Comment #9 on issue 204 by [email protected]: NS_IsMainThread
hits "heap-buffer-overflow read of size 4" that is "located 0 bytes inside
of 4-byte region"
http://code.google.com/p/address-sanitizer/issues/detail?id=204
Trying the minimal repro from http://llvm.org/bugs/show_bug.cgi?id=16660 :
clang -O -fsanitize=address x.cc y.cc -fPIC -shared -o x.so ; objdump -d
x.so | less -pfoo
00000000000007b0 <_Z3foov>:
7b0: 50 push %rax
7b1: 48 8d 3d f8 07 20 00 lea 0x2007f8(%rip),%rdi # 200fb0
<_DYNAMIC+0x1b0>
7b8: e8 f3 fe ff ff callq 6b0 <__tls_get_addr@plt>
7bd: 48 89 c1 mov %rax,%rcx
7c0: 48 8d 89 00 00 00 00 lea 0x0(%rcx),%rcx
7c7: 48 c1 e9 03 shr $0x3,%rcx
7cb: 8a 91 00 80 ff 7f mov 0x7fff8000(%rcx),%dl
7d1: 84 d2 test %dl,%dl
7d3: 74 19 je 7ee <_Z3foov+0x3e>
7d5: 48 c7 c6 00 00 00 00 mov $0x0,%rsi
7dc: 48 89 c1 mov %rax,%rcx
7df: 01 ce add %ecx,%esi
7e1: 83 e6 07 and $0x7,%esi
7e4: 83 c6 03 add $0x3,%esi
7e7: 0f be ca movsbl %dl,%ecx
7ea: 39 ce cmp %ecx,%esi
7ec: 7d 08 jge 7f6 <_Z3foov+0x46>
7ee: 8b 80 00 00 00 00 mov 0x0(%rax),%eax
7f4: 5a pop %rdx
7f5: c3 retq
7f6: 48 8d 80 00 00 00 00 lea 0x0(%rax),%rax
7fd: 48 89 c7 mov %rax,%rdi
800: e8 9b fe ff ff callq 6a0 <__asan_report_load4@plt>
805: 66 66 2e 0f 1f 84 00 data32 nopw %cs:0x0(%rax,%rax,1)
The code looks sane now (much better than before).
Can you try on Firefox?
(I did nothing to fix this, probably got fixed independently)
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
