https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98669
Bug ID: 98669
Summary: SIGSEGV on pc=0 in crypt() with -fsanitize=address
Product: gcc
Version: 10.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: marko.makela at mariadb dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
The following test program would crash when compiled with AddressSanitizer
instrumentation in GCC 10.2.1 for AMD64 on Debian GNU/Linux Sid (unstable):
cat > crypt.c << EOF
#include <crypt.h>
#include <stdio.h>
int main (int argc, char **argv)
{
puts(crypt(*argv, "salt"));
}
EOF
gcc -fsanitize=address crypt.c -lcrypt
./a.out
AddressSanitizer:DEADLYSIGNAL
=================================================================
==664877==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x000000000000 bp 0x7fffb2b2b970 sp 0x7fffb2b2b958 T0)
==664877==Hint: pc points to the zero page.
==664877==The signal is caused by a READ memory access.
==664877==Hint: address points to the zero page.
#0 0x0 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (<unknown module>)
==664877==ABORTING
If I compile the same without -fsanitize=address, or with clang-10 or clang-11,
the program will complete normally, outputting a line of text.
I traced the crash to the second (!) invocation of the function
__interceptor_crypt():
gdb a.out
break __interceptor_crypt
continue
display/i $pc
continue
nexti
nexti
...
The trace would end with the following:
1: x/i $pc
=> 0x7ffff762ba4d <__interceptor_crypt(char*, char*)+125>:
jmp *0xdf55d(%rip) # 0x7ffff770afb0
<_ZN14__interception10real_cryptE>
(gdb)
0x0000000000000000 in ?? ()
