https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71291
Bug ID: 71291
Summary: Firefox with GCC reports stack-buffer-overflow but
clang does not
Product: gcc
Version: 5.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: gk at torproject dot org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Created attachment 38572
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=38572&action=edit
Patch for building mozilla-central with GCC and ASan
I recently reported a bug to the Mozilla team about a reproducible stack buffer
overflow. To my surprise this ASan report only happens with GCC. Using
different clang versions is working fine. The Mozilla folks concluded this is a
GCC bug and closed the report as WORKSFORME.
I've tested with GCC 5.2.0/5.3.1 and with the latest code on gcc-6-branch
(which contains the latest ASan changes in GCC if I got that right) both
Firefox 45 ESR and latest mozilla-central. The ASan crash is always
reproducible for me.
STR:
1) Build Firefox with a .mozconfig file like:
. $topsrcdir/browser/config/mozconfig
export CFLAGS="-fsanitize=address -Dxmalloc=myxmalloc"
export CXXFLAGS="-fsanitize=address -Dxmalloc=myxmalloc"
# We need to add -ldl explicitely due to bug 1213698
export LDFLAGS="-fsanitize=address -ldl"
ac_add_options --enable-address-sanitizer
ac_add_options --disable-jemalloc
ac_add_options --disable-elf-hack
(if you build mozilla-central you need the attached asan.patch as well)
2) Go to http://lab.hakim.se/meny/ and move with the mouse to the left corner
3) The build crashes with a srack-buffer-overflow report.
