From: Kefu Chai <tchaikov@gmail.com>
Date: Sun, 29 Jun 2025 02:15:25 +0000 (+0800)
Subject: test/erasure-code: fix stack-use-after-scope by replacing initializer_list with array
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F64238%2Fhead;p=ceph.git

test/erasure-code: fix stack-use-after-scope by replacing initializer_list with array

Previously, we used std::array<std::initializer_list<int>, 27> to store
a multi-dimensional array. However, initializer_list objects only hold
pointers to their underlying data, not the data itself. When initialized
with brace-enclosed lists like {0,1,2,3}, the temporary arrays created
by these literals are destroyed after the initialization expression
completes, leaving the initializer_list objects pointing to deallocated
memory.

This caused AddressSanitizer to detect stack-use-after-scope errors when
getint() attempted to iterate over the initializer_list contents:

```
==2085499==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7f5fe9803580 at pc 0x55d851bea586 bp 0x7ffc9816a5b0 sp 0x7ffc9816a5a8
READ of size 4 at 0x7f5fe9803580 thread T0
    #0 0x55d851bea585 in getint(std::initializer_list<int>) /home/jenkins-build/build/workspace/ceph-pull-requests/src/test/erasure-code/TestErasureCodeShec_arguments.cc:46:21
    #1 0x55d851bf0258 in int std::__invoke_impl<int, int (*&)(std::initializer_list<int>), std::initializer_list<int>&>(std::__invoke_other, int (*&)(std::initializer_list<int>), std::initializer_list<int>&) /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:61:14
...
Address 0x7f5fe9803580 is located in stack of thread T0 at offset 1408 in frame
    #0 0x55d851bdd07f in create_table_shec432() /home/jenkins-build/build/workspace/ceph-pull-requests/src/test/erasure-code/TestErasureCodeShec_arguments.cc:52
```

Fix this by using std::array<std::array<int, 4>, 27> instead, which
actually owns and stores the data rather than just pointing to it.

Signed-off-by: Kefu Chai <tchaikov@gmail.com>
---

diff --git a/src/test/erasure-code/TestErasureCodeShec_arguments.cc b/src/test/erasure-code/TestErasureCodeShec_arguments.cc
index 0c3b73f9e8e08..ac8580281eddf 100644
--- a/src/test/erasure-code/TestErasureCodeShec_arguments.cc
+++ b/src/test/erasure-code/TestErasureCodeShec_arguments.cc
@@ -41,7 +41,8 @@ unsigned int value_count = 0;
 
 map<shard_id_set,set<shard_id_set>> shec_table;
 
-constexpr int getint(std::initializer_list<int> is) {
+template<size_t N>
+constexpr int getint(const std::array<int, N>& is) {
   int a = 0;
   for (const auto i : is) {
     a |= 1 << i;
@@ -74,8 +75,8 @@ void create_table_shec432() {
         }
         if (std::popcount(avails) == 2 &&
             std::popcount(want) == 1) {
-	  if (std::cmp_equal(want | avails, getint({0,1,5})) ||
-	      std::cmp_equal(want | avails, getint({2,3,6}))) {
+	  if (std::cmp_equal(want | avails, getint(std::to_array({0,1,5}))) ||
+	      std::cmp_equal(want | avails, getint(std::to_array({2,3,6})))) {
             vec.push_back(avails);
           }
         }
@@ -86,14 +87,14 @@ void create_table_shec432() {
           continue;
         }
         if (std::popcount(avails) == 4) {
-	  auto a = to_array<std::initializer_list<int>>({
+	  auto a = std::to_array<std::array<int, 4>>({
 	      {0,1,2,3}, {0,1,2,4}, {0,1,2,6}, {0,1,3,4}, {0,1,3,6}, {0,1,4,6},
 	      {0,2,3,4}, {0,2,3,5}, {0,2,4,5}, {0,2,4,6}, {0,2,5,6}, {0,3,4,5},
 	      {0,3,4,6}, {0,3,5,6}, {0,4,5,6}, {1,2,3,4}, {1,2,3,5}, {1,2,4,5},
 	      {1,2,4,6}, {1,2,5,6}, {1,3,4,5}, {1,3,4,6}, {1,3,5,6}, {1,4,5,6},
 	      {2,3,4,5}, {2,4,5,6}, {3,4,5,6}});
-          if (ranges::any_of(a, std::bind_front(cmp_equal<uint, int>, avails),
-			     getint)) {
+          if (ranges::any_of(a, [avails] (int n) { return cmp_equal(avails, n); },
+			     getint<4>)) {
 	    vec.push_back(avails);
 	  }
 	}