i saw you complaining about memory errors on your blog, talking about writing your own infrastructure... why not just `export ASAN=1`?
/tmp$ git clone https://github.com/landley/toybox.git toybox Cloning into 'toybox'... remote: Enumerating objects: 25806, done. remote: Counting objects: 100% (2750/2750), done. remote: Compressing objects: 100% (905/905), done. remote: Total 25806 (delta 1933), reused 2165 (delta 1833), pack-reused 23056 Receiving objects: 100% (25806/25806), 11.12 MiB | 7.71 MiB/s, done. Resolving deltas: 100% (18574/18574), done. /tmp$ cd toybox/ /tmp/toybox$ vi .config /tmp/toybox$ export ASAN=1 /tmp/toybox$ make scripts/make.sh warning: using unfinished code from toys/pending generated/{flags.h} Compile toybox......................................................................................................................toys/pending/diff.c: In function 'do_diff': toys/pending/diff.c:621:14: warning: variable 'b' set but not used [-Wunused-but-set-variable] 621 | long a,b; | ^ ......................toys/posix/grep.c: In function 'do_grep': toys/posix/grep.c:208:26: warning: 'regexec0' accessing 8 bytes in a region of size 4 [-Wstringop-overflow=] 208 | shoe->rc = regexec0(&shoe->r, start, ulen-(start-line), 1, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 209 | &shoe->m, start==line ? 0 : REG_NOTBOL); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ toys/posix/grep.c:208:26: note: referencing argument 5 of type 'regmatch_t *' In file included from ./toys.h:70, from toys/posix/grep.c:68: ./lib/lib.h:272:5: note: in a call to function 'regexec0' 272 | int regexec0(regex_t *preg, char *string, long len, int nmatch, | ^~~~~~~~ .....toys/pending/diff.c: At top level: cc1: note: unrecognized command-line option '-Wno-string-plus-int' may have been intended to silence earlier diagnostics .........toys/posix/grep.c: At top level: cc1: note: unrecognized command-line option '-Wno-string-plus-int' may have been intended to silence earlier diagnostics ............................ /tmp/toybox$ seq 1 100000 > one /tmp/toybox$ seq 1 4 100000 > two /tmp/toybox$ ./toybox diff -u one two > /dev/null ================================================================= ==2475581==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000000f at pc 0x7fa9e6019ab7 bp 0x7fffa8f4a9b0 sp 0x7fffa8f4a160 READ of size 1 at 0x60200000000f thread T0 #0 0x7fa9e6019ab6 in printf_common ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_format.inc:553 #1 0x7fa9e601a1ca in __interceptor_vprintf ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1660 #2 0x7fa9e601a2a6 in __interceptor_printf ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1718 #3 0x560bf7b183d7 in show_label toys/pending/diff.c:548 0x60200000000f is located 1 bytes to the left of 4-byte region [0x602000000010,0x602000000014) allocated by thread T0 here: #0 0x7fa9e606c7cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0x560bf7ad1bbb in xmalloc lib/xwrap.c:71 #2 0x560bf7b182af in quote_filename toys/pending/diff.c:537 #3 0x560bf7b183a4 in show_label toys/pending/diff.c:547 #4 0x560bf7b190ed in do_diff toys/pending/diff.c:610 #5 0x560bf7b1b258 in diff_main toys/pending/diff.c:837 #6 0x560bf7ad68c0 in toy_exec_which /tmp/toybox/main.c:220 #7 0x560bf7ad6ad6 in toybox_main /tmp/toybox/main.c:246 #8 0x560bf7ad68c0 in toy_exec_which /tmp/toybox/main.c:220 #9 0x560bf7ad6ad6 in toybox_main /tmp/toybox/main.c:246 #10 0x560bf7abe776 in main /tmp/toybox/main.c:293 #11 0x7fa9e5caa7fc in __libc_start_main ../csu/libc-start.c:332 SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_format.inc:553 in printf_common Shadow bytes around the buggy address: 0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c047fff8000: fa[fa]04 fa fa fa 00 03 fa fa 00 03 fa fa fd fd 0x0c047fff8010: fa fa 00 07 fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2475581==ABORTING /tmp/toybox$
_______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
