Comment #21 on issue 148 by [email protected]: failing to intercept
strdup
https://code.google.com/p/address-sanitizer/issues/detail?id=148
I don't think people are hijacking the bug
That's not the most interesting topic to argue about.
The root cause seems to be ASAN simply not properly intercepting strdup
under any conditions.
False.
% cat strdup-oob.cc
#include <string.h>
int main() {
return strdup("abc")[5];
}
% clang -g -fsanitize=address strdup-oob.cc &&
ASAN_OPTIONS=strip_path_prefix=$HOME/ ./a.out
=================================================================
==27103==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000eff5 at pc 0x0000004cde1d bp 0x7ffef4c88c90 sp 0x7ffef4c88c88
READ of size 1 at 0x60200000eff5 thread T0
#0 0x4cde1c in main tmp/strdup-oob.cc:3:10
#1 0x7f19fe8e4ec4 in __libc_start_main
/build/buildd/eglibc-2.19/csu/libc-start.c:287
#2 0x4178a5 in _start (tmp/a.out+0x4178a5)
0x60200000eff5 is located 1 bytes to the right of 4-byte region
[0x60200000eff0,0x60200000eff4)
allocated by thread T0 here:
#0 0x493543 in strdup
llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:590:3
#1 0x4cdddd in main tmp/strdup-oob.cc:3:10
#2 0x7f19fe8e4ec4 in __libc_start_main
/build/buildd/eglibc-2.19/csu/libc-start.c:287
As you can see, strdup is properly intercepted when using the clang version
of AddressSanitizer.
With gcc (4.8.4-2ubuntu1~14.04), it does not happen:
% gcc -g -fsanitize=address strdup-oob.cc &&
ASAN_OPTIONS=strip_path_prefix=$HOME/ ./a.out 2>&1 |
~/llvm/projects/compiler-rt/lib/asan/scripts/asan_symbolize.py
=================================================================
==27162== ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60040000dff5 at pc 0x400843 bp 0x7ffecc10f940 sp 0x7ffecc10f938
READ of size 1 at 0x60040000dff5 thread T0
LLVMSymbolizer: error reading file: No such file or directory.
addr2line: 'tmp/a.out': No such file
#0 0x400842 in
#1 0x7feda6c47ec4 in __libc_start_main
/build/buildd/eglibc-2.19/csu/libc-start.c:287:0
#2 0x400738 in
0x60040000dff5 is located 1 bytes to the right of 4-byte region
[0x60040000dff0,0x60040000dff4)
allocated by thread T0 here:
#0 0x7feda700046a in malloc _asan_rtl_:0
#1 0x7feda6cae839 in __strdup
/build/buildd/eglibc-2.19/string/strdup.c:42:0
But with the more recent gcc (2-3 months old trunk) it works again:
allocated by thread T0 here:
#0 0x41f65f in
__interceptor_strdup ../../../../gcc/libsanitizer/asan/asan_interceptors.cc:514
#1 0x4a8a2b in main tmp/strdup-oob.cc:3
So, please be more specific about your platform, your compiler version and
the exact problem you experience.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
