https://bugs.llvm.org/show_bug.cgi?id=44369
Bug ID: 44369
Summary: Signal-unsafe calls (mallocs) in signal handlers
causes deadlocks or heap corruption
Product: compiler-rt
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P
Component: fuzzer
Assignee: unassignedb...@nondot.org
Reporter: ahmad.hazi...@epfl.ch
CC: llvm-bugs@lists.llvm.org
libFuzzer registers signal handlers to intercept signals and report. In almost
all the handlers, malloc() is being implicitly called (by constructing strings,
vectors, or other objects). malloc is not a signal-safe function and should not
be called within signal handlers.
For most signals, this issue is of little concern, since it is probably
unlikely that malloc itself will crash that often. However, for the timeout
signal (SIGALRM), it is possible that the signal is received inside a malloc
call. For a multithreaded application, glibc malloc obtains the lock over the
arena during its operation. If the libFuzzer timeout occurs while the
application is inside the malloc call and the arena is locked, the signal
handler would attempt to lock it again and would deadlock.
In my tests, the deadlock occured in DumpCurrentUnit when it constructs the
uint8_t vector (Unit) from CurrentUnitData and UnitSize.
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
