Who should load libclang_rt.asan-aarch64-android.so? A sanitized executable or a sanitized library?
I have two binaries compiled with asan: /system/bin/asan/app_process64 and /system/lib64/asan/libart.so In my case libclang_rt.asan-aarch64-android.so is loaded by libart.so. And there are no libc.so in the soinfo_list after libart.so. May be app_process64 should load libclang_rt.asan-aarch64-android.so? On Tuesday, October 10, 2017 at 5:16:16 PM UTC+3, [email protected] wrote: > > I found that GetRealFunctionAddress returns 0 for all intercepted libc > functions. > Probably the problem is in bionic > > On Tuesday, October 10, 2017 at 3:59:18 PM UTC+3, [email protected] > wrote: >> >> Hello, >> >> I'm trying to run an ASAN application on Android O and the application >> crashes with the following stacktrace: >> >> 10-10 14:10:34.490 15270 15270 F DEBUG : #00 pc 000000000006af38 >> /system/lib64/libc.so (tgkill+8) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #01 pc 000000000001e050 >> /system/lib64/libc.so (abort+88) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #02 pc 000000000008ce88 >> /system/lib64/libclang_rt.asan-aarch64-android.so >> (_ZN11__sanitizer5AbortEv+60) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #03 pc 0000000000092d40 >> /system/lib64/libclang_rt.asan-aarch64-android.so >> (_ZN11__sanitizer3DieEv+152) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #04 pc 000000000007e26c >> /system/lib64/libclang_rt.asan-aarch64-android.so >> (_ZN6__asanL15AsanCheckFailedEPKciS1_yy+284) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #05 pc 0000000000092dc4 >> /system/lib64/libclang_rt.asan-aarch64-android.so >> (_ZN11__sanitizer11CheckFailedEPKciS1_yy+116) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #06 pc 000000000006e06c >> /system/lib64/libclang_rt.asan-aarch64-android.so >> (_ZL28InitializeCommonInterceptorsv+15476) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #07 pc 0000000000069c70 >> /system/lib64/libclang_rt.asan-aarch64-android.so >> (_ZN6__asan26InitializeAsanInterceptorsEv+36) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #08 pc 000000000007d8cc >> /system/lib64/libclang_rt.asan-aarch64-android.so >> (_ZN6__asanL16AsanInitInternalEv+348) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #09 pc 00000000000e0f3c >> /system/lib64/asan/libart.so (asan.module_ctor+4) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #10 pc 000000000001f4b8 >> /system/bin/linker64 (__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_+276) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #11 pc 000000000001f6e8 >> /system/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+396) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #12 pc 000000000000c0cc >> /system/bin/linker64 (__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv+1460) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #13 pc 0000000000008f84 >> /system/bin/linker64 (__dl__Z8__dlopenPKciPKv+68) >> 10-10 14:10:34.490 15270 15270 F DEBUG : #14 pc 00000000000010cc >> /system/lib64/libdl.so (dlopen+12) >> 10-10 14:10:34.491 15270 15270 F DEBUG : #15 pc 0000000000004d68 >> /system/lib64/libnativehelper.so (_ZN13JniInvocation4InitEPKc+136) >> 10-10 14:10:34.491 15270 15270 F DEBUG : #16 pc 00000000000fbc08 >> /system/lib64/libandroid_runtime.so >> (_ZN7android14AndroidRuntime5startEPKcRKNS_6VectorINS_7String8EEEb+360) >> 10-10 14:10:34.491 15270 15270 F DEBUG : #17 pc 00000000000025c0 >> /system/bin/asan/app_process64 (main+1624) >> 10-10 14:10:34.491 15270 15270 F DEBUG : #18 pc 000000000001bab0 >> /system/lib64/libc.so (__libc_init+88) >> 10-10 14:10:34.491 15270 15270 F DEBUG : #19 pc 0000000000001ec8 >> /system/bin/asan/app_process64 (do_arm64_start+80) >> >> >> I know that CHECK(REAL(memcpy)) in the function >> InitializeAsanInterceptors fails because REAL(memcpy) returns 0. >> As I understand this macro expands to __interception::real_memcpy. I see >> that this variable is in bss segment of >> libclang_rt.asan-aarch64-android.so library >> and I can't find who assign the address to the original memcpy function >> to it. >> >> Could you point me to right code or explain how it should work? >> May be this is already known issue and a patch already exists? >> >> >> Thank you >> > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
