[llvm-dev] Some feedback on Libfuzzer

Evgenii Stepanov via llvm-dev llvm-dev at lists.llvm.org
Wed Oct 21 11:29:36 PDT 2015

On Wed, Oct 21, 2015 at 1:22 AM, Greg Stark <stark at mit.edu> wrote:
> On Tue, Oct 20, 2015 at 10:53 PM, Kostya Serebryany <kcc at google.com> wrote:
>> Can you open a separate bug with exact repro instructions?
> Well the bug tracker seems to require an account.
> But in any case I don't see anything specific to reproduce. I did an
> svn update of llvm and clang and built and installed (I even tried
> make clean and removed the old install but it didn't change anything).
> Then any program I compile with -fsanitize=memory behaves just like it
> did before the patch:
> $ uname -a
> Linux pixel 4.2.0-trunk-amd64 #1 SMP Debian 4.2-1~exp1 (2015-08-31)
> x86_64 GNU/Linux
> $ cat foo.c
> int main(int argc, char *argv[], char *env[]) {
> return 0;
> }
> $ clang -fPIE -pie -fsanitize=memory foo.c
> $ ./a.out
> FATAL: Code 0x562988448390 is out of application range. Non-PIE build?
> FATAL: MemorySanitizer can not mmap the shadow memory.
> FATAL: Make sure to compile with -fPIE and to link with -pie.
> FATAL: Disabling ASLR is known to cause this error.
> FATAL: If running under GDB, try 'set disable-randomization off'.
> ==3120==Process memory map follows:
> 0x56298842b000-0x5629884ca000 /tmp/a.out
> 0x5629886ca000-0x5629886ce000 /tmp/a.out
> 0x5629886ce000-0x56298ab41000
> 0x7f387d560000-0x7f387d8b2000
> ...

I've got no explanation for this. I've verified that 0x5555555daf34 is
not considered "out of application range" on linux/x86_64/3.13.0.
Reading the current source code,
  {0x510000000000ULL, 0x600000000000ULL, MappingDesc::APP, "app-2"},
which makes the following line impossible:
  FATAL: Code 0x562988448390 is out of application range.

Could you double-verify that you are using ToT clang? Does anything
change if you run in gdb (without set disable-randomization off)?

More information about the llvm-dev mailing list