Hello,
When running an application internally, with the address sanitizer enabled, I'm
seeing a global buffer overflow in the x86 decoder during
processExtendedOpcode() and wondered if anybody, possibly Gabe, would know a
quick solution for this. If anybody would like a trace then I could generate
this, but unfortunately the binaries that cause the problem are internal. The
problem seems contained to decoding an unexpected opcode. Also the location
changes slightly from application to application, so there may be several
unsupported opcodes.
Joe
ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000454bcdf at pc
0x000000adb323 bp 0x7fff873f1870 sp 0x7fff873f1868
READ of size 1 at 0x00000454bcdf thread T0
#0 0xadb322 in X86ISA::Decoder::processExtendedOpcode(unsigned char const
(&) [256]) X86/arch/x86/decoder.cc:460:23
#1 0xadb322 in X86ISA::Decoder::doOneByteOpcodeState(unsigned char)
X86/arch/x86/decoder.cc:299
#2 0xad890d in X86ISA::Decoder::process() X86/arch/x86/decoder.cc:113:21
#3 0x1f40de7 in X86ISA::Decoder::moreBytes(X86ISA::PCState const&, unsigned
long, unsigned long) X86/arch/x86/decoder.hh:312:9
#4 0x1f40de7 in DefaultFetch<O3CPUImpl>::fetch(bool&)
X86/cpu/o3/fetch_impl.hh:1313
#5 0x1f398fc in DefaultFetch<O3CPUImpl>::tick()
X86/cpu/o3/fetch_impl.hh:947:9
#6 0x1ec2ba6 in FullO3CPU<O3CPUImpl>::tick() X86/cpu/o3/cpu.cc:565:11
#7 0x2eaa586 in EventQueue::serviceOne() X86/sim/eventq.cc:228:16
#8 0x2efd8d4 in doSimLoop(EventQueue*) X86/sim/simulate.cc:219:37
#9 0x2efcd7d in simulate(unsigned long) X86/sim/simulate.cc:132:26
0x00000454bcdf is located 33 bytes to the left of global variable '<string
literal>' defined in 'X86/arch/x86/faults.cc:131:13' (0x454bd00) of size 47
'<string literal>' is ascii string 'Unrecognized/invalid instruction executed:
%s'
0x00000454bcdf is located 14 bytes to the right of global variable '<string
literal>' defined in 'X86/arch/x86/faults.cc:122:9' (0x454bcc0) of size 17
'<string literal>' is ascii string 'Abort exception!'
SUMMARY: AddressSanitizer: global-buffer-overflow
X86/arch/x86/decoder.cc:460:23 in
X86ISA::Decoder::processExtendedOpcode(unsigned char const (&) [256])
Shadow bytes around the buggy address:
0x0000808a1740: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9
0x0000808a1750: 07 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 02 f9 f9 f9
0x0000808a1760: f9 f9 f9 f9 00 00 00 00 00 00 00 05 f9 f9 f9 f9
0x0000808a1770: 00 02 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0000808a1780: 00 00 02 f9 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9
=>0x0000808a1790: 06 f9 f9 f9 f9 f9 f9 f9 00 00 01[f9]f9 f9 f9 f9
0x0000808a17a0: 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 01 f9 f9 f9
0x0000808a17b0: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 06 f9 f9 f9
0x0000808a17c0: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x0000808a17d0: 03 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9
0x0000808a17e0: 00 00 01 f9 f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
_______________________________________________
gem5-dev mailing list
[email protected]
http://m5sim.org/mailman/listinfo/gem5-dev
