<div dir="ltr">No. Without these sanitizer flags, running the built binary with "wget <a href="http://www.google.com/" target="_blank">www.google.com</a> " successfully downloaded the html file without any errors. My OS is Ubuntu 18.04.4 LTS (64 bit), in case this info may help.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 6, 2020 at 8:42 AM Sam Kerner <<a href="mailto:skerner@chromium.org">skerner@chromium.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Fri, Apr 3, 2020 at 7:54 PM Tianyi Chen via llvm-dev<br>
<<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a>> wrote:<br>
><br>
> Hi all,<br>
><br>
> I was trying to compile dfsan with wget. (Just enabling the dfsan feature, without actually making changes to the source code) Without dfsan, I am able to compile and run wget 1.19.5 (available at <a href="https://urldefense.com/v3/__https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J9S468NSA$" rel="noreferrer" target="_blank">https://urldefense.com/v3/__https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J9S468NSA$</a> ). But when compiled with dfsan, it encountered a null pointer dereference error.<br>
><br>
> Following an old post:<a href="https://urldefense.com/v3/__http://lists.llvm.org/pipermail/cfe-dev/2014-May/037160.html__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J832bNqXQ$" rel="noreferrer" target="_blank">https://urldefense.com/v3/__http://lists.llvm.org/pipermail/cfe-dev/2014-May/037160.html__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J832bNqXQ$</a>  . I was trying to use a blacklist for openssl functions.<br>
><br>
> My commands are:<br>
> export CC="clang -g -fsanitize=dataflow -fsanitize-blacklist=/tmp/openssl-list.txt<br>
> export LDFLAGS=" -fsanitize=dataflow -fsanitize-blacklist=/tmp/openssl-list.txt<br>
> ./configure --with-ssl=openssl<br>
> make<br>
><br>
> I've tried with clang 9,10, and the nightly build of 11 today.<br>
><br>
> The error is:<br>
> when trying to run "src/wget <a href="https://urldefense.com/v3/__http://www.google.com__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J-IP4CUvA$" rel="noreferrer" target="_blank">https://urldefense.com/v3/__http://www.google.com__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J-IP4CUvA$</a> "<br>
><br>
> Program received signal SIGSEGV, Segmentation fault.<br>
> 0x00005555556de113 in url_parse (url=0x555555c47550 "<a href="https://urldefense.com/v3/__http://www.google.com__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J-IP4CUvA$" rel="noreferrer" target="_blank">https://urldefense.com/v3/__http://www.google.com__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J-IP4CUvA$</a> ",<br>
>     error=0x7fffffffdb30, iri=0x555555c442f0 <dummy_iri>, percent_encode=true)<br>
>     at url.c:837<br>
> 837  if (*p == ':')<br>
> and p is a null pointer.<br>
<br>
If `p` is a null pointer, then reading *p should segfault.  To debug<br>
this, you need to discover why p is null.<br>
<br>
> I am not sure if this is because I misused the dfsan or for some other reason, any ideas?<br>
<br>
Does this happen if you build without `-fsanitize=dataflow<br>
-fsanitize-blacklist=/tmp/openssl-list.txt` in CC and LDFLAGS?<br>
<br>
><br>
> Attached is the  fsanitize-blacklist I've used.<br>
><br>
> Thanks,<br>
> Tianyi<br>
><br>
> _______________________________________________<br>
> LLVM Developers mailing list<br>
> <a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a><br>
> <a href="https://urldefense.com/v3/__https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J_rhBfirg$" rel="noreferrer" target="_blank">https://urldefense.com/v3/__https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev__;!!LIr3w8kk_Xxm!4FISewdn_YnoZgAHPlovgXkVlsZGYeOykrOoifTELfbDARRzYHBtw8Ls9J_rhBfirg$</a> <br>
</blockquote></div>