I found that GetRealFunctionAddress returns 0 for all intercepted libc functions. Probably the problem is in bionic
On Tuesday, October 10, 2017 at 3:59:18 PM UTC+3, [email protected] wrote: > > Hello, > > I'm trying to run an ASAN application on Android O and the application > crashes with the following stacktrace: > > 10-10 14:10:34.490 15270 15270 F DEBUG : #00 pc 000000000006af38 > /system/lib64/libc.so (tgkill+8) > 10-10 14:10:34.490 15270 15270 F DEBUG : #01 pc 000000000001e050 > /system/lib64/libc.so (abort+88) > 10-10 14:10:34.490 15270 15270 F DEBUG : #02 pc 000000000008ce88 > /system/lib64/libclang_rt.asan-aarch64-android.so > (_ZN11__sanitizer5AbortEv+60) > 10-10 14:10:34.490 15270 15270 F DEBUG : #03 pc 0000000000092d40 > /system/lib64/libclang_rt.asan-aarch64-android.so > (_ZN11__sanitizer3DieEv+152) > 10-10 14:10:34.490 15270 15270 F DEBUG : #04 pc 000000000007e26c > /system/lib64/libclang_rt.asan-aarch64-android.so > (_ZN6__asanL15AsanCheckFailedEPKciS1_yy+284) > 10-10 14:10:34.490 15270 15270 F DEBUG : #05 pc 0000000000092dc4 > /system/lib64/libclang_rt.asan-aarch64-android.so > (_ZN11__sanitizer11CheckFailedEPKciS1_yy+116) > 10-10 14:10:34.490 15270 15270 F DEBUG : #06 pc 000000000006e06c > /system/lib64/libclang_rt.asan-aarch64-android.so > (_ZL28InitializeCommonInterceptorsv+15476) > 10-10 14:10:34.490 15270 15270 F DEBUG : #07 pc 0000000000069c70 > /system/lib64/libclang_rt.asan-aarch64-android.so > (_ZN6__asan26InitializeAsanInterceptorsEv+36) > 10-10 14:10:34.490 15270 15270 F DEBUG : #08 pc 000000000007d8cc > /system/lib64/libclang_rt.asan-aarch64-android.so > (_ZN6__asanL16AsanInitInternalEv+348) > 10-10 14:10:34.490 15270 15270 F DEBUG : #09 pc 00000000000e0f3c > /system/lib64/asan/libart.so (asan.module_ctor+4) > 10-10 14:10:34.490 15270 15270 F DEBUG : #10 pc 000000000001f4b8 > /system/bin/linker64 (__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_+276) > 10-10 14:10:34.490 15270 15270 F DEBUG : #11 pc 000000000001f6e8 > /system/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+396) > 10-10 14:10:34.490 15270 15270 F DEBUG : #12 pc 000000000000c0cc > /system/bin/linker64 (__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv+1460) > 10-10 14:10:34.490 15270 15270 F DEBUG : #13 pc 0000000000008f84 > /system/bin/linker64 (__dl__Z8__dlopenPKciPKv+68) > 10-10 14:10:34.490 15270 15270 F DEBUG : #14 pc 00000000000010cc > /system/lib64/libdl.so (dlopen+12) > 10-10 14:10:34.491 15270 15270 F DEBUG : #15 pc 0000000000004d68 > /system/lib64/libnativehelper.so (_ZN13JniInvocation4InitEPKc+136) > 10-10 14:10:34.491 15270 15270 F DEBUG : #16 pc 00000000000fbc08 > /system/lib64/libandroid_runtime.so > (_ZN7android14AndroidRuntime5startEPKcRKNS_6VectorINS_7String8EEEb+360) > 10-10 14:10:34.491 15270 15270 F DEBUG : #17 pc 00000000000025c0 > /system/bin/asan/app_process64 (main+1624) > 10-10 14:10:34.491 15270 15270 F DEBUG : #18 pc 000000000001bab0 > /system/lib64/libc.so (__libc_init+88) > 10-10 14:10:34.491 15270 15270 F DEBUG : #19 pc 0000000000001ec8 > /system/bin/asan/app_process64 (do_arm64_start+80) > > > I know that CHECK(REAL(memcpy)) in the function InitializeAsanInterceptors > fails because REAL(memcpy) returns 0. > As I understand this macro expands to __interception::real_memcpy. I see > that this variable is in bss segment of > libclang_rt.asan-aarch64-android.so library > and I can't find who assign the address to the original memcpy function to > it. > > Could you point me to right code or explain how it should work? > May be this is already known issue and a patch already exists? > > > Thank you > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
