> Thanks very much for your quickly help. For #1, you mean it is my program > bug? Not sure yet. There is much library code involved, and something wrong is going on with the globals (see below).
> > For #2, I have set the ASAN_SYMBOLIZER_PATH to point to the llvm-symbolizer > binary, so that the report can only show function name. But no line number, > could you please review the full report below? Can you please run dsymutil on your program and check whether it helps to get line numbers? > ==12807==ERROR: AddressSanitizer: global-buffer-overflow on address > 0x0001007784c0 at pc 0x100a3f594 bp 0x7fff5fbfe310 sp 0x7fff5fbfe2d8 > READ of size 18 at 0x0001007784c0 thread T0 > #0 0x100a3f593 in wrap_memcmp > (/Users/oupeng/llvm/Release+Asserts/lib/clang/3.5/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x16593) > #1 0x7fff8f40cd56 in __CFStringEqual > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xfd56) ... > > #25 0x100001fad in main (/path/myapp+0x100001fad) > > #26 0x100001d33 in start (/path/myapp+0x100001d33) > > #27 0x0 (/path/myapp+0x0) > > > 0x0001007784c0 is located 32 bytes to the left of global variable '.str5' > from '/path/myapp/Controller.m' (0x1007784e0) of size 13 > > '.str5' is ascii string 'ctestString' > > 0x0001007784c0 is located 0 bytes inside of global variable '.str3' from > '/path/myapp/Controller.m' (0x1007784c0) of size 19 > > '.str3' is ascii string 'ctestOptions' > > 0x0001007784c0 is located 4 bytes to the right of global variable '.str1' > from '/path/myapp/Controller.m' (0x1007784a0) of size 28 > > '.str1' is ascii string 'appMode' > > SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 wrap_memcmp > > Shadow bytes around the buggy address: > > 0x1000200ef040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > 0x1000200ef050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > 0x1000200ef060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > 0x1000200ef070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > 0x1000200ef080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > =>0x1000200ef090: 00 00 05 f9 f9 f9 f9 04[f9]f9 03 f9 f9 05 f9 f9 > > 0x1000200ef0a0: f9 f9 01 f9 f9 06 f9 f9 01 f9 f9 f9 04 f9 f9 f9 > > 0x1000200ef0b0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 > > 0x1000200ef0c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > 0x1000200ef0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > 0x1000200ef0e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > Shadow byte legend (one shadow byte represents 8 application bytes): This is weird. According to the report, there are three globals aligned on 32 bytes: str1 of size 28 starting at 0x1007784a0 and containing "appMode" (shadow bytes f9f9f904) str3 of size 19 starting at 0x1007784c0 and containing "ctestOptions" (shadow bytes f9f903f9) str5 of size 13 starting at 0x1007784e0 and containing "ctestString" (shadow bytes f905f9f9) For some reason the leading shadow bytes of the globals are set to f9 instead of 00. Do you have a reproducer that doesn't contain proprietary code? > Addressable: 00 > > Partially addressable: 01 02 03 04 05 06 07 > > Heap left redzone: fa > > Heap right redzone: fb > > Freed heap region: fd > > Stack left redzone: f1 > > Stack mid redzone: f2 > > Stack right redzone: f3 > > Stack partial redzone: f4 > > Stack after return: f5 > > Stack use after scope: f8 > > Global redzone: f9 > > Global init order: f6 > > Poisoned by user: f7 > > Contiguous container OOB:fc > > ASan internal: fe > > ==13800==ABORTING > > On Monday, February 17, 2014 11:53:37 PM UTC+8, Alexander Potapenko wrote: >> >> 1. This is an actual global buffer overflow. This means that the >> program tried to read past the end of a global string. >> fun:memcmp won't help because we don't compile memcmp (it's in the >> system library), but wrap in with our interceptor (aka wrap_memcmp) >> that checks the validity of memory. >> You can disable checks in memcmp by setting the ASAN_OPTIONS env var >> to "replace_intrin=0", but this may mask other bugs. >> >> 2. Please refer to http://clang.llvm.org/docs/AddressSanitizer.html >> for the instructions on report symbolization. >> Note that your report contains only library functions for which Apple >> doesn't provide the debug information. Is this a full report? >> >> >> On Mon, Feb 17, 2014 at 7:29 AM, laser <[email protected]> wrote: >> > I got the flollowing global-buffer-overflow issue after I replace the >> > clang >> > from pre-built binary build to build a llvm/clang with my-self >> > >> > I have two questions: >> > >> > 1. What's the problem, how to bypass the issue? >> > I have set fun:wrap_memcmp in the blacklist >> > -fsanitize-blacklist=blacklist.txt but still doesnt' work. >> > >> > 2. How can I get the code line number? >> > -gdwarf-2 -g have set in compile flag. >> > >> > Many Thanks! >> > >> > ================================================================= >> > ==12807==ERROR: AddressSanitizer: global-buffer-overflow on address >> > 0x0001007784c0 at pc 0x100a3f594 bp 0x7fff5fbfe310 sp 0x7fff5fbfe2d8 >> > READ of size 18 at 0x0001007784c0 thread T0 >> > #0 0x100a3f593 in wrap_memcmp >> > >> > (/Users/oupeng/llvm/Release+Asserts/lib/clang/3.5/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x16593) >> > #1 0x7fff8f40cd56 in __CFStringEqual >> > >> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xfd56) >> > #2 0x7fff8f40cbd7 in CFEqual >> > >> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xfbd7) >> > #3 0x7fff8f40c928 in __CFDictionaryStandardEquateKeys >> > >> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xf928) >> > #4 0x7fff8f3ff404 in CFBasicHashFindBucket >> > >> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x2404) >> > #5 0x7fff8f3fec05 in CFDictionaryGetValue >> > >> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x1c05) >> > #6 0x7fff8f576aac in -[CFPrefsPlistSource copyValueForKey:] >> > >> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x179aac) >> > #7 0x7fff8f575a32 in -[CFPrefsSearchListSource copyValueForKey:] >> > >> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x178a32) >> > #8 0x7fff8f57189f in __CFPreferencesCopyAppValue_block_invoke_0 >> > >> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x17489f) >> > #9 0x7fff8f575007 in +[CFPrefsSearchListSource >> > withSearchListForIdentifier:perform:] >> > >> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x178007) >> > #10 0x7fff8f44a9c9 in CFPreferencesCopyAppValue >> > >> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x4d9c9) >> > #11 0x7fff8efe9aef in -[NSUserDefaults(NSUserDefaults) >> > objectForKey:] >> > >> > (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation+0x49aef) >> > #12 0x7fff8efeca88 in -[NSUserDefaults(NSUserDefaults) >> > integerForKey:] >> > >> > (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation+0x4ca88) >> > >> > -------------------------- >> > >> > >> > >> > >> > >> > >> > On Friday, February 14, 2014 8:17:34 AM UTC+8, laser wrote: >> >> >> >> Load command 0 >> >> cmd LC_SEGMENT_64 >> >> cmdsize 72 >> >> segname __PAGEZERO >> >> vmaddr 0x0000000000000000 >> >> vmsize 0x0000000100000000 >> >> fileoff 0 >> >> filesize 0 >> >> maxprot 0x00000000 >> >> initprot 0x00000000 >> >> nsects 0 >> >> flags 0x0 >> >> Load command 1 >> >> cmd LC_SEGMENT_64 >> >> cmdsize 1032 >> >> segname __TEXT >> >> vmaddr 0x0000000100000000 >> >> vmsize 0x00000000008b6000 >> >> fileoff 0 >> >> filesize 9134080 >> >> maxprot 0x00000007 >> >> initprot 0x00000005 >> >> nsects 12 >> >> flags 0x0 >> >> Section >> >> sectname __text >> >> segname __TEXT >> >> addr 0x0000000100002080 >> >> size 0x00000000007159c7 >> >> offset 8320 >> >> align 2^6 (64) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x80000400 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __stubs >> >> segname __TEXT >> >> addr 0x0000000100717a48 >> >> size 0x00000000000011ca >> >> offset 7436872 >> >> align 2^1 (2) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x80000408 >> >> reserved1 0 (index into indirect symbol table) >> >> reserved2 6 (size of stubs) >> >> Section >> >> sectname __stub_helper >> >> segname __TEXT >> >> addr 0x0000000100718c14 >> >> size 0x0000000000001370 >> >> offset 7441428 >> >> align 2^2 (4) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x80000400 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __const >> >> segname __TEXT >> >> addr 0x0000000100719fa0 >> >> size 0x000000000008d204 >> >> offset 7446432 >> >> align 2^5 (32) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __cstring >> >> segname __TEXT >> >> addr 0x00000001007a71b0 >> >> size 0x000000000005f79a >> >> offset 8024496 >> >> align 2^4 (16) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000002 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_methname >> >> segname __TEXT >> >> addr 0x000000010080694a >> >> size 0x000000000000654e >> >> offset 8415562 >> >> align 2^0 (1) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000002 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_classname >> >> segname __TEXT >> >> addr 0x000000010080ce98 >> >> size 0x00000000000005f7 >> >> offset 8441496 >> >> align 2^0 (1) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000002 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_methtype >> >> segname __TEXT >> >> addr 0x000000010080d48f >> >> size 0x0000000000001f74 >> >> offset 8443023 >> >> align 2^0 (1) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000002 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __gcc_except_tab >> >> segname __TEXT >> >> addr 0x000000010080f404 >> >> size 0x000000000000bcd4 >> >> offset 8451076 >> >> align 2^2 (4) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __ustring >> >> segname __TEXT >> >> addr 0x000000010081b0e0 >> >> size 0x00000000000000ce >> >> offset 8499424 >> >> align 2^4 (16) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __unwind_info >> >> segname __TEXT >> >> addr 0x000000010081b1ae >> >> size 0x0000000000006df4 >> >> offset 8499630 >> >> align 2^0 (1) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __eh_frame >> >> segname __TEXT >> >> addr 0x0000000100821fa8 >> >> size 0x0000000000094050 >> >> offset 8527784 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Load command 2 >> >> cmd LC_SEGMENT_64 >> >> cmdsize 1752 >> >> segname __DATA >> >> vmaddr 0x00000001008b6000 >> >> vmsize 0x0000000000089000 >> >> fileoff 9134080 >> >> filesize 528384 >> >> maxprot 0x00000007 >> >> initprot 0x00000003 >> >> nsects 21 >> >> flags 0x0 >> >> Section >> >> sectname __program_vars >> >> segname __DATA >> >> addr 0x00000001008b6000 >> >> size 0x0000000000000028 >> >> offset 9134080 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __nl_symbol_ptr >> >> segname __DATA >> >> addr 0x00000001008b6028 >> >> size 0x0000000000000010 >> >> offset 9134120 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000006 >> >> reserved1 759 (index into indirect symbol table) >> >> reserved2 0 >> >> Section >> >> sectname __got >> >> segname __DATA >> >> addr 0x00000001008b6038 >> >> size 0x0000000000000298 >> >> offset 9134136 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000006 >> >> reserved1 761 (index into indirect symbol table) >> >> reserved2 0 >> >> Section >> >> sectname __la_symbol_ptr >> >> segname __DATA >> >> addr 0x00000001008b62d0 >> >> size 0x00000000000017b8 >> >> offset 9134800 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000007 >> >> reserved1 844 (index into indirect symbol table) >> >> reserved2 0 >> >> Section >> >> sectname __mod_init_func >> >> segname __DATA >> >> addr 0x00000001008b7a88 >> >> size 0x00000000000004d8 >> >> offset 9140872 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000009 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __mod_term_func >> >> segname __DATA >> >> addr 0x00000001008b7f60 >> >> size 0x00000000000003d8 >> >> offset 9142112 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x0000000a >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_classlist >> >> segname __DATA >> >> addr 0x00000001008b8338 >> >> size 0x0000000000000198 >> >> offset 9143096 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x10000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_catlist >> >> segname __DATA >> >> addr 0x00000001008b84d0 >> >> size 0x0000000000000030 >> >> offset 9143504 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x10000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_protolist >> >> segname __DATA >> >> addr 0x00000001008b8500 >> >> size 0x0000000000000028 >> >> offset 9143552 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_imageinfo >> >> segname __DATA >> >> addr 0x00000001008b8528 >> >> size 0x0000000000000008 >> >> offset 9143592 >> >> align 2^2 (4) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_const >> >> segname __DATA >> >> addr 0x00000001008b8530 >> >> size 0x000000000000ca78 >> >> offset 9143600 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_selrefs >> >> segname __DATA >> >> addr 0x00000001008c4fa8 >> >> size 0x0000000000001c38 >> >> offset 9195432 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x10000005 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_classrefs >> >> segname __DATA >> >> addr 0x00000001008c6be0 >> >> size 0x0000000000000300 >> >> offset 9202656 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x10000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_superrefs >> >> segname __DATA >> >> addr 0x00000001008c6ee0 >> >> size 0x0000000000000178 >> >> offset 9203424 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x10000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_data >> >> segname __DATA >> >> addr 0x00000001008c7058 >> >> size 0x0000000000000ff0 >> >> offset 9203800 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __data >> >> segname __DATA >> >> addr 0x00000001008c8060 >> >> size 0x000000000003eccc >> >> offset 9207904 >> >> align 2^5 (32) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __cfstring >> >> segname __DATA >> >> addr 0x0000000100906d30 >> >> size 0x0000000000001760 >> >> offset 9465136 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __objc_ivar >> >> segname __DATA >> >> addr 0x0000000100908490 >> >> size 0x00000000000006f0 >> >> offset 9471120 >> >> align 2^3 (8) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __const >> >> segname __DATA >> >> addr 0x0000000100908b80 >> >> size 0x000000000002d9b8 >> >> offset 9472896 >> >> align 2^5 (32) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000000 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __common >> >> segname __DATA >> >> addr 0x0000000100936540 >> >> size 0x00000000000000d4 >> >> offset 0 >> >> align 2^5 (32) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000001 >> >> reserved1 0 >> >> reserved2 0 >> >> Section >> >> sectname __bss >> >> segname __DATA >> >> addr 0x0000000100936620 >> >> size 0x0000000000008560 >> >> offset 0 >> >> align 2^5 (32) >> >> reloff 0 >> >> nreloc 0 >> >> flags 0x00000001 >> >> reserved1 0 >> >> reserved2 0 >> >> Load command 3 >> >> cmd LC_SEGMENT_64 >> >> cmdsize 72 >> >> segname __LINKEDIT >> >> vmaddr 0x000000010093f000 >> >> vmsize 0x00000000001dd000 >> >> fileoff 9662464 >> >> filesize 1951076 >> >> maxprot 0x00000007 >> >> initprot 0x00000001 >> >> nsects 0 >> >> flags 0x0 >> >> Load command 4 >> >> cmd LC_DYLD_INFO_ONLY >> >> cmdsize 48 >> >> rebase_off 0 >> >> rebase_size 0 >> >> bind_off 9662464 >> >> bind_size 5520 >> >> weak_bind_off 9667984 >> >> weak_bind_size 14616 >> >> lazy_bind_off 9682600 >> >> lazy_bind_size 11264 >> >> export_off 9693864 >> >> export_size 208200 >> >> Load command 5 >> >> cmd LC_SYMTAB >> >> cmdsize 24 >> >> symoff 9921608 >> >> nsyms 47112 >> >> stroff 10681812 >> >> strsize 931728 >> >> Load command 6 >> >> cmd LC_DYSYMTAB >> >> cmdsize 80 >> >> ilocalsym 0 >> >> nlocalsym 38097 >> >> iextdefsym 38097 >> >> nextdefsym 8376 >> >> iundefsym 46473 >> >> nundefsym 639 >> >> tocoff 0 >> >> ntoc 0 >> >> modtaboff 0 >> >> nmodtab 0 >> >> extrefsymoff 0 >> >> nextrefsyms 0 >> >> indirectsymoff 10675400 >> >> nindirectsyms 1603 >> >> extreloff 0 >> >> nextrel 0 >> >> locreloff 0 >> >> nlocrel 0 >> >> Load command 7 >> >> cmd LC_LOAD_DYLINKER >> >> cmdsize 32 >> >> name /usr/lib/dyld (offset 12) >> >> Load command 8 >> >> cmd LC_UUID >> >> cmdsize 24 >> >> uuid D90F6E36-AC16-38F7-AE77-B0134B774146 >> >> Load command 9 >> >> cmd LC_VERSION_MIN_MACOSX >> >> cmdsize 16 >> >> version 10.6 >> >> sdk n/a >> >> Load command 10 >> >> cmd LC_UNIXTHREAD >> >> cmdsize 184 >> >> flavor x86_THREAD_STATE64 >> >> count x86_THREAD_STATE64_COUNT >> >> rax 0x0000000000000000 rbx 0x0000000000000000 rcx >> >> 0x0000000000000000 >> >> rdx 0x0000000000000000 rdi 0x0000000000000000 rsi >> >> 0x0000000000000000 >> >> rbp 0x0000000000000000 rsp 0x0000000000000000 r8 >> >> 0x0000000000000000 >> >> r9 0x0000000000000000 r10 0x0000000000000000 r11 >> >> 0x0000000000000000 >> >> r12 0x0000000000000000 r13 0x0000000000000000 r14 >> >> 0x0000000000000000 >> >> r15 0x0000000000000000 rip 0x0000000100002080 >> >> rflags 0x0000000000000000 cs 0x0000000000000000 fs >> >> 0x0000000000000000 >> >> gs 0x0000000000000000 >> >> Load command 11 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 80 >> >> name @executable_path/../Frameworks/libglib-2.0.0.dylib >> >> (offset >> >> 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 2201.1.0 >> >> compatibility version 2201.0.0 >> >> Load command 12 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 80 >> >> name @executable_path/../Frameworks/libgobject-2.0.0.dylib >> >> (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 2201.1.0 >> >> compatibility version 2201.0.0 >> >> Load command 13 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 80 >> >> name @executable_path/../Frameworks/libgmodule-2.0.0.dylib >> >> (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 2201.1.0 >> >> compatibility version 2201.0.0 >> >> Load command 14 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 80 >> >> name @executable_path/../Frameworks/libgthread-2.0.0.dylib >> >> (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 2201.1.0 >> >> compatibility version 2201.0.0 >> >> Load command 15 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 80 >> >> name @executable_path/../Frameworks/libintl.8.0.2.dylib >> >> (offset >> >> 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 9.2.0 >> >> compatibility version 9.0.0 >> >> Load command 16 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 56 >> >> name /usr/lib/libSystem.B.dylib (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 1197.1.1 >> >> compatibility version 1.0.0 >> >> Load command 17 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 72 >> >> name @executable_path/../Frameworks/libcrtbora.dylib (offset >> >> 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 0.0.0 >> >> compatibility version 0.0.0 >> >> Load command 18 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 56 >> >> name /usr/lib/libxml2.2.dylib (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 10.9.0 >> >> compatibility version 10.0.0 >> >> Load command 19 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 48 >> >> name /usr/lib/libz.1.dylib (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 1.2.5 >> >> compatibility version 1.0.0 >> >> Load command 20 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 56 >> >> name /usr/lib/libstdc++.6.dylib (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 60.0.0 >> >> compatibility version 7.0.0 >> >> Load command 21 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 88 >> >> name >> >> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit (offset >> >> 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 1265.0.0 >> >> compatibility version 45.0.0 >> >> Load command 22 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 88 >> >> name >> >> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon (offset >> >> 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 157.0.0 >> >> compatibility version 2.0.0 >> >> Load command 23 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 88 >> >> name >> >> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa >> >> (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 20.0.0 >> >> compatibility version 1.0.0 >> >> Load command 24 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 96 >> >> name >> >> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData >> >> (offset >> >> 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 481.0.0 >> >> compatibility version 1.0.0 >> >> Load command 25 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 104 >> >> name >> >> >> >> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices >> >> (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 59.0.0 >> >> compatibility version 1.0.0 >> >> Load command 26 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 104 >> >> name >> >> >> >> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation >> >> (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 855.11.0 >> >> compatibility version 150.0.0 >> >> Load command 27 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 96 >> >> name >> >> /System/Library/Frameworks/Security.framework/Versions/A/Security >> >> (offset >> >> 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 55471.0.0 >> >> compatibility version 1.0.0 >> >> Load command 28 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 112 >> >> name >> >> >> >> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface >> >> (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 55047.0.0 >> >> compatibility version 1.0.0 >> >> Load command 29 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 112 >> >> name >> >> >> >> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration >> >> (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 596.12.0 >> >> compatibility version 1.0.0 >> >> Load command 30 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 128 >> >> name >> >> >> >> /users/laser/Downloads/clang3.4-darwin/lib/clang/3.4/lib/darwin/libclang_rt.asan_osx_dynamic.dylib >> >> (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 0.0.0 >> >> compatibility version 0.0.0 >> >> Load command 31 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 56 >> >> name /usr/lib/libobjc.A.dylib (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 228.0.0 >> >> compatibility version 1.0.0 >> >> Load command 32 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 104 >> >> name >> >> >> >> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics >> >> (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 600.0.0 >> >> compatibility version 64.0.0 >> >> Load command 33 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 96 >> >> name >> >> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation >> >> (offset 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 1056.0.0 >> >> compatibility version 300.0.0 >> >> Load command 34 >> >> cmd LC_LOAD_DYLIB >> >> cmdsize 96 >> >> name >> >> /System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork >> >> (offset >> >> 24) >> >> time stamp 2 Thu Jan 1 08:30:02 1970 >> >> current version 673.0.3 >> >> compatibility version 1.0.0 >> >> Load command 35 >> >> cmd LC_FUNCTION_STARTS >> >> cmdsize 16 >> >> dataoff 9902064 >> >> datasize 19544 >> >> >> >> On Thursday, February 13, 2014 7:57:14 PM UTC+8, Alexander Potapenko >> >> wrote: >> >>> >> >>> Can you please attach the output of otool -l for you binary? >> >>> >> >>> On Thu, Feb 13, 2014 at 3:47 PM, laser <[email protected]> wrote: >> >>> > Hi experts, >> >>> > >> >>> > I got the following error when run my app with Asan in Mac OS, Could >> >>> > you >> >>> > take a look what's the problem? It is likely a asan related issue, >> >>> > how >> >>> > to >> >>> > bypass it? >> >>> > >> >>> > >> >>> > ==23202==ERROR: AddressSanitizer: heap-use-after-free on address >> >>> > 0x6110000f4450 at pc 0x10019379f bp 0x7fff5fbfa190 sp 0x7fff5fbfa188 >> >>> > WRITE of size 8 at 0x6110000f4450 thread T0 >> >>> > ==23202==AddressSanitizer CHECK failed: >> >>> > >> >>> > >> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:215 >> >>> > "((n_ranges_)) < ((kMaxNumberOfAddressRanges))" (0x6, 0x6) >> >>> > ==23202==AddressSanitizer CHECK failed: >> >>> > >> >>> > >> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >> >>> > 0x7fff7c459180) >> >>> > ==23202==AddressSanitizer CHECK failed: >> >>> > >> >>> > >> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >> >>> > 0x7fff7c459180) >> >>> > ==23202==AddressSanitizer CHECK failed: >> >>> > >> >>> > >> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >> >>> > 0x7fff7c459180) >> >>> > ==23202==AddressSanitizer CHECK failed: >> >>> > >> >>> > >> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >> >>> > 0x7fff7c459180) >> >>> > ==23202==AddressSanitizer CHECK failed: >> >>> > >> >>> > >> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >> >>> > 0x7fff7c459180) >> >>> > ==23202==AddressSanitizer CHECK failed: >> >>> > >> >>> > >> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >> >>> > 0x7fff7c459180) >> >>> > ==23202==AddressSanitizer CHECK failed: >> >>> > >> >>> > >> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >> >>> > 0x7fff7c459180) >> >>> > ==23202==AddressSanitizer CHECK failed: >> >>> > >> >>> > >> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >> >>> > 0x7fff7c459180) >> >>> > Segmentation fault: 11 >> >>> > >> >>> > Thanks! >> >>> > >> >>> > -- >> >>> > You received this message because you are subscribed to the Google >> >>> > Groups >> >>> > "address-sanitizer" group. >> >>> > To unsubscribe from this group and stop receiving emails from it, >> >>> > send >> >>> > an >> >>> > email to [email protected]. >> >>> > For more options, visit https://groups.google.com/groups/opt_out. >> >>> >> >>> >> >>> >> >>> -- >> >>> Alexander Potapenko >> >>> Software Engineer >> >>> Google Moscow >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "address-sanitizer" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> -- >> Alexander Potapenko >> Software Engineer >> Google Moscow > > -- > You received this message because you are subscribed to the Google Groups > "address-sanitizer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- Alexander Potapenko Software Engineer Google Moscow -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
