Re: Issue 331 in address-sanitizer: Problem with opendir / fstatfs in Firefox on Mac OSX

[address-sanitizer]

Updates:
        Labels: OpSys-OSX

Comment #6 on issue 331 by ramosian.gli...@gmail.com: Problem with opendir  
/ fstatfs in Firefox on Mac OSX
http://code.google.com/p/address-sanitizer/issues/detail?id=331
Note that in the following report:

==54944==ERROR: AddressSanitizer: stack-buffer-underflow on address  
0x000119101c00 at pc 0x10002328d bp 0x1191018a0 sp 0x119101880
WRITE of size 2168 at 0x000119101c00 thread T19
     #0 0x10002328c in wrap_fstatfs  
(/Users/jruderman/llvm/build/Release/lib/clang/3.4/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x1528c)
     #1 0x7fff89ffcff4 in __opendir2  
(/usr/lib/system/libsystem_c.dylib+0xa0ff4)
     #2 0x10b43787b in ffi_call_unix64  
(/Users/jruderman/builds/mozilla-central-asan-opt/dist/Nightly.app/Contents/MacOS/XUL+0x71ce87b)
     #3 0x60200004a7af
Address 0x000119101c00 is located in stack of thread T19 at offset 0 in  
frame
     #0 0x10b40413f in js::ctypes::FunctionType::Call(JSContext*, unsigned  
int, JS::Value*)  
(/Users/jruderman/builds/mozilla-central-asan-opt/dist/Nightly.app/Contents/MacOS/XUL+0x719b13f)
   This frame has 6 object(s):
     [32, 40) 'obj.i' <== Memory access at offset 0 partially underflows  
this variable
     [96, 104) 'objTypeProto.i' <== Memory access at offset 0 partially  
underflows this variable
     [160, 312) 'values' <== Memory access at offset 0 partially  
underflows this variable
     [352, 504) 'strings' <== Memory access at offset 0 partially  
underflows this variable
     [544, 568) 'autoCallback' <== Memory access at offset 0 partially  
underflows this variable
     [608, 616) 'returnType' <== Memory access at offset 0 partially  
underflows this variable
HINT: this may be a false positive if your program uses some custom stack  
unwind mechanism or swapcontext
       (longjmp and C++ exceptions *are* supported)

the pc of frame #3 is in the heap.
If fast unwinder was used it would've definitely give up unwinding at this  
point.
Not sure about the slow unwinder, probably there're no checks for stack top  
and bottom there.

--
You received this message because this project is configured to send all  
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to address-sanitizer+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.