ramosian-glider / address-sanitizer

Automatically exported from code.google.com/p/address-sanitizer
0 stars 0 forks source link

-fsanitize=address should probably imply -Bsymbolic #402

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
We recently switched Firefox to use Gtk+3 instead of Gtk+2. The result on ASan 
was that it started complaining about buffer overflow in unrelated code 
(CTypes). The reason for that, it turns out, is that the CTypes code in Firefox 
uses an embedded libffi. It so happens that the symbols for that libffi are 
exported from libxul.so (the library that contains most Firefox code), and that 
Gtk+3 pulls the system libffi through libwayland-client. So at runtime, the ffi 
symbols that the CTypes code uses end up pointing to the system ffi version of 
the symbols. And ASan doesn't behave properly in that case. It's assuming that 
those symbols are never interposed. Considering that assumption, 
-fsanitize=address should imply -Bsymbolic, which would ensure that assumption 
remains true.

You can see for yourself what happens without -Bsymbolic with this build: 
http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/mh@glandium.org-924547
e8e055/try-linux64-asan/firefox-42.0a1.en-US.linux-x86_64-asan.tar.bz2
(Note those builds disappear rather quickly, I think they expire after 2 weeks)

Original issue reported on code.google.com by gland...@gmail.com on 26 Jul 2015 at 12:12

GoogleCodeExporter commented 9 years ago
-Bsymbolic does not sound like a good idea at all and it will break more things 
than it will fix.
It also sounds like you have a glaring ODR violation by pulling in two versions 
of the same library in one process.
Is it gcc-asan or clang-asan? Off the top of my head, this could be related to 
the --export-dynamic behavior of clang-asan. Is it possible that you are 
already using -Bsymbolic to work around the ODR issues, and ASan somehow 
disables that?

I did not understand the part about ASan assuming that some symbols are never 
interposed. Is that something that _Firefox_ is assuming?

Did I understand correctly that in the usual build, libffi is not re-exported 
from libxul, but with ASan it is re-exported?

Original comment by euge...@google.com on 26 Jul 2015 at 8:09

GoogleCodeExporter commented 9 years ago
Adding Project:AddressSanitizer as part of GitHub migration.

Original comment by ramosian.glider@gmail.com on 30 Jul 2015 at 9:06