[llvm-bugs] [Bug 50225] New: Crash in __sanitizer::DTLS_on_tls_get_addr if alternate stack is regsitered
via llvm-bugs
llvm-bugs at lists.llvm.org
Wed May 5 03:54:18 PDT 2021
https://bugs.llvm.org/show_bug.cgi?id=50225
Bug ID: 50225
Summary: Crash in __sanitizer::DTLS_on_tls_get_addr if
alternate stack is regsitered
Product: compiler-rt
Version: 12.0
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: asan
Assignee: unassignedbugs at nondot.org
Reporter: dominik.strasser at onespin.com
CC: llvm-bugs at lists.llvm.org
Created attachment 24827
--> https://bugs.llvm.org/attachment.cgi?id=24827&action=edit
Test source
Please see the attached C++ program which should run on any Linux system.
In this program, the signal stack is set to an mmaped region.
This makes ASAN crashlike this:
#0 0x4e5f85 in __sanitizer::DTLS_on_tls_get_addr(void*, void*, unsigned
long, unsigned long)
/local/software/llvm-12.0.0.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_tls_get_addr.cpp:116:20
#1 0x43e60d in __interceptor___tls_get_addr
/local/software/llvm-12.0.0.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:5302:40
#2 0x43e60d in __tls_get_addr
/local/software/llvm-12.0.0.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:5296:1
#3 0x7f4b574a3d0f in __cxa_get_globals
/local/software/gcc-10.3.obj/x86_64-pc-linux-gnu/libstdc++-v3/libsupc++/../../../../gcc-10.3.0/libstdc++-v3/libsupc++/eh_globals.cc:62:21
#4 0x7f4b574a3bd8 in std::uncaught_exception()
/local/software/gcc-10.3.obj/x86_64-pc-linux-gnu/libstdc++-v3/libsupc++/../../../../gcc-10.3.0/libstdc++-v3/libsupc++/eh_catch.cc:140:49
#5 0x50ba34 in
std::_V2::condition_variable_any::_Unlock<std::unique_lock<std::mutex>
>::~_Unlock()
/sw/local64/gcc-10.3/lib/gcc/x86_64-pc-linux-gnu/10.3.0/../../../../include/c++/10.3.0/condition_variable:273:8
#6 0x50b295 in std::cv_status
std::_V2::condition_variable_any::wait_until<std::unique_lock<std::mutex>,
std::chrono::_V2::system_clock, std::chrono::duration<long, std::ratio<1l,
1000000000l> > >(std::unique_lock<std::mutex>&,
std::chrono::time_point<std::chrono::_V2::system_clock,
std::chrono::duration<long, std::ratio<1l, 1000000000l> > > const&)
/sw/local64/gcc-10.3/lib/gcc/x86_64-pc-linux-gnu/10.3.0/../../../../include/c++/10.3.0/condition_variable:348:7
#7 0x505011 in bool
std::_V2::condition_variable_any::wait_until<std::unique_lock<std::mutex>,
std::chrono::_V2::system_clock, std::chrono::duration<long, std::ratio<1l,
1000000000l> >, main::$_2>(std::unique_lock<std::mutex>&,
std::chrono::time_point<std::chrono::_V2::system_clock,
std::chrono::duration<long, std::ratio<1l, 1000000000l> > > const&, main::$_2)
/sw/local64/gcc-10.3/lib/gcc/x86_64-pc-linux-gnu/10.3.0/../../../../include/c++/10.3.0/condition_variable:358:8
#8 0x502fa3 in bool
std::_V2::condition_variable_any::wait_for<std::unique_lock<std::mutex>, long,
std::ratio<1l, 1l>, main::$_2>(std::unique_lock<std::mutex>&,
std::chrono::duration<long, std::ratio<1l, 1l> > const&, main::$_2)
/sw/local64/gcc-10.3/lib/gcc/x86_64-pc-linux-gnu/10.3.0/../../../../include/c++/10.3.0/condition_variable:373:16
#9 0x50249e in main
/local/strasser/cve/src/libraries/systemlib/unittest/ConditionVariableTest.cpp:40:14
If the threads are not joined at the end of main(), a similar crash occurs is
std::thread::join called from the destructor.
The crash is not 100% reproducable, but ~50%.
Compiler call:
clang++ -fsanitize=address ConditionVariableTest.cpp -lpthread
This is a dupe to Bugzilla#45456, but this time with a test case.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210505/88892ec9/attachment.html>
More information about the llvm-bugs
mailing list