search

steleman / address-sanitizer

Automatically exported from code.google.com/p/address-sanitizer
0 stars 0 forks source link

Mixing instrumented and non-instrumented runtime initializers can cause segfaults #363

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
This is probably a known thing/limitation, but I haven't found an open bug 
about it.

When linking together instrumented and non-instrumented object files, if the 
non-instrumented code contains C++ global runtime initialization, these 
initializers can be invoked before ASan's runtime is initialized. Such a 
initializer can call a function from an *instrumented* file, which can crash 
because the runtime is not initialized (there's no shadow memory). Example:

Instrumented:

    void func(char *ptr) {
        *ptr = 'X';
    }

Not instrumented:

    struct C1 {
        C1() {
            char buffer[10];
            func(buffer);
        }
    };

    C1 *obj = new C1();

This will segfault in func() because it will try to read from the shadow memory.

Attached a test case for this, that reproduces the segfault (at least on OS X).

Original issue reported on code.google.com by kuba.brecka@gmail.com on 9 Dec 2014 at 9:26

Attachments:

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago

Original comment by kuba.brecka@gmail.com on 9 Dec 2014 at 9:30

GoogleCodeExporter commented 9 years ago 
We had same problem in GCC which uses dynamic runtime as well (see 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58937). I think it eventually got 
"fixed" by ensuring that libasan intercepts one of the functions called in 
glibc's (or libstdc++? don't remember) initializer and lazily calling asan_init 
there. Perhaps same approach could be used for OSX? BTW am I the only one to 
think that inability to control initializer order is a major disadvantage of 
Linux shlibs?

Original comment by tetra2...@gmail.com on 9 Dec 2014 at 10:46

GoogleCodeExporter commented 9 years ago 
Proposed a fix in http://reviews.llvm.org/D7117.

Original comment by kuba.brecka@gmail.com on 22 Jan 2015 at 4:17

GoogleCodeExporter commented 9 years ago 
Committed in r226929.

Original comment by kuba.brecka@gmail.com on 23 Jan 2015 at 9:53