steleman / address-sanitizer

Automatically exported from code.google.com/p/address-sanitizer
0 stars 0 forks source link

On OS X when not re-execing, ASan overwrites already used memory #365

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
On OS X, since ASan is a dynamic shared library, there are cases when the 
runtime is initialized "late". For example when the main executable is not 
instrumented, but another library that is loaded later is. When this happens, 
ASan tries to re-exec with DYLD_INSERT_LIBRARIES to make sure the interceptors 
work. However this can either fail (e.g. in a sandbox where exec is disabled) 
or one can use allow_reexec=0 to disallow re-exec. In these cases, the 
initialization of the shadow memory or the allocator's memory regions can 
overwrite an already existing memory. The mmap() call that is used to 
initialize these regions doesn't fail when there already is a memory mapping at 
these locations, instead it simply overwrites the mappings. This is a known and 
documented limitation of using MAP_FIXED. However, the current behavior leads 
to random crashes and memory corruptions in these cases. See the attached test 
case.

What I think we should do is:
1) Add a check whether the memory region is already used before the mmap(), and 
abort if it is.
2) Add an abort when a re-exec fails.
3) Remove the "allow_reexec" flag.

Original issue reported on code.google.com by kuba.brecka@gmail.com on 18 Dec 2014 at 8:11

Attachments:

GoogleCodeExporter commented 9 years ago
There already is a check that the shadow memory range does not interleave with 
the existing library mappings. It's possible to also check for anonymous 
mappings as well, but that might be quite slow.
I think we just need to remove the allow_reexec flag and print a warning 
suggesting to manually run with DYLD_INSERT_LIBRARIES if re-exec fails.
Will that cover your use cases?

Original comment by ramosian.glider@gmail.com on 19 Dec 2014 at 9:45