[llvm-bugs] [Bug 27627] New: [ASan] False positive stack-buffer-underflow with mmap and boost::context
via llvm-bugs
llvm-bugs at lists.llvm.org
Tue May 3 14:51:12 PDT 2016
https://llvm.org/bugs/show_bug.cgi?id=27627
Bug ID: 27627
Summary: [ASan] False positive stack-buffer-underflow with mmap
and boost::context
Product: libraries
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: Miscellaneous Instrumentation passes
Assignee: unassignedbugs at nondot.org
Reporter: mhx at fb.com
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
Created attachment 16300
--> https://llvm.org/bugs/attachment.cgi?id=16300&action=edit
Repro for the described bug
For a couple of weeks we've been seeing errors in our ASan-enabled builds that
upon closer investigation appear to be false positives. I've spent some time
trying to reduce the code to the attached repro, which only depends on the
boost context library.
In a nutshell, the error triggers when:
1. A stack frame for boost::context is allocated via mmap
2. An actual context switch happens to a function that uses the stack
3. The region is munmap'd after switching back to the main context
4. We mmap a new region that happens to overlap with the previously freed one
(in the repro code, this overlap is forced, in the original code it happens
randomly)
5. Now, reading from memory inside that region that is close to the stack frame
used before for the context switch will trigger the stack-buffer-underflow
error
The attached repro contains some more details and includes a command line to
trigger the FP ASan error. The problem can be reproduced with any recent
version of clang (or gcc).
Happy to provide more details if needed!
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160503/6df37770/attachment.html>
More information about the llvm-bugs
mailing list