Status: Accepted
Owner: [email protected]
Labels: Type-Defect Priority-Medium
New issue 365 by [email protected]: On OS X when not re-execing, ASan
overwrites already used memory
https://code.google.com/p/address-sanitizer/issues/detail?id=365
On OS X, since ASan is a dynamic shared library, there are cases when the
runtime is initialized "late". For example when the main executable is not
instrumented, but another library that is loaded later is. When this
happens, ASan tries to re-exec with DYLD_INSERT_LIBRARIES to make sure the
interceptors work. However this can either fail (e.g. in a sandbox where
exec is disabled) or one can use allow_reexec=0 to disallow re-exec. In
these cases, the initialization of the shadow memory or the allocator's
memory regions can overwrite an already existing memory. The mmap() call
that is used to initialize these regions doesn't fail when there already is
a memory mapping at these locations, instead it simply overwrites the
mappings. This is a known and documented limitation of using MAP_FIXED.
However, the current behavior leads to random crashes and memory
corruptions in these cases. See the attached test case.
What I think we should do is:
1) Add a check whether the memory region is already used before the mmap(),
and abort if it is.
2) Add an abort when a re-exec fails.
3) Remove the "allow_reexec" flag.
Attachments:
mmap-overwrite.cc 1.3 KB
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
