<div dir="ltr">I concluded my investigation and the reason looks like dfsan breaks the strchr function, as reported previously here <a href="https://bugs.llvm.org/show_bug.cgi?id=22392">https://bugs.llvm.org/show_bug.cgi?id=22392</a> .<div><br></div><div>The following is the gdb log, for the build without dfsan, strchr enters the implementation, for the build with dfsan, the function was just skipped.</div><div><br></div><div>==================================</div><div>(gdb) b strpbrk_or_eos<br>Breakpoint 1 at 0x440f00: file url.c, line 633.<br>(gdb) r <a href="http://www.google.com">www.google.com</a><br>Starting program: /tmp/wget-1.19.5/src/wget <a href="http://www.google.com">www.google.com</a><br>[Thread debugging using libthread_db enabled]<br>Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".<br><br>Breakpoint 1, strpbrk_or_eos (s=0x68f547 "<a href="http://www.google.com">www.google.com</a>", <br> accept=0x684bc8 <init_seps.seps> ":/?#") at url.c:633<br>633 char *p = strpbrk (s, accept);<br>(gdb) n<br>634 if (!p)<br>(gdb) p p<br>$2 = 0x0<br>(gdb) step<br>635 p = strchr (s, '\0');<br>(gdb) p p<br>$3 = 0x0<br>(gdb) step<br>__strchr_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:24<br>24 ../sysdeps/x86_64/multiarch/../strchr.S: No such file or directory.<br>(gdb) <br><br>============== With dfsan ==================<br><br>(gdb) b strpbrk_or_eos<br>Breakpoint 1 at 0x1938ec: file url.c, line 633.<br>(gdb) r <a href="http://www.google.com">www.google.com</a><br>Starting program: /tmp/wget-1.19.5-dfsan/src/wget <a href="http://www.google.com">www.google.com</a><br>[Thread debugging using libthread_db enabled]<br>Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".<br><br>Breakpoint 1, strpbrk_or_eos (s=0x555555c6e577 "<a href="http://www.google.com">www.google.com</a>", <br> accept=0x555555a525a8 <init_seps.seps> ":/?#") at url.c:633<br>633 char *p = strpbrk (s, accept);<br>(gdb) n<br>634 if (!p)<br>(gdb) p p<br>$1 = 0x0<br>(gdb) step<br>635 p = strchr (s, '\0');<br>(gdb) p p<br>$2 = 0x0<br>(gdb) step<br>636 return p;<br>(gdb) <br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Apr 3, 2020 at 4:53 PM Tianyi Chen <<a href="mailto:tchen025@usc.edu">tchen025@usc.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>I was trying to compile dfsan with wget. (Just enabling the dfsan feature, without actually making changes to the source code) Without dfsan, I am able to compile and run wget 1.19.5 (available at <a href="https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz" target="_blank">https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz</a>). But when compiled with dfsan, it encountered a null pointer dereference error. </div><div><br></div><div>Following an old post:<a href="http://lists.llvm.org/pipermail/cfe-dev/2014-May/037160.html" target="_blank">http://lists.llvm.org/pipermail/cfe-dev/2014-May/037160.html</a> . I was trying to use a blacklist for openssl functions.</div><div><br></div><div>My commands are:</div>export CC="clang -g -fsanitize=dataflow -fsanitize-blacklist=/tmp/openssl-list.txt<div>export LDFLAGS=" -fsanitize=dataflow -fsanitize-blacklist=/tmp/openssl-list.txt</div><div>./configure --with-ssl=openssl<div>make</div></div><div><br></div><div>I've tried with clang 9,10, and the nightly build of 11 today.</div><div><br></div><div>The error is: </div><div>when trying to run "src/wget <a href="http://www.google.com" target="_blank">www.google.com</a>"</div><div><br></div><div>Program received signal SIGSEGV, Segmentation fault.<br>0x00005555556de113 in url_parse (url=0x555555c47550 "<a href="http://www.google.com" target="_blank">http://www.google.com</a>", <br> error=0x7fffffffdb30, iri=0x555555c442f0 <dummy_iri>, percent_encode=true)<br> at url.c:837<br>837 if (*p == ':')<br></div><div>and p is a null pointer.</div><div><br></div><div>I am not sure if this is because I misused the dfsan or for some other reason, any ideas?</div><div><br></div><div>Attached is the
fsanitize-blacklist I've used.</div><div><br></div><div>Thanks,</div><div>Tianyi</div><div><br></div></div>
</blockquote></div>