[Bug sanitizer/84250] New: Symbol collision when using both Address and Undefined Behavior sanitizers (-fsanitize=address,undefined)

Tue, 06 Feb 2018 11:59:38 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84250

            Bug ID: 84250
           Summary: Symbol collision when using both Address and Undefined
                    Behavior sanitizers (-fsanitize=address,undefined)
           Product: gcc
           Version: 6.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: pedronavf at gmail dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at 
gcc dot gnu.org
  Target Milestone: ---

When using both Address and Undefined Behavior sanitizers
(-fsanitize=address,undefined ) the reporting functions, like
__sanitizer_set_report_path, get called only for Address Sanitizer.

Because both sanitizers statically link libsanitizer_common (where the
__report_* functions are) both libraries have the __sanitizer_set_report_path
symbol and the linker resolves the call to the one in libasan.so. Also, this
issue is the one that causes UBSAN_OPTIONS to not respect the "log_path" flag
when using both sanitizers.

Clang's approach is to embed ubsan in asan when using both sanitizers
(https://github.com/google/sanitizers/issues/912).

Test program (test.cpp)

#include <sanitizer/common_interface_defs.h>
int main(int argc, char **argv) {
  __sanitizer_set_report_path("/tmp/sanitizer.txt");
  int i = 23;
  i <<= 32;
  int *array = new int[100];
  delete [] array;
  return array[argc];
}

Compile: g++ -O -g -fsanitize=address test.cpp (works)
         g++ -O -g -fsanitize=undefined test.cpp (works)
         g++ -O -g -fsanitize=address,undefined test.cpp (doesn't work!)

This program triggers both asan and ubsan. When using -fsanitize=address or
-fsanitize=undefined the sanitizer output is correctly written to
/tmp/sanitizer.txt.<pid>. When using both sanitizers, only asan's gets written
to file; ubsan output goes to stderr.

The same thing happens when linking the sanitizers statically (-static-libasan
-static-libubsan), but I found out that using __sanitizer_set_report_path never
works for ubsan when linking statically:

g++ -O -g -fsanitize=undefined test.cpp -static-libubsan

Reply via email to