[Bug sanitizer/64820] New: Libsanitizer fails with ((AddrIsAlignedByGranularity(addr + size))) != (0)" (0x0, 0x0) if ssp is enabled.
chefmax at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Tue Jan 27 09:32:00 GMT 2015
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64820
Bug ID: 64820
Summary: Libsanitizer fails with
((AddrIsAlignedByGranularity(addr + size))) != (0)"
(0x0, 0x0) if ssp is enabled.
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: chefmax at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org,
ygribov at gcc dot gnu.org
Host: x86_64-pc-linux-gnu
Target: i386-linux-gnu, arm-linux-gnueabi
Created attachment 34589
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34589&action=edit
Simple reprocase
If compile with both -fsanitize=address and -fstack-protector for 32-bit
architectures and run with ASAN_OPTIONS=detect_stack_use_after_return=1,
libsanitizer fails with:
$ ~/install/master/bin/gcc -m32 -fsanitize=address -fstack-protector test.c
$ ASAN_OPTIONS=detect_stack_use_after_return=1 ./a.out
==7299==AddressSanitizer CHECK failed:
/home/max/workspace/downloads/gcc/libsanitizer/asan/asan_poisoning.cc:25
"((AddrIsAlignedByGranularity(addr + size))) != (0)" (0x0, 0x0)
#0 0xf72d8afc in AsanCheckFailed
/home/max/workspace/downloads/gcc/libsanitizer/asan/asan_rtl.cc:68
#1 0xf72dda89 in __sanitizer::CheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long)
/home/max/workspace/downloads/gcc/libsanitizer/sanitizer_common/sanitizer_common.cc:72
#2 0xf72d39b1 in __asan::PoisonShadow(unsigned long, unsigned long,
unsigned char)
/home/max/workspace/downloads/gcc/libsanitizer/asan/asan_poisoning.cc:25
#3 0xf7261e29 in __asan::SetShadow(unsigned long, unsigned long, unsigned
long, unsigned long long)
/home/max/workspace/downloads/gcc/libsanitizer/asan/asan_fake_stack.cc:32
#4 0xf7261e29 in __asan::OnMalloc(unsigned long, unsigned long, unsigned
long)
/home/max/workspace/downloads/gcc/libsanitizer/asan/asan_fake_stack.cc:198
#5 0xf7261e29 in __asan_stack_malloc_7
/home/max/workspace/downloads/gcc/libsanitizer/asan/asan_fake_stack.cc:230
#6 0x8048655 in foo (/tmp/a.out+0x8048655)
#7 0x8048707 in main (/tmp/a.out+0x8048707)
Simple reprocase is attached.
This happens because size parameter is not aligned by 8 bytes (Granularity)
here:
$~/install/master/bin/gcc -m32 -fsanitize=address-fstack-protector test.c -o-
-S
.......................................................
cmpl $0, __asan_option_detect_stack_use_after_return
je .L1
subl $8, %esp
pushl %eax
pushl $4188 // Aligned by 4 bytes.
call __asan_stack_malloc_7
addl $16, %esp
Perhaps we should emit some warning (error) in compile time to prevent the
issue?
$ ~/install/master/bin/gcc -v
Using built-in specs.
COLLECT_GCC=/home/max/install/master/bin/gcc
COLLECT_LTO_WRAPPER=/home/max/install/master/libexec/gcc/x86_64-unknown-linux-gnu/5.0.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: /home/max/workspace/downloads/gcc/configure --enable-multilib
--enable-checking --target=x86_64-unknown-linux-gnu
--host=x86_64-unknown-linux-gnu --build=x86_64-unknown-linux-gnu
--prefix=/home/max/install/master --disable-bootstrap --enable-languages=c,c++
Thread model: posix
gcc version 5.0.0 20150127 (experimental) (GCC)
More information about the Gcc-bugs
mailing list