ark0f
commented
1 day ago Note: AddressSanitizer aborts since Wasmer 2.3.0 (corosensei introduced) and don't abort on Wasmer 2.2.1 with latest toolchain
Open grishasobol opened 3 days ago
ark0f
commented
1 day ago Note: AddressSanitizer aborts since Wasmer 2.3.0 (corosensei introduced) and don't abort on Wasmer 2.2.1 with latest toolchain
Hi wasmer team!!
Describe the bug
Catch the problem when run wasmer on Rust thru asan sanitizer:
cargo test output
running 1 test ================================================================= ==2857==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x000105e83bc0 at pc 0x000103c30318 bp 0x000105e83a50 sp 0x000105e83200 WRITE of size 48 at 0x000105e83bc0 thread T1 #0 0x103c30314 in __asan_memcpy+0x420 (librustc-nightly_rt.asan.dylib:arm64+0x4c314) Address 0x000105e83bc0 is a wild pointer inside of access range of size 0x000000000030. SUMMARY: AddressSanitizer: stack-buffer-underflow (librustc-nightly_rt.asan.dylib:arm64+0x4c314) in __asan_memcpy+0x420 Shadow bytes around the buggy address: 0x000105e83900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x000105e83980: f1 f1 f1 f1 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 0x000105e83a00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 0x000105e83a80: 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00 0x000105e83b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x000105e83b80: 00 00 00 00 00 00 00 00[f1]f1 f1 f1 00 00 00 00 0x000105e83c00: 00 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 0x000105e83c80: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 f3 f3 0x000105e83d00: f3 f3 f3 f3 f8 f8 f2 f2 f2 f2 00 00 00 00 00 f2 0x000105e83d80: f2 f2 f2 f2 00 00 00 00 f1 f1 f1 f1 f8 f8 f8 f8 0x000105e83e00: f8 f8 f2 f2 f2 f2 00 00 00 00 00 00 f2 f2 f2 f2 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Thread T1 created by T0 here: #0 0x103c2ad88 in pthread_create+0x58 (librustc-nightly_rt.asan.dylib:arm64+0x46d88) #1 0x101bf68c4 in std::sys::pal::unix::thread::Thread::new::h12e6ce2921b08305+0xc8 (wasmer_fail-80df422d0123702d:arm64+0x10175a8c4) #2 0x101bc7a80 in test::run_test::hc93c06cf7c970a54+0xaa0 (wasmer_fail-80df422d0123702d:arm64+0x10172ba80) #3 0x101baf6c8 in test::console::run_tests_console::h368a56c574d5cbc8+0x11dc (wasmer_fail-80df422d0123702d:arm64+0x1017136c8) #4 0x101bc4f60 in test::test_main::hf6ac6aab472272ca+0x1ec (wasmer_fail-80df422d0123702d:arm64+0x101728f60) #5 0x101bc5b04 in test::test_main_static::h16ca74eaa6b88285+0x54 (wasmer_fail-80df422d0123702d:arm64+0x101729b04) #6 0x1004b97b0 in wasmer_fail::main::h5d6fa1596e8ae7f9 lib.rs:1 #7 0x1004a3578 in core::ops::function::FnOnce::call_once::hca11f13f36c3b746 function.rs:250 #8 0x1004adfcc in std::sys::backtrace::__rust_begin_short_backtrace::h8ceea1e0b9f546a8 backtrace.rs:155 #9 0x1004ab23c in std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::h852f84421ecb4d76 rt.rs:159 #10 0x101be9768 in std::rt::lang_start_internal::hb0f920d1b02fc260+0x27c (wasmer_fail-80df422d0123702d:arm64+0x10174d768) #11 0x1004ab074 in std::rt::lang_start::h050279d6769f6ad7 rt.rs:158 #12 0x1004b97dc in main+0x20 (wasmer_fail-80df422d0123702d:arm64+0x10001d7dc) #13 0x19edcb150 ()
#14 0x904ffffffffffffc ()
==2857==ABORTING
error: test failed, to rerun pass `--lib`
Caused by:
process didn't exit successfully: `wasmer-fail/target/aarch64-apple-darwin/debug/deps/wasmer_fail-80df422d0123702d` (signal: 6, SIGABRT: process abort signal)
Steps to reproduce
Environment
Thoughts
Maybe the problem is connected with how user panics are handled in wasmer using corosensei, which includes complex manipulations with stack.