[llvm-bugs] [Bug 34607] New: ASan misses global variable underflow in first symbol of data section
via llvm-bugs
llvm-bugs at lists.llvm.org
Thu Sep 14 10:56:09 PDT 2017
https://bugs.llvm.org/show_bug.cgi?id=34607
Bug ID: 34607
Summary: ASan misses global variable underflow in first symbol
of data section
Product: compiler-rt
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: compiler-rt
Assignee: unassignedbugs at nondot.org
Reporter: dmitry.mikulin at sony.com
CC: llvm-bugs at lists.llvm.org
Created attachment 19155
--> https://bugs.llvm.org/attachment.cgi?id=19155&action=edit
repro test case
I stumbled across a case where ASan does not detect underflow in each first
global defined in a compunit. The attached test case demonstrates the issue.
Uncommenting definitions at the top of each source file masks the bug.
Because ASan array for initializing globals is allocated at the end of the data
section of each object, the first symbol of the following data section has no
left red zone, so the runtime can't detect the error.
We either need to create a left red zone for every global or an initial read
zone for every .data/.bss/.tbss/etc section to reliably fix it. This problem is
more prevalent in .data as this is the section where ASan init data is
allocated. But the very first symbol of every other loadable data section is
vulnerable due to the potential lack of the left red zone. Alignment holes can
create a similar situation.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170914/301034f4/attachment.html>
More information about the llvm-bugs
mailing list