[cfe-dev] stack overflow detection?

Kostya Serebryany kcc at google.com
Wed Sep 18 01:19:15 PDT 2013


On Wed, Sep 18, 2013 at 2:18 AM, Greg Fitzgerald <garious at gmail.com> wrote:

> Thanks for the quick replies!
>
>
> > If you want dynamic detection, then Address Sanitizer (which is built
> into Clang) or SAFECode
>
> Dynamic detection.  I tried with Address Sanitizer and no luck
>

AddressSanitizer does not try to detect stack overflow (not to be mixed
with stack-buffer-overflow).
The reason is simple: when stack overflow happens it is already detected
(you get a SEGV).
However, by default when stack overflow happens the SEGV kills the process
silently because
the signal handler has no stack to run on.
This can be solved with sigaltstack() and AddressSanitizer does this under
a separate
(experimental) flag ASAN_OPTIONS=use_sigaltstack=1

# Running with default 8Mb stack
% clang -g -fsanitize=address -O
~/llvm/projects/compiler-rt/lib/asan/lit_tests/TestCases/deep_call_stack.cc
; ./a.out
[40000] ptr: (nil)
...
[00000] ptr: 0x7fff0b7c4140
# Passed

# Running with a small stack
% (ulimit -s 1000; ./a.out; echo $?  )
[40000] ptr: (nil)
...
[33000] ptr: 0x7fff0e155120
139  # FAILED

# Running with a small stack and with sigaltstack
% (ulimit -s 1000; ASAN_OPTIONS=use_sigaltstack=1 ./a.out; echo $?  ) 2>&1
| head
ASAN:SIGSEGV
=================================================================
==1543==ERROR: AddressSanitizer: SEGV on unknown address 0x7fffa383bfe0 (pc
0x000000456d38 sp 0x7fffa383bfe0 bp 0x7fffa383c050 T0)
AddressSanitizer can not provide additional info.
    #0 0x456d37 in RecursiveFunc(int, int*)
/home/kcc/llvm/projects/compiler-rt/lib/asan/lit_tests/TestCases/deep_call_stack.cc:8
    #1 0x456dbc in RecursiveFunc(int, int*)
/home/kcc/llvm/projects/compiler-rt/lib/asan/lit_tests/TestCases/deep_call_stack.cc:14


hth,

--kcc



out-of-the-box.  I think it can detect stack-buffer-overflow (aka
> stack corruption), but not stack overflow.  I also tried running the
> code with ASan inside a pthread with heap-allocated memory for its
> stack, but since the pthread library itself is not instrumented, it
> did not detect the heap-buffer-overflow when the thread's stack
> overflows.
>
>
> > or SAFECode
>
> Can you point me to an example?
>
>
> Eli Friedman wrote:
> > No such support exists at the moment.
>
> Is anyone aware of another C compiler that adds instrumentation for
> stack overflow detection?
>
> Thanks,
> Greg
>
> On Tue, Sep 17, 2013 at 3:03 PM, John Criswell <criswell at illinois.edu>
> wrote:
> > On 9/17/13 4:57 PM, Greg Fitzgerald wrote:
> >>
> >> Does clang offer any tools for detecting when a program is about to
> >> segfault due to stack overflow?
> >
> >
> > If you want dynamic detection, then Address Sanitizer (which is built
> into
> > Clang) or SAFECode (which has its own version of Clang into which it is
> > integrated) will do the trick.
> >
> > If you're asking about the Clang static analyzer, then I do not know.
> >
> > -- John T.
> >
> >>
> >> Thanks,
> >> Greg
> >> _______________________________________________
> >> cfe-dev mailing list
> >> cfe-dev at cs.uiuc.edu
> >> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
> >
> >
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130918/5b8ba89b/attachment.html>


More information about the cfe-dev mailing list