You should use LD_PRELOAD to load the ASan dso, or interception (and memory mapping) won't be set up properly.
On Tue, Oct 10, 2017 at 11:07 AM, <[email protected]> wrote: > Who should load libclang_rt.asan-aarch64-android.so? A sanitized executable > or a sanitized library? > > I have two binaries compiled with asan: /system/bin/asan/app_process64 and > /system/lib64/asan/libart.so > In my case libclang_rt.asan-aarch64-android.so is loaded by libart.so. And > there are no libc.so in the soinfo_list after libart.so. > May be app_process64 should load libclang_rt.asan-aarch64-android.so? > > > On Tuesday, October 10, 2017 at 5:16:16 PM UTC+3, [email protected] wrote: >> >> I found that GetRealFunctionAddress returns 0 for all intercepted libc >> functions. >> Probably the problem is in bionic >> >> On Tuesday, October 10, 2017 at 3:59:18 PM UTC+3, [email protected] >> wrote: >>> >>> Hello, >>> >>> I'm trying to run an ASAN application on Android O and the application >>> crashes with the following stacktrace: >>> >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #00 pc 000000000006af38 >>> /system/lib64/libc.so (tgkill+8) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #01 pc 000000000001e050 >>> /system/lib64/libc.so (abort+88) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #02 pc 000000000008ce88 >>> /system/lib64/libclang_rt.asan-aarch64-android.so >>> (_ZN11__sanitizer5AbortEv+60) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #03 pc 0000000000092d40 >>> /system/lib64/libclang_rt.asan-aarch64-android.so >>> (_ZN11__sanitizer3DieEv+152) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #04 pc 000000000007e26c >>> /system/lib64/libclang_rt.asan-aarch64-android.so >>> (_ZN6__asanL15AsanCheckFailedEPKciS1_yy+284) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #05 pc 0000000000092dc4 >>> /system/lib64/libclang_rt.asan-aarch64-android.so >>> (_ZN11__sanitizer11CheckFailedEPKciS1_yy+116) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #06 pc 000000000006e06c >>> /system/lib64/libclang_rt.asan-aarch64-android.so >>> (_ZL28InitializeCommonInterceptorsv+15476) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #07 pc 0000000000069c70 >>> /system/lib64/libclang_rt.asan-aarch64-android.so >>> (_ZN6__asan26InitializeAsanInterceptorsEv+36) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #08 pc 000000000007d8cc >>> /system/lib64/libclang_rt.asan-aarch64-android.so >>> (_ZN6__asanL16AsanInitInternalEv+348) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #09 pc 00000000000e0f3c >>> /system/lib64/asan/libart.so (asan.module_ctor+4) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #10 pc 000000000001f4b8 >>> /system/bin/linker64 (__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_+276) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #11 pc 000000000001f6e8 >>> /system/bin/linker64 (__dl__ZN6soinfo17call_constructorsEv+396) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #12 pc 000000000000c0cc >>> /system/bin/linker64 (__dl__Z9do_dlopenPKciPK17android_dlextinfoPKv+1460) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #13 pc 0000000000008f84 >>> /system/bin/linker64 (__dl__Z8__dlopenPKciPKv+68) >>> 10-10 14:10:34.490 15270 15270 F DEBUG : #14 pc 00000000000010cc >>> /system/lib64/libdl.so (dlopen+12) >>> 10-10 14:10:34.491 15270 15270 F DEBUG : #15 pc 0000000000004d68 >>> /system/lib64/libnativehelper.so (_ZN13JniInvocation4InitEPKc+136) >>> 10-10 14:10:34.491 15270 15270 F DEBUG : #16 pc 00000000000fbc08 >>> /system/lib64/libandroid_runtime.so >>> (_ZN7android14AndroidRuntime5startEPKcRKNS_6VectorINS_7String8EEEb+360) >>> 10-10 14:10:34.491 15270 15270 F DEBUG : #17 pc 00000000000025c0 >>> /system/bin/asan/app_process64 (main+1624) >>> 10-10 14:10:34.491 15270 15270 F DEBUG : #18 pc 000000000001bab0 >>> /system/lib64/libc.so (__libc_init+88) >>> 10-10 14:10:34.491 15270 15270 F DEBUG : #19 pc 0000000000001ec8 >>> /system/bin/asan/app_process64 (do_arm64_start+80) >>> >>> >>> I know that CHECK(REAL(memcpy)) in the function >>> InitializeAsanInterceptors fails because REAL(memcpy) returns 0. >>> As I understand this macro expands to __interception::real_memcpy. I see >>> that this variable is in bss segment of libclang_rt.asan-aarch64-android.so >>> library >>> and I can't find who assign the address to the original memcpy function >>> to it. >>> >>> Could you point me to right code or explain how it should work? >>> May be this is already known issue and a patch already exists? >>> >>> >>> Thank you > > -- > You received this message because you are subscribed to the Google Groups > "address-sanitizer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
