>This happens when uninstrumented code calls glibc functions that are >intercepted by Asan (e.g. memset). Hi, Yuri I used Gcc Asan recomplied only one shared lib, and I think the interceptors only works for this lib, why the other could call those asan interceptors?
在 2014年8月7日星期四UTC+8下午6时57分12秒,Yuri Gribov写道: > > Ji, > > This happens when uninstrumented code calls glibc functions that are > intercepted by Asan (e.g. memset). > > On Thu, Aug 7, 2014 at 2:39 PM, ji wang <[email protected] <javascript:>> > wrote: > > There is one more question, kcc > > Accroding to my test result, Asan report some error at non-instrumented > > code, which means the stacks asan reported lead to the non-instrumented > > code, why this happened? > > > > > > ==2415==ERROR: AddressSanitizer: attempting double-free on 0xb4c28b20 in > > thread T16777215: > > ==2415==AddressSanitizer CHECK failed: > > ../../../.././../gcc/gcc-4.9/libsanitizer/asan/asan_report.cc:586 > > "((free_stack->size)) > ((0))" (0x0, 0x0) > > #0 0xb67af94f (/system/lib/libasan.so.1+0x3f94f) > > #1 0xb67b2f8b (/system/lib/libasan.so.1+0x42f8b) > > #2 0xb67ae137 (/system/lib/libasan.so.1+0x3e137) > > #3 0xb6785bff (/system/lib/libasan.so.1+0x15bff) > > #4 0xb67aab63 (/system/lib/libasan.so.1+0x3ab63) > > #5 0xb6ec0cbf (/system/lib/libc.so+0xdcbf) > > #6 0xb6cf0369 (/system/lib/libbinder.so+0x20369) > > #7 0xb6cf041b (/system/lib/libbinder.so+0x2041b) > > #8 0xb6ced789 (/system/lib/libbinder.so+0x1d789) > > #9 0xb6cedabd (/system/lib/libbinder.so+0x1dabd) > > #10 0xb6cedb33 (/system/lib/libbinder.so+0x1db33) > > #11 0xb6cf1983 (/system/lib/libbinder.so+0x21983) > > #12 0xb6e00a11 (/system/lib/libutils.so+0xea11) > > #13 0xb6e00543 (/system/lib/libutils.so+0xe543) > > #14 0xb6ec0223 (/system/lib/libc.so+0xd223) > > #15 0xb6ec03bb (/system/lib/libc.so+0xd3bb) > > > > > > 在 2014年8月6日星期三UTC+8下午5时49分35秒,kcc写道: > >> > >> On Wed, Aug 6, 2014 at 1:45 PM, ji wang <[email protected]> wrote: > >> >> (it is possible if e.g. you have > >> >>uninstrumented code). > >> > Do you mean if we want to test a single process, we must recomplied > all > >> > the > >> > source code that the process using? In my part, an excutable using > lots > >> > of > >> > shared lib when it runs as a single process, do we need recompiled > all > >> > those > >> > shared lib and the excutable code? > >> > >> > >> There is no "must" here. But if the non-instrumented code has a bug > >> which leads to memory corruption asan will not report it > >> and may itself die due to that memory corruption. > >> > >> > > >> > > >> >>Hard to tell more w/o reproducer. > >> > I can reproduce those errors using my device now at my hands, but it > >> > maybe > >> > diffcult for anybody else to reproduce those errors. > >> > > >> > 在 2014年8月6日星期三UTC+8下午4时52分29秒,kcc写道: > >> >> > >> >> The first one (((free_stack->size)) > ((0))" (0x0, 0x0)) looks like > >> >> asan could not find the stack trace where the first free() happened. > >> >> The second one ("((id)) != (0)" (0x0, 0x0)) is something similar -- > >> >> asan fails to find the allocation stack trace. > >> >> In either case this looks like some bug in asan, or maybe a memory > >> >> corruption that asan has missed (it is possible if e.g. you have > >> >> uninstrumented code). > >> >> Hard to tell more w/o reproducer. > >> >> > >> >> On Wed, Aug 6, 2014 at 12:40 PM, ji wang <[email protected]> > wrote: > >> >> > Hi, kcc > >> >> > Thanks,again haha:) > >> >> > I just simple want to know what thoes errors means, so I can > correct > >> >> > it > >> >> > , as > >> >> > to my GCC and asan runtime lib was compiled by myself base on > Gcc4.9 > >> >> > source > >> >> > code maybe something went wrong.I think those not right print, may > >> >> > happen on > >> >> > muti-thread program? Or any other advices? > >> >> > And PS, Those occurs on my Android device, I've mentioned in other > >> >> > posts,Using asan enable GCC android toolchain to test > >> >> > libstagefright.so > >> >> > on > >> >> > my android device, push this recompiled lib and then run monkey > test, > >> >> > got > >> >> > errors like above. > >> >> > > >> >> > > >> >> > 在 2014年8月6日星期三UTC+8下午2时15分03秒,kcc写道: > >> >> >> > >> >> >> Do you have a reproducer? > >> >> >> > >> >> >> On Wed, Aug 6, 2014 at 6:04 AM, ji wang <[email protected]> > wrote: > >> >> >> > First: Double Free > >> >> >> > > ================================================================= > >> >> >> > ==2415==ERROR: AddressSanitizer: attempting double-free on > >> >> >> > 0xb4c28b20 > >> >> >> > in > >> >> >> > thread T16777215: > >> >> >> > ==2415==AddressSanitizer CHECK failed: > >> >> >> > > ../../../.././../gcc/gcc-4.9/libsanitizer/asan/asan_report.cc:586 > >> >> >> > "((free_stack->size)) > ((0))" (0x0, 0x0) > >> >> >> > #0 0xb67af94f (/system/lib/libasan.so.1+0x3f94f) > >> >> >> > #1 0xb67b2f8b (/system/lib/libasan.so.1+0x42f8b) > >> >> >> > #2 0xb67ae137 (/system/lib/libasan.so.1+0x3e137 > >> >> >> > ... > >> >> >> > ... ... > >> >> >> > According to the asan code, free_stack maybe should not be > >> >> >> > empty, > >> >> >> > should > >> >> >> > print something like “freed by thread T0 here:... ...previously > >> >> >> > allocated by > >> >> >> > thread T0 here:... ..." > >> >> >> > And of cource It's important, for what reason we may lose > this > >> >> >> > part > >> >> >> > log > >> >> >> > print or somethine went wrong on my asan? > >> >> >> > > >> >> >> > Second: UseAfterFree > >> >> >> > > ================================================================= > >> >> >> > ==4782==ERROR: AddressSanitizer: heap-use-after-free on address > >> >> >> > 0xadb64ff7 > >> >> >> > at pc 0xb5916e87 bp 0xb09ff8bc sp 0xb09ff8b4 > >> >> >> > WRITE of size 1 at 0xadb64ff7 thread T16777215 > >> >> >> > #0 0xb5916e85 (/system/lib/libstagefright.so+0x12ce85) > >> >> >> > #1 0xb59185b3 (/system/lib/libstagefright.so+0x12e5b3) > >> >> >> > ... > >> >> >> > > >> >> >> > 0xadb64ff7 is located 7 bytes inside of 8-byte region > >> >> >> > [0xadb64ff0,0xadb64ff8) > >> >> >> > ==4782==AddressSanitizer CHECK failed: > >> >> >> > > >> >> >> > > ../../../.././../gcc/gcc-4.9/libsanitizer/asan/asan_allocator2.cc:234 > >> >> >> > "((id)) != (0)" (0x0, 0x0) > >> >> >> > #0 0xb65cd94f (/system/lib/libasan.so.1+0x3f94f) > >> >> >> > #1 0xb65d0f8b (/system/lib/libasan.so.1+0x42f8b) > >> >> >> > #2 0xb65a2637 (/system/lib/libasan.so.1+0x14637) > >> >> >> > ... > >> >> >> > #6 0xb58ff04f (/system/lib/libstagefright.so+0x12c04f) > >> >> >> > #7 0xb59273d3 (/system/lib/libstagefright.so+0x1543d3) > >> >> >> > This one is the "CHECK(id);" error, what this id for? And > >> >> >> > more, > >> >> >> > the > >> >> >> > stack printed first and second which I maked red colour is the > >> >> >> > same, > >> >> >> > this is > >> >> >> > werid, why? > >> >> >> > > >> >> >> > -- > >> >> >> > You received this message because you are subscribed to the > Google > >> >> >> > Groups > >> >> >> > "address-sanitizer" group. > >> >> >> > To unsubscribe from this group and stop receiving emails from > it, > >> >> >> > send > >> >> >> > an > >> >> >> > email to [email protected]. > >> >> >> > For more options, visit https://groups.google.com/d/optout. > >> >> > > >> >> > -- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups > >> >> > "address-sanitizer" group. > >> >> > To unsubscribe from this group and stop receiving emails from it, > >> >> > send > >> >> > an > >> >> > email to [email protected]. > >> >> > For more options, visit https://groups.google.com/d/optout. > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "address-sanitizer" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "address-sanitizer" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
