[Bug sanitizer/58994] asan.exp regressions on x86_64 darwin at -m64 but not -m32 at r204372

Thu, 07 Nov 2013 19:39:58 -0800 

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58994

--- Comment #3 from Jack Howarth <howarth at nitro dot med.uc.edu> ---
On x86_64-apple-darwin11, at r204551, I only see the single failure of…

FAIL: c-c++-common/asan/strncpy-overflow-1.c  -O0  execution test

at both -m32 and -m64. More interestingly, if I compile the -m64 test case…

 /sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/xgcc
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/
/sw/src/fink.build/gcc49-4.9.0-1000/gcc-4.9-20131107/gcc/testsuite/c-c++-common/asan/global-overflow-1.c
 
-B/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin11.4.2/./libsanitizer/asan/

-L/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/x86_64-apple-darwin11.4.2/./libsanitizer/asan/.libs
 -fsanitize=address -g -fno-diagnostics-show-caret -fdiagnostics-color=never  
-O0  -fno-builtin-memset  -lm   -m64 -o ./global-overflow-1.exe 

, place it in the same directory as the libasan.1.dylib, libgcc_s.1.dylib and
libstdc++.6.dylib shared libraries and execute…

# setenv DYLD_LIBRARY_PATH .
# ./global-overflow-1.exe
=================================================================
==64301==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000102eaf1ea at pc 0x102eaed1c bp 0x7fff62aad740 sp 0x7fff62aad738
READ of size 1 at 0x000102eaf1ea thread T0
    #0 0x102eaed1b
(/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/testsuite/gcc/temp/./global-overflow-1.exe+0x100000d1b)
    #1 0x102eaec7f
(/sw/src/fink.build/gcc49-4.9.0-1000/darwin_objdir/gcc/testsuite/gcc/temp/./global-overflow-1.exe+0x100000c7f)
    #2 0x0
0x000102eaf1ea is located 0 bytes to the right of global variable 'YYY' from
'/sw/src/fink.build/gcc49-4.9.0-1000/gcc-4.9-20131107/gcc/testsuite/c-c++-common/asan/global-overflow-1.c'
(0x102eaf1e0) of size 10
0x000102eaf1ea is located 54 bytes to the left of global variable 'ZZZ' from
'/sw/src/fink.build/gcc49-4.9.0-1000/gcc-4.9-20131107/gcc/testsuite/c-c++-common/asan/global-overflow-1.c'
(0x102eaf220) of size 10
Shadow bytes around the buggy address:
  0x1000205d5de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000205d5df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000205d5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000205d5e10: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x1000205d5e20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1000205d5e30: 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 00[02]f9 f9
  0x1000205d5e40: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x1000205d5e50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000205d5e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000205d5e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000205d5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap right redzone:    fb
  Freed heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==64301==ABORTING

it works as expected on darwin11. If I move this directory of files built under
darwin11 to a darwin12 machine, the same binaries produce the failure…

% setenv DYLD_LIBRARY_PATH .
% ./global-overflow-1.exe
==65680==AddressSanitizer CHECK failed:
../../../../gcc-4.9-20131107/libsanitizer/sanitizer_common/sanitizer_mac.cc:146
"((env_ptr)) != (0)" (0x0, 0x0)

My initial guess would be that the stricter ASLR could be in play but compiling
the test case with -Wl,-no_pie doesn't suppress the error on darwin12/13.

Reply via email to