search

ramosian-glider / sanitizer-issues

test
0 stars 0 forks source link

CHECK failure on racy double-free #57

Closed ramosian-glider closed 9 years ago

ramosian-glider commented 9 years ago

Originally reported on Google Code with ID 57

1. Insert SleepForSeconds(1) somewhere into __asan::Deallocate()
e.g. here (r153443): 

--- asan_allocator.cc   (revision 153443)
+++ asan_allocator.cc   (working copy)
@@ -718,6 +718,7 @@
   CHECK(m->chunk_state == CHUNK_ALLOCATED);
   CHECK(m->free_tid == AsanThread::kInvalidTid);
   CHECK(m->alloc_tid >= 0);
+  SleepForSeconds(1);
   AsanThread *t = asanThreadRegistry().GetCurrent();
   m->free_tid = t ? t->tid() : 0;
   AsanStackTrace::CompressStack(stack, m->compressed_free_stack(),

2. Run this: 
clang -faddress-sanitizer tests/asan_racy_double_free_test.cc && ./a.out 

==20576== CHECK failed: !last_->next at asan_allocator.cc:267

I don't see how it may happen in a correct program, so this is not a showstopper. 
But on a rare occasion we may crash instead of properly reporting a racy double-free

Reported by konstantin.s.serebryany on 2012-03-28 18:34:55

ramosian-glider commented 9 years ago 
I guess we need to flip m->chunk_state with "LOCK XCHG" 
at the very beginning of __asan::Deallocate()
Dmitry, WDYT?

Reported by konstantin.s.serebryany on 2012-03-28 18:43:01

ramosian-glider commented 9 years ago 
Like this http://codereview.appspot.com/5944044/diff/1/asan_allocator.cc
Timur/Eugeni, plese advice how to implement atomic exchange on Windows and Android.

Reported by konstantin.s.serebryany on 2012-03-28 20:59:54

ramosian-glider commented 9 years ago 
It more depends on the compiler. LLVM should support __sync_xxx everywhere.
On windows it may support _InterlockedExchange as well.

Reported by dvyukov@google.com on 2012-03-29 03:54:45

ramosian-glider commented 9 years ago 
__sync_xxx support depends on the runtime library. AFAIK, on Android it either does
not work, or did not work some time ago.

Reported by eugenis@google.com on 2012-03-29 12:29:13

ramosian-glider commented 9 years ago 
__sync_val_compare_and_swap seems to be working

Reported by eugenis@google.com on 2012-03-29 12:39:12

ramosian-glider commented 9 years ago 
Should be fixed by LLVM r154097

Reported by konstantin.s.serebryany on 2012-04-05 15:57:10

ramosian-glider commented 9 years ago 
Adding Project:AddressSanitizer as part of GitHub migration.

Reported by ramosian.glider on 2015-07-30 09:12:58