[llvm-bugs] [Bug 44369] New: Signal-unsafe calls (mallocs) in signal handlers causes deadlocks or heap corruption
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Dec 23 12:28:38 PST 2019
https://bugs.llvm.org/show_bug.cgi?id=44369
Bug ID: 44369
Summary: Signal-unsafe calls (mallocs) in signal handlers
causes deadlocks or heap corruption
Product: compiler-rt
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P
Component: fuzzer
Assignee: unassignedbugs at nondot.org
Reporter: ahmad.hazimeh at epfl.ch
CC: llvm-bugs at lists.llvm.org
libFuzzer registers signal handlers to intercept signals and report. In almost
all the handlers, malloc() is being implicitly called (by constructing strings,
vectors, or other objects). malloc is not a signal-safe function and should not
be called within signal handlers.
For most signals, this issue is of little concern, since it is probably
unlikely that malloc itself will crash that often. However, for the timeout
signal (SIGALRM), it is possible that the signal is received inside a malloc
call. For a multithreaded application, glibc malloc obtains the lock over the
arena during its operation. If the libFuzzer timeout occurs while the
application is inside the malloc call and the arena is locked, the signal
handler would attempt to lock it again and would deadlock.
In my tests, the deadlock occured in DumpCurrentUnit when it constructs the
uint8_t vector (Unit) from CurrentUnitData and UnitSize.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20191223/fbb4952a/attachment.html>
More information about the llvm-bugs
mailing list