<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - ASan misses global variable underflow in first symbol of data section"
href="https://bugs.llvm.org/show_bug.cgi?id=34607">34607</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>ASan misses global variable underflow in first symbol of data section
</td>
</tr>
<tr>
<th>Product</th>
<td>compiler-rt
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>compiler-rt
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>dmitry.mikulin@sony.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=19155" name="attach_19155" title="repro test case">attachment 19155</a> <a href="attachment.cgi?id=19155&action=edit" title="repro test case">[details]</a></span>
repro test case
I stumbled across a case where ASan does not detect underflow in each first
global defined in a compunit. The attached test case demonstrates the issue.
Uncommenting definitions at the top of each source file masks the bug.
Because ASan array for initializing globals is allocated at the end of the data
section of each object, the first symbol of the following data section has no
left red zone, so the runtime can't detect the error.
We either need to create a left red zone for every global or an initial read
zone for every .data/.bss/.tbss/etc section to reliably fix it. This problem is
more prevalent in .data as this is the section where ASan init data is
allocated. But the very first symbol of every other loadable data section is
vulnerable due to the potential lack of the left red zone. Alignment holes can
create a similar situation.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>