Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 259 by [email protected]: shmctl() interceptor assumes wrong
size for written data
http://code.google.com/p/address-sanitizer/issues/detail?id=259
Hi,
to reproduce:
asan_shm_info.cpp:
#include <sys/shm.h>
int main()
{
struct shm_info shmInfo;
char dummy[10];
int ret = shmctl(0, SHM_INFO, (struct shmid_ds *) &shmInfo);
return ret;
}
clang++ -fsanitize=address -o asan_shm_info asan_shm_info.cpp
./asan_shm_info
==20192==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fff85fa2c00 at pc 0x4551d0 bp 0x7fff85fa2b30 sp 0x7fff85fa2b08
WRITE of size 112 at 0x7fff85fa2c00 thread T0
#0 0x4551cf in __interceptor_shmctl
/local/mar_/llvmtrunk/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:2700
#1 0x48d362 in main (/local/build/git/sys/src/asan_shm_info+0x48d362)
#2 0x2ae23c04ebc5 in __libc_start_main (/lib64/libc.so.6+0x1ebc5)
#3 0x48d14c in _start (/local/build/git/sys/src/asan_shm_info2+0x48d14c)
Address 0x7fff85fa2c00 is located in stack of thread T0 at offset 96 in
frame
#0 0x48d21f in main (/local/build/git/sys/src/asan_shm_info+0x48d21f)
This frame has 4 object(s):
[32, 36) 'retval'
[48, 96) 'shmInfo'
[128, 138) 'dummy' <== Memory access at offset 96 partially underflows
this variable
[160, 164) 'ret' <== Memory access at offset 96 partially underflows
this variable
clang trunk, SuSE Linux Enterprise 11 SP1
The problem is in
projects/compiler-rt/lib/sanitizer_common/sanitizer_platform_limits_posix.cc:196:
int shmctl_shm_info = (int)SHM_INFO;
- int shmctl_shm_stat = (int)SHM_INFO;
+ int shmctl_shm_stat = (int)SHM_STAT;
With this fix the program does not throw an error.
Best regards,
Martin
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
