[LLVMbugs] [Bug 16003] New: Asan heap-use-after-free broken since svn r177634

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Tue May 14 14:04:19 PDT 2013 

http://llvm.org/bugs/show_bug.cgi?id=16003

            Bug ID: 16003
           Summary: Asan heap-use-after-free broken since svn r177634
           Product: compiler-rt
           Version: unspecified
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: compiler-rt
          Assignee: unassignedbugs at nondot.org
          Reporter: awg at embtoolkit.org
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

git bisect result says that asan heap-use-after-free is broken since (svn
r177634)

def1be9b7ef4091ce465c0fbfb26cdb52128ade8 is the first bad commit
commit def1be9b7ef4091ce465c0fbfb26cdb52128ade8
Author: Alexey Samsonov <samsonov at google.com>
Date:   Thu Mar 21 11:23:41 2013 +0000

    [ASan] Switch ASan to generic ThreadRegistry from sanitizer_common. Delete
ASan-specific AsanThreadRegistry.

    git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@177634
91177308-0d34-0410-b5e6-96231b3b80d8

For the following test code (on ARM linux), leads to ASAN:SIGSEGV and never
returns

#include <stdlib.h>
int main()
{
    char *x = malloc(10 * sizeof(char*));
    free(x);
    return x[5];
}

here is the gdb backtrace:
#0  0x010001e0 in ?? ()
#1  0x00024d2c in __sanitizer::ThreadRegistry::CreateThread (
    this=0x60931 <__asan::thread_registry_placeholder>, user_id=0, 
    detached=<optimized out>, parent_tid=0, arg=0xbeaafd50)
    at
/home/walsimou/projects/llvm/compiler-rt.git/lib/sanitizer_common/sanitizer_thread_registry.cc:130
#2  0x0001d7b0 in __asan_init_v3 ()
    at /home/walsimou/projects/llvm/compiler-rt.git/lib/asan/asan_rtl.cc:524
#3  0xb6f0fcd4 in _dl_init (main_map=0xb6f25958, argc=1, argv=0xbeaafda4, 
    env=0xbeaafdac) at dl-init.c:119
#4  0xb6f02b04 in _dl_start_user () from /lib/ld-linux.so.3
#5  0xb6f02b04 in _dl_start_user () from /lib/ld-linux.so.3
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20130514/55feb36a/attachment.html>

More information about the llvm-bugs mailing list