Re: GCC Asan report some unexpected log when an error detected, anyone explain me why?

[ji wang]

There is one more question, kcc
Accroding to my test result, Asan report some error at non-instrumented 
code, which means the stacks asan reported lead to the non-instrumented 
code, why this happened?

==2415==ERROR: AddressSanitizer: attempting double-free on 0xb4c28b20 in 
thread T16777215:
==2415==AddressSanitizer CHECK failed: 
../../../.././../gcc/gcc-4.9/libsanitizer/asan/asan_report.cc:586 
"((free_stack->size)) > ((0))" (0x0, 0x0)
    #0 0xb67af94f (/system/lib/libasan.so.1+0x3f94f)
    #1 0xb67b2f8b (/system/lib/libasan.so.1+0x42f8b)
    #2 0xb67ae137 (/system/lib/libasan.so.1+0x3e137)
    #3 0xb6785bff (/system/lib/libasan.so.1+0x15bff)
    #4 0xb67aab63 (/system/lib/libasan.so.1+0x3ab63)
    #5 0xb6ec0cbf (/system/lib/libc.so+0xdcbf)
    #6 0xb6cf0369 (/system/lib/libbinder.so+0x20369)
    #7 0xb6cf041b (/system/lib/libbinder.so+0x2041b)
    #8 0xb6ced789 (/system/lib/libbinder.so+0x1d789)
    #9 0xb6cedabd (/system/lib/libbinder.so+0x1dabd)
    #10 0xb6cedb33 (/system/lib/libbinder.so+0x1db33)
    #11 0xb6cf1983 (/system/lib/libbinder.so+0x21983)
    #12 0xb6e00a11 (/system/lib/libutils.so+0xea11)
    #13 0xb6e00543 (/system/lib/libutils.so+0xe543)
    #14 0xb6ec0223 (/system/lib/libc.so+0xd223)
    #15 0xb6ec03bb (/system/lib/libc.so+0xd3bb)


在 2014年8月6日星期三UTC+8下午5时49分35秒，kcc写道：
>
> On Wed, Aug 6, 2014 at 1:45 PM, ji wang <mason....@gmail.com <javascript:>> 
> wrote: 
> >> (it is possible if e.g. you have 
> >>uninstrumented code). 
> > Do you mean if we want to test a single process, we must recomplied all 
> the 
> > source code that the process using? In my part, an excutable using lots 
> of 
> > shared lib when it runs as a single process, do we need recompiled all 
> those 
> > shared lib and the excutable code？ 
>
>
> There is no "must" here. But if the non-instrumented code has a bug 
> which leads to memory corruption asan will not report it 
> and may itself die due to that memory corruption. 
>
> > 
> > 
> >>Hard to tell more w/o reproducer. 
> > I can reproduce those errors using my device now at my hands, but it 
> maybe 
> > diffcult for anybody else to reproduce those errors. 
> > 
> > 在 2014年8月6日星期三UTC+8下午4时52分29秒，kcc写道： 
> >> 
> >> The first one (((free_stack->size)) > ((0))" (0x0, 0x0)) looks like 
> >> asan could not find the stack trace where the first free() happened. 
> >> The second one ("((id)) != (0)" (0x0, 0x0)) is something similar -- 
> >> asan fails to find the allocation stack trace. 
> >> In either case this looks like some bug in asan, or maybe a memory 
> >> corruption that asan has missed (it is possible if e.g. you have 
> >> uninstrumented code). 
> >> Hard to tell more w/o reproducer. 
> >> 
> >> On Wed, Aug 6, 2014 at 12:40 PM, ji wang <mason....@gmail.com> wrote: 
> >> > Hi, kcc 
> >> > Thanks,again haha:) 
> >> > I just simple want to know what thoes errors means, so I can correct 
> it 
> >> > , as 
> >> > to my GCC and asan runtime lib was compiled  by myself base on Gcc4.9 
> >> > source 
> >> > code maybe something went wrong.I think those not right print, may 
> >> > happen on 
> >> > muti-thread program? Or any other advices? 
> >> > And PS, Those occurs on my Android device, I've mentioned in other 
> >> > posts,Using asan enable GCC android toolchain to test 
> libstagefright.so 
> >> > on 
> >> > my android device, push this recompiled lib and then run monkey test, 
> >> > got 
> >> > errors like above. 
> >> > 
> >> > 
> >> > 在 2014年8月6日星期三UTC+8下午2时15分03秒，kcc写道： 
> >> >> 
> >> >> Do you have a reproducer? 
> >> >> 
> >> >> On Wed, Aug 6, 2014 at 6:04 AM, ji wang <mason....@gmail.com> 
> wrote: 
> >> >> > First: Double Free 
> >> >> > ================================================================= 
> >> >> > ==2415==ERROR: AddressSanitizer: attempting double-free on 
> 0xb4c28b20 
> >> >> > in 
> >> >> > thread T16777215: 
> >> >> > ==2415==AddressSanitizer CHECK failed: 
> >> >> > ../../../.././../gcc/gcc-4.9/libsanitizer/asan/asan_report.cc:586 
> >> >> > "((free_stack->size)) > ((0))" (0x0, 0x0) 
> >> >> >     #0 0xb67af94f (/system/lib/libasan.so.1+0x3f94f) 
> >> >> >     #1 0xb67b2f8b (/system/lib/libasan.so.1+0x42f8b) 
> >> >> >     #2 0xb67ae137 (/system/lib/libasan.so.1+0x3e137 
> >> >> >     ... 
> >> >> >     ... ... 
> >> >> >     According to the asan code, free_stack maybe should not be 
> empty, 
> >> >> > should 
> >> >> > print something like “freed by thread T0 here:... ...previously 
> >> >> > allocated by 
> >> >> > thread T0 here:... ..." 
> >> >> >     And of cource It's important, for what reason we may lose this 
> >> >> > part 
> >> >> > log 
> >> >> > print or somethine went wrong on my asan? 
> >> >> > 
> >> >> > Second: UseAfterFree 
> >> >> > ================================================================= 
> >> >> > ==4782==ERROR: AddressSanitizer: heap-use-after-free on address 
> >> >> > 0xadb64ff7 
> >> >> > at pc 0xb5916e87 bp 0xb09ff8bc sp 0xb09ff8b4 
> >> >> > WRITE of size 1 at 0xadb64ff7 thread T16777215 
> >> >> >     #0 0xb5916e85 (/system/lib/libstagefright.so+0x12ce85) 
> >> >> >     #1 0xb59185b3 (/system/lib/libstagefright.so+0x12e5b3) 
> >> >> >    ... 
> >> >> > 
> >> >> > 0xadb64ff7 is located 7 bytes inside of 8-byte region 
> >> >> > [0xadb64ff0,0xadb64ff8) 
> >> >> > ==4782==AddressSanitizer CHECK failed: 
> >> >> > 
> ../../../.././../gcc/gcc-4.9/libsanitizer/asan/asan_allocator2.cc:234 
> >> >> > "((id)) != (0)" (0x0, 0x0) 
> >> >> >     #0 0xb65cd94f (/system/lib/libasan.so.1+0x3f94f) 
> >> >> >     #1 0xb65d0f8b (/system/lib/libasan.so.1+0x42f8b) 
> >> >> >     #2 0xb65a2637 (/system/lib/libasan.so.1+0x14637) 
> >> >> >    ... 
> >> >> >     #6 0xb58ff04f (/system/lib/libstagefright.so+0x12c04f) 
> >> >> >     #7 0xb59273d3 (/system/lib/libstagefright.so+0x1543d3) 
> >> >> >     This one is the "CHECK(id);" error, what this id for? And 
> more, 
> >> >> > the 
> >> >> > stack printed first and second which I maked red colour is the 
> same, 
> >> >> > this is 
> >> >> > werid, why? 
> >> >> > 
> >> >> > -- 
> >> >> > You received this message because you are subscribed to the Google 
> >> >> > Groups 
> >> >> > "address-sanitizer" group. 
> >> >> > To unsubscribe from this group and stop receiving emails from it, 
> >> >> > send 
> >> >> > an 
> >> >> > email to address-saniti...@googlegroups.com. 
> >> >> > For more options, visit https://groups.google.com/d/optout. 
> >> > 
> >> > -- 
> >> > You received this message because you are subscribed to the Google 
> >> > Groups 
> >> > "address-sanitizer" group. 
> >> > To unsubscribe from this group and stop receiving emails from it, 
> send 
> >> > an 
> >> > email to address-saniti...@googlegroups.com. 
> >> > For more options, visit https://groups.google.com/d/optout. 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "address-sanitizer" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to address-saniti...@googlegroups.com <javascript:>. 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to address-sanitizer+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.