Issue 389 in address-sanitizer: sigsegv in basic block tracer

[address-sanitizer]

Status: Accepted
Owner: konstant...@gmail.com
CC: samso...@google.com
Labels: Type-Defect Priority-High
New issue 389 by earth...@google.com: sigsegv in basic block tracer
https://code.google.com/p/address-sanitizer/issues/detail?id=389

Build and run the re2 example:

https://code.google.com/p/address-sanitizer/wiki/BasicBlockTracing

Result:

==26256==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010  
(pc 0x0000004b9148 bp 0x0000005bd54d sp 0x7ffe239c3fa0 T0)
    #0 0x4b9147 in AppendString  
/usr/local/google/home/earthdok/san/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_printf.cc:101:7
    #1 0x4b9147 in __sanitizer::VSNPrintf(char*, int, char const*,  
__va_list_tag*)  
/usr/local/google/home/earthdok/san/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_printf.cc:183
    #2 0x4b99e4 in __sanitizer::InternalScopedString::append(char  
const*, ...)  
/usr/local/google/home/earthdok/san/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_printf.cc:319:3
    #3 0x4bf7b3 in __sanitizer::CoverageData::DumpTrace()  
/usr/local/google/home/earthdok/san/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_coverage_libcdep.cc:611:5
    #4 0x4c0ac9 in DumpAll  
/usr/local/google/home/earthdok/san/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_coverage_libcdep.cc:803:3
    #5 0x4c0ac9 in __sanitizer_cov_dump  
/usr/local/google/home/earthdok/san/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_coverage_libcdep.cc:883
    #6 0x7f999bd3c258 in __run_exit_handlers  
/build/buildd/eglibc-2.19/stdlib/exit.c:82
    #7 0x7f999bd3c2a4 in exit /build/buildd/eglibc-2.19/stdlib/exit.c:104
    #8 0x7f999bd21ecb in __libc_start_main  
/build/buildd/eglibc-2.19/csu/libc-start.c:321
    #9 0x4190b5 in _start  
(/usr/local/google/home/earthdok/tracing_example/a.out+0x4190b5)

Printing the values of |comp_unit_name| in  
CoverageData::InitializeGuards(), I get this:

==26256==>> 0x7f999d118950
==26256==>> 0x000000000000
==26256==>> 0x000000000010
==26256==>> 0x000000000020
==26256==>> 0x000000000030
==26256==>> 0x000000000040
==26256==>> 0x000000000050
==26256==>> 0x000000000060
==26256==>> 0x000000000070
==26256==>> 0x000000000080
==26256==>> 0x000000000090
==26256==>> 0x0000000000a0
==26256==>> 0x0000000000b0
==26256==>> 0x0000000000c0
==26256==>> 0x0000000000d0
==26256==>> 0x0000000000e0
==26256==>> 0x0000000000f0
==26256==>> 0x000000000100
==26256==>> 0x000000000110
==26256==>> 0x000000000120

Then in CoverageData::DumpTrace(), printing | 
comp_unit_name_vec[i].copied_module_name|:

==26256==0x7f999d118950
==26256==0x000000000000
==26256==0x000000000010
ASAN:SIGSEGV

So there are two problems: a) the pointers don't make sense in the first  
place, and b) "copied_module_name" isn't actually a copy.

--
You received this message because this project is configured to send all  
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to address-sanitizer+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.