[llvm-bugs] [Bug 30940] New: Programs falsly report stack check failure on Android x86

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Nov 7 16:45:15 PST 2016 

https://llvm.org/bugs/show_bug.cgi?id=30940

            Bug ID: 30940
           Summary: Programs falsly report stack check failure on Android
                    x86
           Product: libraries
           Version: 3.9
          Hardware: Other
                OS: other
            Status: NEW
          Severity: normal
          Priority: P
         Component: Backend: X86
          Assignee: unassignedbugs at nondot.org
          Reporter: strager at fb.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

Created attachment 17566
  --> https://llvm.org/bugs/attachment.cgi?id=17566&action=edit
NDK project of small program demonstrating the bug.

As of LLVM r265481, code generated by Clang for -fstack-protector for Android
x86 does not function properly on shipping version of Android such as Android
4.1 (API level 16). r265481 has a runtime dependency on a change in Android's
libc (Bionic) which does not exist on these older versions of Android.

Attached is a test case which demonstrates the issue. The test case shows that
modifying a user-allocated thread-specific variable causes the program to crash
when the stack-protected function returns. Clang thinks the stack canary
changed, but in reality the “guard value” changed.

To build the test case, install the Android NDK (which includes Clang) and the
API level 16 Android x86 emulator (from the Android SDK) and run:

$ ndk-build NDK_TOOLCHAIN_VERSION=clang
$ adb push libs/x86/stack-protector-bug /data/local/tmp/stack-protector-bug
$ adb shell /data/local/tmp/stack-protector-bug

A toolchain without this bug (e.g. LLVM master with the attached patch) will
cause the program to print:

About to return...
Did not crash

A toolchain with this bug (e.g. LLVM master) will cause the program to raise
SIGABRT due to a call to __stack_chk_fail.

Attached is a patch which fixes the issue. I don't think it's sufficient,
though; it effectively undoes the optimizations in r265481.

Note: This bug is also present in GCC 4.9.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20161108/d6a52c77/attachment.html>

More information about the llvm-bugs mailing list