Hello,
I met one weird scenario: on one test input, when I set
`ASAN_OPTIONS=detect_stack_use_after_return=0`, the ASAN hardened binary
reports heap-buffer-overflow error like:
```
=================================================================
==17440==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x640000001080 at pc 0x00000044970e bp 0x7ffc9fcdf4f0 sp 0x7ffc9fcdeca0
WRITE of size 41 at 0x640000001080 thread T0
#0 0x44970d in __interceptor_vsnprintf
(/home/hongxu/FOT/igraph-asan/install/lib/igraph.harness.out+0x44970d)
#1 0x61c41e in igraph_i_graphml_sax_handler_error
/home/hongxu/FOT/igraph-asan/src/foreign-graphml.c:228:3
#2 0x873443 in __xmlRaiseError
/home/hongxu/FOT/libxml2-asan/error.c:638:2
#3 0x890b39 in xmlFatalErr /home/hongxu/FOT/libxml2-asan/parser.c:542:9
#4 0x9005e5 in xmlParseXMLDecl
/home/hongxu/FOT/libxml2-asan/parser.c:10460:2
#5 0x90e0e5 in xmlParseTryOrFinish
/home/hongxu/FOT/libxml2-asan/parser.c:11257:4
#6 0x90ad06 in xmlParseChunk
/home/hongxu/FOT/libxml2-asan/parser.c:12244:13
#7 0x6273f7 in igraph_read_graph_graphml
/home/hongxu/FOT/igraph-asan/src/foreign-graphml.c:1379:3
#8 0x514120 in main
(/home/hongxu/FOT/igraph-asan/install/lib/igraph.harness.out+0x514120)
#9 0x7fcd6e996b96 in __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#10 0x41baf9 in _start
(/home/hongxu/FOT/igraph-asan/install/lib/igraph.harness.out+0x41baf9)
*Address 0x640000001080 is a wild pointer.*
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/hongxu/FOT/igraph-asan/install/lib/igraph.harness.out+0x44970d) in
__interceptor_vsnprintf
Shadow bytes around the buggy address:
0x0c807fff81c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c807fff81d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c807fff81e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c807fff81f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c807fff8200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c807fff8210:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c807fff8220: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c807fff8230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c807fff8240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c807fff8250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c807fff8260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==17440==ABORTING
[1] 17440 abort ~/FOT/igraph-asan/install/lib/igraph.harness.out
```
However when `detect_stack_use_after_return=1`, there is no crash report at
all.
I will debug with the input to see the exact root cause of the crash; and
if required, I can reveal the details about this case. For now, I'm quite
interesting why this happens? Any clues?
Best Regards,
Hongxu
--
You received this message because you are subscribed to the Google Groups
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
