[UBSan/Win] "access-violation on unknown address", __asan_unpoison_stack_memory

[Quuxplusone]

Bugzilla Link	PR33027
Status	NEW
Importance	P enhancement
Reported by	Mikhail Strelnikov (mikhail.strelnikov@gmail.com)
Reported on	2017-05-12 08:59:58 -0700
Last modified on	2018-06-13 13:05:18 -0700
Version	unspecified
Hardware	PC Windows NT
CC	dgregor@apple.com, llvm-bugs@lists.llvm.org, vitalybuka@google.com
Fixed by commit(s)
Attachments	ubsan-win-exception-crash.zip (681 bytes, application/x-zip-compressed)
Blocks
Blocked by
See also

Created attachment 18437
test.bat and test.cpp

class e
{
public:
    virtual void what() const
    {
    }
};

int main()
{
    try
    {
        throw e();
    }
    catch (e const & z)
    {
        z.what();
    }
}

call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"
amd64
"C:\Program Files\LLVM\bin\clang-cl.exe" test.cpp -Fo"exe.obj" /MT /EHsc -
fsanitize=address -fsanitize=undefined /Z7 -c
link /nologo /MACHINE:X64 /MANIFEST /subsystem:console /out:"exe.exe"  /DEBUG
"C:\Program Files\LLVM\lib\clang\5.0.0\lib\windows\clang_rt.asan-x86_64.lib"
"exe.obj"
"C:\Program Files\LLVM\bin\lldb.exe" exe.exe -o r -o q

(lldb) Process 6860 crashed
* thread #1, stop reason = Exception 0xc0000005 encountered at address
0x7ff674198f2b
    frame #0: 0x00007ff674198f2b exe.exe`__asan_unpoison_stack_memory + 16745
exe.exe`__asan_unpoison_stack_memory:
->  0x7ff674198f2b <+16745>: movq   (%rax), %rcx
    0x7ff674198f2e <+16748>: movq   %rcx, %rdx
    0x7ff674198f31 <+16751>: shrq   $0x3, %rdx
    0x7ff674198f35 <+16755>: movq   0x78(%rbx), %r8

When started without debugger:

=================================================================
==9380==ERROR: AddressSanitizer: access-violation on unknown address
0x000000000000 (pc 0x7ff7aa6c8f2b bp 0x00a8026ffd80 sp 0x00a8026fd6b0 T0)
==9380==The signal is caused by a READ memory access.
==9380==Hint: address points to the zero page.
    #0 0x7ff7aa6c8f2a in main test.cpp:18
    #1 0x7ff7aa72390f in _CallSettingFrame f:\dd\vctools\crt\vcruntime\src\eh\amd64\handlers.asm:49
    #2 0x7ff7aa718c73 in __CxxCallCatchBlock f:\dd\vctools\crt\vcruntime\src\eh\frame.cpp:1322
    #3 0x7ff868059612 in RtlCaptureContext+0x3e2 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x1800a9612)
    #4 0x7ff7aa6c8e0b in main test.cpp:14
    #5 0x7ff7aa714508 in __scrt_common_main_seh f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:253
    #6 0x7ff867c42773 in BaseThreadInitThunk+0x13 (C:\WINDOWS\System32\KERNEL32.DLL+0x180012773)
    #7 0x7ff868020d60 in RtlUserThreadStart+0x20 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x180070d60)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: access-violation test.cpp:18 in main
==9380==ABORTING

[Quuxplusone]

Attached ubsan-win-exception-crash.zip (681 bytes, application/x-zip-compressed): test.bat and test.cpp

[Quuxplusone]

I've tried to simplify this by compiling and linking in one step, got same
result:

F:\33027>type 33027.cpp
class e
{
public:
    virtual void what() const
    {
    }
};

int main()
{
    try
    {
        throw e{};
    }
    catch (e const & z)
    {
        z.what();
    }
}

F:\33027>"C:\Program Files\LLVM\bin\clang++.exe" -fuse-ld=lld -O1 -g -
fsanitize=address 33027.cpp -o"exe.exe"
C:\Program Files\LLVM\bin\lld-link: warning: ignoring unknown argument: -
wholearchive:C:\Program Files\LLVM\lib\clang\6.0.0\lib\windows\clang_rt.asan-
x86_64.lib
C:\Program Files\LLVM\bin\lld-link: warning: ignoring unknown argument: -
wholearchive:C:\Program
Files\LLVM\lib\clang\6.0.0\lib\windows\clang_rt.asan_cxx-x86_64.lib

F:\33027>"C:\Program Files\LLVM\bin\lldb.exe" exe.exe -o r -o q
(lldb) target create "exe.exe"
Current executable set to 'exe.exe' (x86_64).
(lldb) r
Process 7360 launching
(lldb) Process 7360 crashed
* thread #1, stop reason = Exception 0xc0000005 encountered at address
0x7ff7adbbe1c4
    frame #0: 0x00007ff7adbbe1c4 exe.exe`main at 33027.cpp:17
   14       }

   15       catch (e const & z)

   16       {

-> 17           z.[4mw[0mhat();

   18       }

   19   }

Process 7360 launched: 'F:\33027\exe.exe' (x86_64)
(lldb) q