Status: Accepted
Owner: [email protected]
CC: [email protected], [email protected]
Labels: Type-Defect Priority-Medium OpSys-OSX
New issue 274 by [email protected]: Incorrect shadow values for
global string constants on OSX
http://code.google.com/p/address-sanitizer/issues/detail?id=274
See http://crbug.com/352073
=================================================================
==38424==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000f8362 at pc 0x14b16d bp 0xbff7f5f8 sp 0xbff7f5e8
READ of size 1 at 0x000f8362 thread T0
#0 0x14b16c in wrap_memmove
(/Volumes/data/b/build/slave/mac_asan/build/src/third_party/llvm-build/Release+Asserts/lib/clang/3.5/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x1716c)
#1 0x965fe351 in __CFStringAppendBytes
(/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8351)
#2 0x965fd99e in __CFStringAppendFormatCore
(/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x799e)
#3 0x9664a19b in _CFStringCreateWithFormatAndArgumentsAux
(/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x5419b)
#4 0x9575beed in -[NSPlaceholderString
initWithFormat:locale:arguments:]
(/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation+0x5beed)
#5 0x9575d04b in +[NSString stringWithFormat:]
(/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation+0x5d04b)
#6 0x80ab8 in main
(/Volumes/data/b/build/slave/mac_asan/build/src/chrome/../out/Release/infoplist_strings_tool+0x2ab8)
#7 0x80254 in start
(/Volumes/data/b/build/slave/mac_asan/build/src/chrome/../out/Release/infoplist_strings_tool+0x2254)
0x000f8362 is located 2 bytes inside of global variable '.str119'
from '../../chrome/tools/mac_helpers/infoplist_strings_util.mm' (0xf8360)
of size 12
'.str119' is ascii string '%d.%d.%d.%d'
0x000f8362 is located 27 bytes to the right of global variable '.str117'
from '../../chrome/tools/mac_helpers/infoplist_strings_util.mm' (0xf8340)
of size 7
'.str117' is ascii string 'PATCH='
SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 wrap_memmove
Shadow bytes around the buggy address:
0x2001f010: 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 02 f9 f9 f9
0x2001f020: 03 f9 f9 f9 02 f9 f9 f9 03 f9 f9 f9 02 f9 f9 f9
0x2001f030: 03 f9 f9 f9 02 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9
0x2001f040: 00 00 00 00 00 05 f9 f9 f9 f9 f9 f9 00 00 00 00
0x2001f050: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9
=>0x2001f060: 07 f9 f9 f9 07 f9 f9 f9 07 f9 f9 f9[f9]04 f9 f9
0x2001f070: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x2001f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x2001f090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x2001f0a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x2001f0b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==38424==ABORTING
ninja: build stopped: subcommand failed.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
