search

ramosian-glider / sanitizer-issues

test
0 stars 0 forks source link

Symbolicated trace is sometimes off by one on Mac #91

Closed ramosian-glider closed 9 years ago

ramosian-glider commented 9 years ago

Originally reported on Google Code with ID 91

What steps will reproduce the problem?
1.
Build the following program with asan on Lion.
#include <stdlib.h>

int main() {
    int *p1 = malloc(128);
    free(p1);
    return *p1;
}

$ clang -O1 -g -fno-omit-frame-pointer -faddress-sanitizer ~/tmp/ex.c
$./a.out 2>&1 | asan_symbolize.py

2.Getting this output:
=================================================================
==59539== ERROR: AddressSanitizer heap-use-after-free on address 0x00010c6dff80 at
pc 0x10a09b5d2 bp 0x7fff69c998a0 sp 0x7fff69c99898
READ of size 4 at 0x00010c6dff80 thread T0
atos -o /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/./a.out
-arch x86_64 -l 0x10a09a000
got symbolicator for /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/a.out,
base address 100000000
    #0 0x10a09b5d1 in main ex.c:6
atos -o /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/./a.out
-arch x86_64 -l 0x10a09a000
got symbolicator for /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/a.out,
base address 100000000
    #1 0x10a09b574 in start (in a.out) + 52
    #2 0x1
0x00010c6dff80 is located 0 bytes inside of 128-byte region [0x00010c6dff80,0x00010c6e0000)
freed by thread T0 here:
atos -o /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/./a.out
-arch x86_64 -l 0x10a09a000
got symbolicator for /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/a.out,
base address 100000000
    #0 0x10a0a4071 in (anonymous namespace)::mz_free(_malloc_zone_t*, void*) (in a.out)
+ 65
atos -o /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/./a.out
-arch x86_64 -l 0x10a09a000
got symbolicator for /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/a.out,
base address 100000000
    #1 0x10a0a3770 in wrap_free (in a.out) + 80
atos -o /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/./a.out
-arch x86_64 -l 0x10a09a000
got symbolicator for /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/a.out,
base address 100000000
    #2 0x10a09b59b in main ex.c:6
atos -o /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/./a.out
-arch x86_64 -l 0x10a09a000
got symbolicator for /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/a.out,
base address 100000000
    #3 0x10a09b574 in start (in a.out) + 52
    #4 0x1
previously allocated by thread T0 here:
atos -o /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/./a.out
-arch x86_64 -l 0x10a09a000
got symbolicator for /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/a.out,
base address 100000000
    #0 0x10a0a3e5c in (anonymous namespace)::mz_malloc(_malloc_zone_t*, unsigned long)
(in a.out) + 44
atos -o /usr/lib/system/libsystem_c.dylib -arch x86_64 -l 0x0
    #1 0x7fff902a73c8 in malloc_zone_malloc (in libsystem_c.dylib) + 77
atos -o /usr/lib/system/libsystem_c.dylib -arch x86_64 -l 0x0
    #2 0x7fff902a81a4 in malloc (in libsystem_c.dylib) + 44
atos -o /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/./a.out
-arch x86_64 -l 0x10a09a000
got symbolicator for /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/a.out,
base address 100000000
    #3 0x10a09b590 in main ex.c:4
atos -o /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/./a.out
-arch x86_64 -l 0x10a09a000
got symbolicator for /Applications/Xcode.app/Contents/Developer/Toolchains/iOS6.0.xctoolchain/usr/bin/a.out,
base address 100000000
    #4 0x10a09b574 in start (in a.out) + 52
    #5 0x1

What is the expected output? What do you see instead?
Notice that both free and use-after-fre are reported to be on the same line (main ex.c:6).
Free should is on line 5.

What version of the product are you using? On what operating system?
MacOSX Lion. TOT clang

Reported by zaks.anna on 2012-07-18 16:57:31

ramosian-glider commented 9 years ago

Reported by samsonov@google.com on 2012-07-19 12:02:49

ramosian-glider commented 9 years ago 
Works for me with ToT clang on Lion.

Reported by ramosian.glider on 2012-07-19 15:22:59

ramosian-glider commented 9 years ago 
(after r160508 which contained a fix for this bug)

Reported by ramosian.glider on 2012-07-19 15:23:58

ramosian-glider commented 9 years ago 
The stack traces seem to be more exact now.

Reported by samsonov@google.com on 2012-07-30 09:03:04

ramosian-glider commented 9 years ago 
Adding Project:AddressSanitizer as part of GitHub migration.

Reported by ramosian.glider on 2015-07-30 09:12:59