Message ID | 87fvr39gvi.fsf@redhat.com |
---|---|
State | New |
Headers | show |
On Mon, Nov 11, 2013 at 03:01:53PM +0100, Dodji Seketeli wrote: > Since a couple of days I am seeing failure on the tests above on my > Fedora system. The errors look like: > > FAIL: c-c++-common/asan/memcmp-1.c -O0 output pattern test, is ================================================================= > ==21832==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff75df96f4 at pc 0x7f98ecbab68b bp 0x7fff75df96b0 sp 0x7fff75df95b8 > READ of size 6 at 0x7fff75df96f4 thread T0 > #0 0x7f98ecbab68a in __interceptor_memcmp /home/dodji/git/gcc/master/libsanitizer/asan/asan_interceptors.cc:295 (discriminator 7) > #1 0x7f98ecbb6393 in __asan_report_error /home/dodji/git/gcc/master/libsanitizer/asan/asan_report.cc:774 (discriminator 9) > #2 0x7f98ecbab6d0 in __interceptor_memcmp /home/dodji/git/gcc/master/libsanitizer/asan/asan_interceptors.cc:295 (discriminator 7) > #3 0x400b0a in main /home/dodji/git/gcc/master/gcc/testsuite/c-c++-common/asan/memcmp-1.c:14 That looks like a bug in libasan, __asan_report_error doesn't call memcmp again. So something is wrong with getting proper backtrace it seems. Jakub
Jakub Jelinek <jakub@redhat.com> writes: > On Mon, Nov 11, 2013 at 03:01:53PM +0100, Dodji Seketeli wrote: >> Since a couple of days I am seeing failure on the tests above on my >> Fedora system. The errors look like: >> >> FAIL: c-c++-common/asan/memcmp-1.c -O0 output pattern test, is ================================================================= >> ==21832==ERROR: AddressSanitizer: stack-buffer-overflow on address >> 0x7fff75df96f4 at pc 0x7f98ecbab68b bp 0x7fff75df96b0 sp >> 0x7fff75df95b8 >> READ of size 6 at 0x7fff75df96f4 thread T0 >> #0 0x7f98ecbab68a in __interceptor_memcmp /home/dodji/git/gcc/master/libsanitizer/asan/asan_interceptors.cc:295 (discriminator 7) >> #1 0x7f98ecbb6393 in __asan_report_error /home/dodji/git/gcc/master/libsanitizer/asan/asan_report.cc:774 (discriminator 9) >> #2 0x7f98ecbab6d0 in __interceptor_memcmp /home/dodji/git/gcc/master/libsanitizer/asan/asan_interceptors.cc:295 (discriminator 7) >> #3 0x400b0a in main /home/dodji/git/gcc/master/gcc/testsuite/c-c++-common/asan/memcmp-1.c:14 > > That looks like a bug in libasan, __asan_report_error doesn't call memcmp > again. So something is wrong with getting proper backtrace it seems. Correct. I'll need to get familiar with the backtracing part then, unless someone beats me to it.
diff --git a/gcc/testsuite/c-c++-common/asan/memcmp-1.c b/gcc/testsuite/c-c++-common/asan/memcmp-1.c index 03f32e9..9a62e33 100644 --- a/gcc/testsuite/c-c++-common/asan/memcmp-1.c +++ b/gcc/testsuite/c-c++-common/asan/memcmp-1.c @@ -16,5 +16,9 @@ main () } /* { dg-output "ERROR: AddressSanitizer: stack-buffer-overflow.*(\n|\r\n|\r)" } */ -/* { dg-output " #0 0x\[0-9a-f\]+ (in _*(interceptor_|)memcmp |\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ -/* { dg-output " #1 0x\[0-9a-f\]+ (in _*main|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in _*(interceptor_|)memcmp |\[(\])\[^\n\r\]*(\n|\r\n|\r)" } */ +/* { dg-output "(\[^\r\n\]*(\n|\r\n|\r))+" } */ +/* { dg-output " #\[0-9\]+ 0x\[0-9a-f\]+ in main"} */ +/* { dg-output "(\[^\r\n\]*(\n|\r\n|\r))+" } */ +/* { dg-output "Address 0x\[0-9a-f\] is located in stack of thread T0 at offset \[0-9\]+ in frame (\n|\r\n|\r)"} */ +/* { dg-output " #0 0x\[0-9a-f\]+ in main" } */ diff --git a/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c b/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c index 3ed9fd6..b1a4cda 100644 --- a/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c +++ b/gcc/testsuite/c-c++-common/asan/strncpy-overflow-1.c @@ -13,9 +13,10 @@ int main(int argc, char **argv) { } /* { dg-output "WRITE of size \[0-9\]* at 0x\[0-9a-f\]+ thread T0\[^\n\r]*(\n|\r\n|\r)" } */ -/* { dg-output " #0 0x\[0-9a-f\]+ (in _*(interceptor_|)strncpy|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ -/* { dg-output " #1 0x\[0-9a-f\]+ (in _*main (\[^\n\r]*strncpy-overflow-1.c:11|\[^\n\r]*:0)|\[(\]).*(\n|\r\n|\r)" } */ -/* { dg-output "\[^\n\r]*0x\[0-9a-f\]+ is located 0 bytes to the right of 9-byte region\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in _*(interceptor_|)strncpy|\[(\])\[^\n\r\]*(\n|\r\n|\r)" } */ +/* { dg-output "(\[^\r\n\]*(\n|\r\n|\r))+" } */ +/* { dg-output " #\[0-9\]+ 0x\[0-9a-f\]+ in main"} */ +/* { dg-output "\[^\n\r\]*0x\[0-9a-f\]+ is located 0 bytes to the right of 9-byte region\[^\n\r]*(\n|\r\n|\r)" } */ /* { dg-output "\[^\n\r]*allocated by thread T0 here:\[^\n\r]*(\n|\r\n|\r)" } */ /* { dg-output " #0 0x\[0-9a-f\]+ (in _*(interceptor_|)malloc|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ -/* { dg-output " #1 0x\[0-9a-f\]+ (in _*main (\[^\n\r]*strncpy-overflow-1.c:10|\[^\n\r]*:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */ +/* { dg-output " #1 0x\[0-9a-f\]+ (in main (\[^\n\r\]*strncpy-overflow-1.c:10|\[^\n\r]*:0)|\[(\])\[^\n\r]*(\n|\r\n|\r)" } */