<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - [ASan] False positive stack-buffer-underflow with mmap and boost::context"

   href="https://llvm.org/bugs/show_bug.cgi?id=27627">27627</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[ASan] False positive stack-buffer-underflow with mmap and boost::context

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Miscellaneous Instrumentation passes

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>mhx@fb.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=16300" name="attach_16300" title="Repro for the described bug">attachment 16300</a> <a href="attachment.cgi?id=16300&action=edit" title="Repro for the described bug">[details]</a></span>

Repro for the described bug

For a couple of weeks we've been seeing errors in our ASan-enabled builds that

upon closer investigation appear to be false positives. I've spent some time

trying to reduce the code to the attached repro, which only depends on the

boost context library.

In a nutshell, the error triggers when:

1. A stack frame for boost::context is allocated via mmap

2. An actual context switch happens to a function that uses the stack

3. The region is munmap'd after switching back to the main context

4. We mmap a new region that happens to overlap with the previously freed one

(in the repro code, this overlap is forced, in the original code it happens

randomly)

5. Now, reading from memory inside that region that is close to the stack frame

used before for the context switch will trigger the stack-buffer-underflow

error

The attached repro contains some more details and includes a command line to

trigger the FP ASan error. The problem can be reproduced with any recent

version of clang (or gcc).

Happy to provide more details if needed!</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>