[Bug sanitizer/102911] New: AddressSanitizer: CHECK failed: asan_malloc_linux.cpp:46

hjl.tools at gmail dot com via Gcc-bugs Sat, 23 Oct 2021 16:37:18 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102911


            Bug ID: 102911
           Summary: AddressSanitizer: CHECK failed:
                    asan_malloc_linux.cpp:46
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: hjl.tools at gmail dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at 
gcc dot gnu.org
  Target Milestone: ---

On Fedora 35/x86-64 with glibc 2.34, I got

[hjl@gnu-skx-1 gcc]$
/export/users/hjl/build/gnu/tools-build/gcc-debug/build-x86_64-linux/gcc/xgcc
-B/export/users/hjl/build/gnu/tools-build/gcc-debug/build-x86_64-linux/gcc/
/export/gnu/import/git/sources/gcc/gcc/testsuite/c-c++-common/asan/alloca_detect_custom_size.c
-m32
-B/export/users/hjl/build/gnu/tools-build/gcc-debug/build-x86_64-linux/x86_64-pc-linux-gnu/32/libsanitizer/
-B/export/users/hjl/build/gnu/tools-build/gcc-debug/build-x86_64-linux/x86_64-pc-linux-gnu/32/libsanitizer/asan/
-L/export/users/hjl/build/gnu/tools-build/gcc-debug/build-x86_64-linux/x86_64-pc-linux-gnu/32/libsanitizer/asan/.libs
-fsanitize=address -g
-I/export/gnu/import/git/sources/gcc/gcc/testsuite/../../libsanitizer/include
-fdiagnostics-plain-output    -O0    -lm  -o
./alloca_detect_custom_size.exe.bad
[hjl@gnu-skx-1 gcc]$ export
LD_LIBRARY_PATH=/export/build/gnu/tools-build/gcc-debug/build-x86_64-linux/x86_64-pc-linux-gnu/32/libsanitizer/asan/.libs
[hjl@gnu-skx-1 gcc]$ ./alloca_detect_custom_size.exe.bad
=================================================================
==3485262==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address
0xffe51f80 at pc 0x08049279 bp 0xffe51e98 sp 0xffe51e8c
WRITE of size 1 at 0xffe51f80 thread T0
    #0 0x8049278 in foo
/export/gnu/import/git/sources/gcc/gcc/testsuite/c-c++-common/asan/alloca_detect_custom_size.c:16
    #1 0x80492dc in main
/export/gnu/import/git/sources/gcc/gcc/testsuite/c-c++-common/asan/alloca_detect_custom_size.c:20
    #2 0xf7653468 in __libc_start_call_main (/lib/libc.so.6+0x25468)
    #3 0xf765355f in __libc_start_main@@GLIBC_2.34 (/lib/libc.so.6+0x2555f)
    #4 0x80490eb in _start
(/export/users/hjl/build/gnu/tools-build/gcc-debug/build-x86_64-linux/gcc/testsuite/gcc/alloca_detect_custom_size.exe.bad+0x80490eb)

Address 0xffe51f80 is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow
/export/gnu/import/git/sources/gcc/gcc/testsuite/c-c++-common/asan/alloca_detect_custom_size.c:16
in foo
Shadow bytes around the buggy address:
  0x3ffca3a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3ffca3b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3ffca3c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3ffca3d0: 00 00 00 00 00 00 00 00 ca ca ca ca 00 00 00 00
  0x3ffca3e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x3ffca3f0:[cb]cb cb cb 00 00 00 00 00 00 00 00 00 00 00 00
  0x3ffca400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3ffca410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3ffca420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3ffca430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x3ffca440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==3485262==ABORTING
[hjl@gnu-skx-1 gcc]$ export
LD_LIBRARY_PATH=/export/users/hjl/build/gnu/tools-build/gcc-debug/build-x86_64-linux/x86_64-pc-linux-gnu/32/libsanitizer/asan/.libs
[hjl@gnu-skx-1 gcc]$ ./alloca_detect_custom_size.exe.bad
AddressSanitizer: CHECK failed: asan_malloc_linux.cpp:46
"((allocated_for_dlsym)) < ((kDlsymAllocPoolSize))" (0x421, 0x400)
(tid=3485264)
    <empty stack>

[hjl@gnu-skx-1 gcc]$ ls -l /export/build
lrwxrwxrwx 1 hjl hjl 15 Dec  4  2018 /export/build -> users/hjl/build
[hjl@gnu-skx-1 gcc]$ 

It is related to

https://bugs.llvm.org/show_bug.cgi?id=33206

[Bug sanitizer/102911] New: AddressSanitizer: CHECK failed: asan_malloc_linux.cpp:46

Reply via email to