This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug sanitizer/79096] [7 Regression] address sanitizer and jni does not work
- From: "physiker at toast2 dot net" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Tue, 17 Jan 2017 19:14:15 +0000
- Subject: [Bug sanitizer/79096] [7 Regression] address sanitizer and jni does not work
- Auto-submitted: auto-generated
- References: <bug-79096-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79096
--- Comment #2 from physiker at toast2 dot net ---
> Am 16.01.2017 um 15:18 schrieb m.ostapenko at samsung dot com <gcc-bugzilla@gcc.gnu.org>:
>
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79096
>
> Maxim Ostapenko <m.ostapenko at samsung dot com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |m.ostapenko at samsung dot com
>
> --- Comment #1 from Maxim Ostapenko <m.ostapenko at samsung dot com> ---
> Not sure it really worked, because dlopening ASan'ed library from non-sanitized
> binary without preloading libasan is a bad idea. For GCC versions 5 and 6 there
> wasn't any check against this for Darwin, GCC 7 pulled it with last
> libsanitizer merge from LLVM (corresponding commit in LLVM:
> http://reviews.llvm.org/D18212). Have you tried to compile your library with
> clang btw?
>
For previous version of gcc setting DYLD_INSERT_LIBRARIES is not necessary.
Setting DYLD_INSERT_LIBRARIES as suggested for current versions of gcc 7 on the
x86_64-apple-darwin15.6.0 target does not solve the issue. On linux, preloading
libasan has always been necessary for getting the example to work. I do not
know how to successfully preload libasan on darwin. It does not seem to work
for the version of clang shipped with the operating system (Apple LLVM version
8.0.0 (clang-800.0.42.1)), either:
gcc -v -dynamiclib -fPIC -fsanitize=address
-I/System/Library/Frameworks/JavaVM.framework/Headers libTasan.c -o
libTasan.jnilib -fno-inline -fno-omit-frame-pointer -g
Apple LLVM version 8.0.0 (clang-800.0.42.1)
Target: x86_64-apple-darwin15.6.0
Thread model: posix
InstalledDir: /Library/Developer/CommandLineTools/usr/bin
"/Library/Developer/CommandLineTools/usr/bin/clang" -cc1 -triple
x86_64-apple-macosx10.11.0 -Wdeprecated-objc-isa-usage
-Werror=deprecated-objc-isa-usage -emit-obj -mrelax-all -disable-free
-disable-llvm-verifier -discard-value-names -main-file-name libTasan.c
-mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim
-masm-verbose -munwind-tables -target-cpu core2 -target-linker-version 274.2 -v
-dwarf-column-info -debug-info-kind=standalone -dwarf-version=2
-debugger-tuning=lldb -resource-dir
/Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0 -I
/System/Library/Frameworks/JavaVM.framework/Headers -fdebug-compilation-dir
/Users/Peter/Devel/jni/asan -ferror-limit 19 -fmessage-length 75
-fsanitize=address
-fsanitize-blacklist=/Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0/asan_blacklist.txt
-fno-assume-sane-operator-new -stack-protector 1 -fblocks -fno-inline
-fobjc-runtime=macosx-10.11.0 -fencode-extended-block-signature
-fmax-type-align=16 -fdiagnostics-show-option -o
/var/folders/97/4qnhjhtn25s86s9hkz0h37_m0000gn/T/libTasan-2e658d.o -x c
libTasan.c
clang -cc1 version 8.0.0 (clang-800.0.42.1) default target
x86_64-apple-darwin15.6.0
#include "..." search starts here:
#include <...> search starts here:
/System/Library/Frameworks/JavaVM.framework/Headers
/usr/local/include
/Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0/include
/Library/Developer/CommandLineTools/usr/include
/usr/include
/System/Library/Frameworks (framework directory)
/Library/Frameworks (framework directory)
End of search list.
libTasan.c:7:3: warning: array index 10 is past the end of the array (which
contains 10 elements) [-Warray-bounds]
stack_array[10] = 0;
^ ~~
libTasan.c:6:3: note: array 'stack_array' declared here
int stack_array[10];
^
1 warning generated.
"/Library/Developer/CommandLineTools/usr/bin/ld" -demangle -dynamic -dylib
-arch x86_64 -macosx_version_min 10.11.0 -o libTasan.jnilib
/var/folders/97/4qnhjhtn25s86s9hkz0h37_m0000gn/T/libTasan-2e658d.o
/Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
-rpath @executable_path -rpath
/Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0/lib/darwin
-lc++abi -lSystem
/Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0/lib/darwin/libclang_rt.osx.a
"/Library/Developer/CommandLineTools/usr/bin/dsymutil" -o libTasan.jnilib.dSYM
libTasan.jnilib
bash-3.2$ java Tasan
==915==ERROR: Interceptors are not working. This may be because
AddressSanitizer is loaded too late (e.g. via dlopen). Please launch the
executable with:
DYLD_INSERT_LIBRARIES=/Library/Developer/CommandLineTools/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
==915==AddressSanitizer CHECK failed:
/Library/Caches/com.apple.xbs/Sources/clang_compiler_rt/clang-800.0.42.1/src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:690
"(("interceptors not installed" && 0)) != (0)" (0x0, 0x0)
<empty stack>
Abort trap: 6
bash-3.2$
DYLD_INSERT_LIBRARIES=/Library/Developer/CommandLineTools/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
java Tasan
==918==ERROR: Interceptors are not working. This may be because
AddressSanitizer is loaded too late (e.g. via dlopen). Please launch the
executable with:
DYLD_INSERT_LIBRARIES=/Library/Developer/CommandLineTools/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
==918==AddressSanitizer CHECK failed:
/Library/Caches/com.apple.xbs/Sources/clang_compiler_rt/clang-800.0.42.1/src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:690
"(("interceptors not installed" && 0)) != (0)" (0x0, 0x0)
<empty stack>
Abort trap: 6
ls -l
/Library/Developer/CommandLineTools/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
-rwxr-xr-x 1 root admin 1543424 5 Dez 23:17
/Library/Developer/CommandLineTools/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
When the code is compiled by gcc version 6:
bash-3.2$ java Tasan
=================================================================
==953==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x700000219828
at pc 0x000122940e87 bp 0x7000002197c0 sp 0x7000002197b8
WRITE of size 4 at 0x700000219828 thread T0
#0 0x122940e86 in Java_Tasan_crash libTasan.c:7
#1 0x10bdb7573 (<unknown module>)
#2 0x10bda9ffc (<unknown module>)
#3 0x10bda24e6 (<unknown module>)
#4 0x10b0edbd1 in JavaCalls::call_helper(JavaValue*, methodHandle*,
JavaCallArguments*, Thread*) (libjvm.dylib+0x2edbd1)
#5 0x10b1249c9 in jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*,
JNICallType, _jmethodID*, JNI_ArgumentPusher*, Thread*) (libjvm.dylib+0x3249c9)
#6 0x10b11d740 in jni_CallStaticVoidMethod (libjvm.dylib+0x31d740)
#7 0x10a645930 in JavaMain (java+0x100003930)
#8 0x7fff9df4e99c in _pthread_body (libsystem_pthread.dylib+0x399c)
#9 0x7fff9df4e919 in _pthread_start (libsystem_pthread.dylib+0x3919)
#10 0x7fff9df4c350 in thread_start (libsystem_pthread.dylib+0x1350)
Address 0x700000219828 is located in stack of thread T0 at offset 72 in frame
#0 0x122940dbf in Java_Tasan_crash libTasan.c:5
This frame has 1 object(s):
[32, 72) 'stack_array' <== Memory access at offset 72 overflows this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow libTasan.c:7 in
Java_Tasan_crash
Shadow bytes around the buggy address:
0x1e00000432b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1e00000432c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1e00000432d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1e00000432e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1e00000432f0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x1e0000043300: 00 00 00 00 00[f4]f4 f4 f3 f3 f3 f3 00 00 00 00
0x1e0000043310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1e0000043320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1e0000043330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1e0000043340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1e0000043350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==953==ABORTING
Abort trap: 6
>> While running the file make.sh (included in the attachment) the error
>> message is:
>>
>> ==2099==ERROR: Interceptors are not working. This may be because
>> AddressSanitizer is loaded too late (e.g. via dlopen). Please launch the
>> executable with:
>> DYLD_INSERT_LIBRARIES=/usr/local/lib/libasan.4.dylib
>> "interceptors not installed" && 0./make.sh: line 7: 2099 Abort trap: 6
>> DYLD_INSERT_LIBRARIES=/usr/local/lib/libasan.4.dylib java Tasan
>>
>> Setting DYLD_INSERT_LIBRARIES as suggested (see the file make.sh) does not
>> make a difference.
>
> Strange. Are you sure /usr/local/lib/libasan.4.dylib exists on your system? I'm
> not sure how DYLD_INSERT_LIBRARIES works but assuming it works pretty like
> LD_PRELOAD on Linux interceptors should work fine.
>
ls -l /usr/local/lib/libasan*
-rwxr-xr-x 1 root wheel 1033884 15 Jan 12:36 /usr/local/lib/libasan.4.dylib
lrwxr-xr-x 1 root wheel 15 15 Jan 12:36 /usr/local/lib/libasan.dylib ->
libasan.4.dylib
-rwxr-xr-x 1 root wheel 1209 15 Jan 12:36 /usr/local/lib/libasan.la
-rw-r--r-- 1 root wheel 10904 15 Jan 12:36
/usr/local/lib/libasan_preinit.o