From bdae3d5b80a3be2eae20b3e885e91f370cb919de Mon Sep 17 00:00:00 2001
From: Justin Viiret <justin.viiret@intel.com>
Date: Wed, 31 May 2017 13:07:22 +1000
Subject: [PATCH] dump: always allocate >=8 bytes for multibit

The multibit runtime assumes that it is always safe to read 8 bytes, so
we must over-allocate for smaller sizes. Caught by ASan.
---
 src/rose/rose_build_dump.cpp | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/rose/rose_build_dump.cpp b/src/rose/rose_build_dump.cpp
index b527db6c..a5467b31 100644
--- a/src/rose/rose_build_dump.cpp
+++ b/src/rose/rose_build_dump.cpp
@@ -681,10 +681,17 @@ vector<u32> sparseIterValues(const mmbit_sparse_iter *it, u32 num_bits) {
         return keys;
     }
 
-    vector<u8> bits(mmbit_size(num_bits), u8{0xff}); // All bits on.
-    vector<mmbit_sparse_state> state(MAX_SPARSE_ITER_STATES);
-
+    // Populate a multibit structure with all-ones. Note that the multibit
+    // runtime assumes that it is always safe to read 8 bytes, so we must
+    // over-allocate for smaller sizes.
+    const size_t num_bytes = mmbit_size(num_bits);
+    vector<u8> bits(max(size_t{8}, num_bytes), u8{0xff}); // All bits on.
     const u8 *b = bits.data();
+    if (num_bytes < 8) {
+        b += 8 - num_bytes;
+    }
+
+    vector<mmbit_sparse_state> state(MAX_SPARSE_ITER_STATES);
     mmbit_sparse_state *s = state.data();
 
     u32 idx = 0;