[Bug sanitizer/67286] New: asan doen't work on Android(32bit ARM)
zhouweiguo2008 at gmail dot com
gcc-bugzilla@gcc.gnu.org
Thu Aug 20 06:09:00 GMT 2015
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67286
Bug ID: 67286
Summary: asan doen't work on Android(32bit ARM)
Product: gcc
Version: 4.9.2
Status: UNCONFIRMED
Severity: critical
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: zhouweiguo2008 at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
>> cat invalid-free.cc
// RUN: %clangxx_asan -O0 %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK
--check-prefix=MALLOC-CTX
// Also works if no malloc context is available.
// RUN: env ASAN_OPTIONS=malloc_context_size=0:fast_unwind_on_malloc=0 not %run
%t 2>&1 | FileCheck %s
// RUN: env ASAN_OPTIONS=malloc_context_size=0:fast_unwind_on_malloc=1 not %run
%t 2>&1 | FileCheck %s
// XFAIL: arm-linux-gnueabi
#include <stdlib.h>
#include <string.h>
int main(int argc, char **argv) {
char *x = (char*)malloc(10 * sizeof(char));
memset(x, 0, 10);
int res = x[argc];
free(x + 5); // BOOM
// CHECK: AddressSanitizer: attempting free on address{{.*}}in thread T0
// CHECK: invalid-free.cc:[[@LINE-2]]
// CHECK: is located 5 bytes inside of 10-byte region
// CHECK: allocated by thread T0 here:
// MALLOC-CTX: invalid-free.cc:[[@LINE-8]]
return res;
}
when running above testcase (could be found at
external/compiler-rt/test/asan/TestCases)on Android5.0 phone,
the testcase will SEGV as following(in the fact, all testcases would be SEGV on
android phone):
[1m[31m==3909==ERROR: AddressSanitizer: SEGV on unknown address 0x369a00fe
(pc 0xb6f51662 bp 0xbeb58a1c sp 0xbeb589e0 T0)
[1m[0m #0 0xb6f51661 in main TestCases/invalid-free.cc:14
#1 0xb69c0e09 (/system/lib/libc.so+0x12e09)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV TestCases/invalid-free.cc:14 main
==3909==ABORTING
the root cause is that when using Asan on 32-bit ARM android system, the shadow
offset should be zero, not 0x20000000(1<<29).
this serious bug could be fixed according to following steps:
modify function
static unsigned HOST_WIDE_INT arm_asan_shadow_offset(void)
in the gcc-4.9.2/config/arm/arm.c
from
static unsigned HOST_WIDE_INT
arm_asan_shadow_offset (void)
{
return (unsigned HOST_WIDE_INT) 1 << 29;
}
to
static unsigned HOST_WIDE_INT
arm_asan_shadow_offset (void)
{
#ifdef TARGET_ANDROID
return 0;
#else
return (unsigned HOST_WIDE_INT) 1 << 29;
#endif
}
More information about the Gcc-bugs
mailing list