https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91325
Bug ID: 91325
Summary: [ASAN] ASAN hangs at throw if called via dlopen
Product: gcc
Version: 9.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: jensseidel at users dot sf.net
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
$ g++-9 -v
Using built-in specs.
COLLECT_GCC=g++-9
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/9/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu
9.1.0-2ubuntu2~16.04' --with-bugurl=file:///usr/share/doc/gcc-9/README.Bugs
--enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++ --prefix=/usr
--with-gcc-major-version-only --program-suffix=-9
--program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-vtable-verify --enable-plugin --with-system-zlib
--with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch
--disable-werror --with-arch-32=i686 --with-abi=m64
--with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic
--enable-offload-targets=nvptx-none --without-cuda-driver
--enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=x86_64-linux-gnu
Thread model: posix
gcc version 9.1.0 (Ubuntu 9.1.0-2ubuntu2~16.04)
I noticed that the following program invoking dlopen hangs forever if the
address sanitizer is used (but works fine without) consuming 100% CPU:
$ g++-9 -ggdb3 -fsanitize=address -Wextra -Wall -fPIC -shared -o libshlib.so
shlib.cpp
$ gcc-9 -ggdb3 -fsanitize=address -Wextra -Wall -o main main.c -ldl
$ gdb ./main
^C
Program received signal SIGINT, Interrupt.
__memset_avx2 () at ../sysdeps/x86_64/multiarch/memset-avx2.S:143
143 ../sysdeps/x86_64/multiarch/memset-avx2.S: No such file or directory.
(gdb) bt
#0 __memset_avx2 () at ../sysdeps/x86_64/multiarch/memset-avx2.S:143
#1 0x00007ffff72c054a in __asan_handle_no_return () at
../../../../src/libsanitizer/asan/asan_rtl.cc:569
#2 0x00007ffff71e102d in __interceptor___cxa_throw (a=0x60d000000190,
b=0x7ffff2def8c0 <typeinfo for int>, c=0x0)
at ../../../../src/libsanitizer/asan/asan_interceptors.cc:328
#3 0x00007ffff2dfea79 in foo () at shlib.cpp:4
#4 0x00007ffff2dfea87 in bar () at shlib.cpp:13
#5 0x0000000000400942 in main () at main.c:11
Please note that the triggered exception is catched in the plugin and never
leaves the module boundaries.
main.c:
#include <dlfcn.h>
#include <assert.h>
int main()
{
int (*bar)(void);
void *handle = dlopen("./libshlib.so", RTLD_NOW | RTLD_GLOBAL);
assert(handle);
bar = dlsym(handle, "bar");
assert(bar);
return bar();
}
shlib.cpp:
static void foo(void)
{
int i = 0;
throw(i);
}
extern "C" {
int bar(void);
};
int bar(void)
{
try {
foo();
} catch(int i) {
return i;
}
return -1;
}
Makefile:
CC = gcc-9
CXX = g++-9
all: libshlib.so main
libshlib.so: shlib.cpp
$(CXX) -ggdb3 -fsanitize=address -Wextra -Wall -fPIC -shared -o
libshlib.so shlib.cpp
main: main.c
$(CC) -ggdb3 -fsanitize=address -Wextra -Wall -o main main.c -ldl
clean:
rm -f libshlib.so main
PS: This example I found at https://bugzilla.redhat.com/show_bug.cgi?id=1649501
where nobody dealed with it.
