[llvm-dev] Segfault after compiling wget with dfsan

Tianyi Chen via llvm-dev llvm-dev at lists.llvm.org
Mon Apr 6 08:59:20 PDT 2020 

No. Without these sanitizer flags, running the built binary with "wget
www.google.com " successfully downloaded the html file without any errors.
My OS is Ubuntu 18.04.4 LTS (64 bit), in case this info may help.

On Mon, Apr 6, 2020 at 8:42 AM Sam Kerner <skerner at chromium.org> wrote:

> On Fri, Apr 3, 2020 at 7:54 PM Tianyi Chen via llvm-dev
> <llvm-dev at lists.llvm.org> wrote:
> >
> > Hi all,
> >
> > I was trying to compile dfsan with wget. (Just enabling the dfsan
> feature, without actually making changes to the source code) Without dfsan,
> I am able to compile and run wget 1.19.5 (available at
> https://urldefense.com/v3/__https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J9S468NSA$
> ). But when compiled with dfsan, it encountered a null pointer dereference
> error.
> >
> > Following an old post:
> https://urldefense.com/v3/__http://lists.llvm.org/pipermail/cfe-dev/2014-May/037160.html__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J832bNqXQ$
> . I was trying to use a blacklist for openssl functions.
> >
> > My commands are:
> > export CC="clang -g -fsanitize=dataflow
> -fsanitize-blacklist=/tmp/openssl-list.txt
> > export LDFLAGS=" -fsanitize=dataflow
> -fsanitize-blacklist=/tmp/openssl-list.txt
> > ./configure --with-ssl=openssl
> > make
> >
> > I've tried with clang 9,10, and the nightly build of 11 today.
> >
> > The error is:
> > when trying to run "src/wget
> https://urldefense.com/v3/__http://www.google.com__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J-IP4CUvA$
> "
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x00005555556de113 in url_parse (url=0x555555c47550 "
> https://urldefense.com/v3/__http://www.google.com__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J-IP4CUvA$
> ",
> >     error=0x7fffffffdb30, iri=0x555555c442f0 <dummy_iri>,
> percent_encode=true)
> >     at url.c:837
> > 837  if (*p == ':')
> > and p is a null pointer.
>
> If `p` is a null pointer, then reading *p should segfault.  To debug
> this, you need to discover why p is null.
>
> > I am not sure if this is because I misused the dfsan or for some other
> reason, any ideas?
>
> Does this happen if you build without `-fsanitize=dataflow
> -fsanitize-blacklist=/tmp/openssl-list.txt` in CC and LDFLAGS?
>
> >
> > Attached is the  fsanitize-blacklist I've used.
> >
> > Thanks,
> > Tianyi
> >
> > _______________________________________________
> > LLVM Developers mailing list
> > llvm-dev at lists.llvm.org
> >
> https://urldefense.com/v3/__https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J_rhBfirg$
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20200406/ed67ed6c/attachment.html>

More information about the llvm-dev mailing list