Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 377 by [email protected]: unknown-crash with
annotate_contiguous_container
https://code.google.com/p/address-sanitizer/issues/detail?id=377
Not sure if this is a bug, or just expected behaviour:
With the following C program I get an unknown-crash. The problem appears to
be a stray shadow value of 4 being left behind by a call to
__sanitizer_annotate_contiguous_container on a buffer with a size that
isn't 8 aligned that isn't cleared afterwards. I was under the impression
this was supposed to work as long as the unaligned size is the size of the
actual buffer.
#include <stdio.h>
#include <stdint.h>
// Not 8 aligned
#define SIZ 132
struct foo {
uint32_t a;
char buf[SIZ] __attribute ((aligned(8)));
};
void setup_stack() {
struct foo blah1;
struct foo blah2;
struct foo blah3;
printf("%p %p %p\n", blah1, blah2, blah3);
char *lol = &(blah2.buf);
printf("lol = %p\n", lol);
__sanitizer_annotate_contiguous_container(lol, lol+SIZ, lol+SIZ, lol+0);
__sanitizer_annotate_contiguous_container(lol, lol+SIZ, lol+0, lol+SIZ);
printf("setup_stack done\n");
}
void crash() {
volatile char buf[1024];
printf("buf = %p\n", buf);
int i;
for (i = 0; i < 1024; i++) {
printf("%d\n", buf[i]);
}
}
int main(int argc, char *argv[]) {
setup_stack();
crash();
return 0;
}
Compiling with clang (r223108) on 64-bit Linux and running:
$ clang -fsanitize=address asan_crash.c
$ ./a.out
SUMMARY: AddressSanitizer: unknown-crash ??:0 ??
Shadow bytes around the buggy address:
0x100073e28540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100073e28550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100073e28560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100073e28570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100073e28580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100073e28590: 00 00 00[04]00 00 00 00 00 00 00 00 00 00 00 00
0x100073e285a0: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 f2 f2 f2
0x100073e285b0: f2 f2 f2 f2 f2 f2 f2 f2 04 f3 f3 f3 00 00 00 00
0x100073e285c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100073e285d0: 00 00 00 00 f1 f1 f1 f1 04 f2 04 f2 00 f3 f3 f3
0x100073e285e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==9248==ABORTING
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
