator::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A19AE: prettytable::row::Row::column_count (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9A5E: prettytable::TableSlice::get_column_num (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9B9E: prettytable::TableSlice::get_all_column_width (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9D53: prettytable::TableSlice::__print (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AB3C0: prettytable::TableSlice::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DE6E1: prettytable::Table::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789== 
==11789== Conditional jump or move depends on uninitialised value(s)
==11789==    at 0x6ACFA5: <core::slice::iter::Iter<T> as core::iter::traits::iterator::Iterator>::next (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AC91A: core::iter::traits::iterator::Iterator::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A46C1: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B0357: <usize as core::iter::traits::accum::Sum>::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A4813: core::iter::traits::iterator::Iterator::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A19AE: prettytable::row::Row::column_count (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9A5E: prettytable::TableSlice::get_column_num (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9B9E: prettytable::TableSlice::get_all_column_width (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9D53: prettytable::TableSlice::__print (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AB3C0: prettytable::TableSlice::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DE6E1: prettytable::Table::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DCB21: bingrep::format::print_table_to_stdout (in /home/git/bingrep/target/debug/bingrep)
==11789== 
==11789== Conditional jump or move depends on uninitialised value(s)
==11789==    at 0x6AC964: core::iter::traits::iterator::Iterator::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A46C1: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B0357: <usize as core::iter::traits::accum::Sum>::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A4813: core::iter::traits::iterator::Iterator::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A19AE: prettytable::row::Row::column_count (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9A5E: prettytable::TableSlice::get_column_num (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9B9E: prettytable::TableSlice::get_all_column_width (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9D53: prettytable::TableSlice::__print (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AB3C0: prettytable::TableSlice::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DE6E1: prettytable::Table::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DCB21: bingrep::format::print_table_to_stdout (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x1DC9B2: bingrep::format::flush (in /home/git/bingrep/target/debug/bingrep)
==11789== 
==11789== Use of uninitialised value of size 8
==11789==    at 0x6B1415: prettytable::cell::Cell::get_hspan (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A19DE: prettytable::row::Row::column_count::{{closure}} (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A4A40: core::iter::adapters::map::map_fold::{{closure}} (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AC99B: core::iter::traits::iterator::Iterator::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A46C1: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::fold (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6B0357: <usize as core::iter::traits::accum::Sum>::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A4813: core::iter::traits::iterator::Iterator::sum (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A19AE: prettytable::row::Row::column_count (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9A5E: prettytable::TableSlice::get_column_num (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9B9E: prettytable::TableSlice::get_all_column_width (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6A9D53: prettytable::TableSlice::__print (in /home/git/bingrep/target/debug/bingrep)
==11789==    by 0x6AB3C0: prettytable::TableSlice::print_term (in /home/git/bingrep/target/debug/bingrep)
==11789== 
thread 'main' panicked at 'attempt to add with overflow', /rustc/fc594f15669680fa70d255faec3ca3fb507c3405/library/core/src/iter/traits/accum.rs:141:1
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
==11789== 
==11789== HEAP SUMMARY:
==11789==     in use at exit: 352 bytes in 3 blocks
==11789==   total heap usage: 905 allocs, 902 frees, 258,284 bytes allocated
==11789== 
==11789== LEAK SUMMARY:
==11789==    definitely lost: 0 bytes in 0 blocks
==11789==    indirectly lost: 0 bytes in 0 blocks
==11789==      possibly lost: 0 bytes in 0 blocks
==11789==    still reachable: 352 bytes in 3 blocks
==11789==         suppressed: 0 bytes in 0 blocks
==11789== Rerun with --leak-check=full to see details of leaked memory
==11789== 
==11789== Use --track-origins=yes to see where uninitialised values come from
==11789== For lists of detected and suppressed errors, rerun with: -s
==11789== ERROR SUMMARY: 44648 errors from 13 contexts (suppressed: 0 from 0)

[m4b]

this might be the cause? phsym/prettytable-rs#145

[danielzgtg]

Yes. I confirm that 1.66.0 works for me.

It might not necessarily be a regression in the rust compiler. There might be undefined behavior in any of the lines of code anywhere in the program executed before the crash. It could have been silent corruption for previous rustc versions, and in the latest version the compiler could have perfectly legally decided to move things around, exposing the undefined behavior.

[m4b]

yes i think the issue i linked is the cause and rustc 1.67 just happened to start exploiting that UB in the crate. quite a bummer :/

[m4b]

i just ported bingrep to prettytable 0.10 and it runs without issue on 1.67.0

[m4b]

so when i pushed the update to 0.10, github printed out this link: https://github.com/m4b/bingrep/security/dependabot/2

but i don't think i was ever notified about this issue, which says it was 1 month ago :/ anyway this should be fixed now and published as 0.10.3

[danielzgtg]

Everything is working again after downloading your fixed version with cargo install-update -f bingrep. Thank you for responding and fixing this issue so quickly!

[m4b]

thanks for the great bug report and carefully curated logs, was very helpful! i just wish i saw the dependabot security notice sooner (it's actually quite cool that github publishes known rustsec things onto a security tab)