[lld] r307726 - [PDB] Tweak bad type index error handling

Vitaly Buka via llvm-commits llvm-commits at lists.llvm.org
Tue Jul 11 19:05:22 PDT 2017 

http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fast/builds/6344/steps/check-lld%20asan/logs/stdio


================================================================
==13156==ERROR: AddressSanitizer: use-after-poison on address
0x62100001b9d0 at pc 0x0000008e1e99 bp 0x7ffdbf3ae890 sp
0x7ffdbf3ae888
READ of size 4 at 0x62100001b9d0 thread T0
    #0 0x8e1e98 in read<unsigned int, 1>
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/Support/Endian.h:69:3
    #1 0x8e1e98 in read<unsigned int,
llvm::support::endianness::little, 1>
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/Support/Endian.h:80
    #2 0x8e1e98 in operator unsigned int
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/Support/Endian.h:216
    #3 0x8e1e98 in read<unsigned int,
llvm::support::endianness::little>
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/Support/Endian.h:345
    #4 0x8e1e98 in read32<llvm::support::endianness::little>
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/Support/Endian.h:362
    #5 0x8e1e98 in read32le
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/Support/Endian.h:369
    #6 0x8e1e98 in add32
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/Chunks.cpp:52
    #7 0x8e1e98 in applySecRel
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/Chunks.cpp:66
    #8 0x8e1e98 in lld::coff::SectionChunk::applyRelX64(unsigned
char*, unsigned short, lld::coff::OutputSection*, unsigned long,
unsigned long) const
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/Chunks.cpp:89
    #9 0x8e417f in lld::coff::SectionChunk::writeTo(unsigned char*)
const /mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/Chunks.cpp:241:7
    #10 0x912488 in relocateDebugChunk
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/PDB.cpp:287:15
    #11 0x912488 in addObjectsToPDB
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/PDB.cpp:336
    #12 0x912488 in lld::coff::createPDB(lld::coff::SymbolTable*,
llvm::ArrayRef<unsigned char>, llvm::codeview::DebugInfo const*)
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/PDB.cpp:480
    #13 0x8c493c in (anonymous namespace)::Writer::run()
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/Writer.cpp:242:5
    #14 0x8b89bb in lld::coff::writeResult(lld::coff::SymbolTable*)
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/Writer.cpp:160:46
    #15 0x844568 in lld::coff::LinkerDriver::link(llvm::ArrayRef<char
const*>) /mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/Driver.cpp:1137:3
    #16 0x82ee68 in lld::coff::link(llvm::ArrayRef<char const*>,
llvm::raw_ostream&)
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/Driver.cpp:63:11
    #17 0x70cfa9 in main
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/tools/lld/lld.cpp:106:13
    #18 0x7fa93596182f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #19 0x61f3b8 in _start
(/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm_build_asan/bin/lld+0x61f3b8)

0x62100001b9d0 is located 208 bytes inside of 4096-byte region
[0x62100001b900,0x62100001c900)
allocated by thread T0 here:
    #0 0x6dcd28 in __interceptor_malloc
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67
    #1 0x7e30bb in Allocate
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/Support/Allocator.h:97:12
    #2 0x7e30bb in StartNewSlab
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/Support/Allocator.h:341
    #3 0x7e30bb in llvm::BumpPtrAllocatorImpl<llvm::MallocAllocator,
4096ul, 4096ul>::Allocate(unsigned long, unsigned long)
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/Support/Allocator.h:258
    #4 0x912430 in Allocate
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/Support/Allocator.h:57:43
    #5 0x912430 in Allocate<unsigned char>
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/Support/Allocator.h:79
    #6 0x912430 in relocateDebugChunk
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/PDB.cpp:284
    #7 0x912430 in addObjectsToPDB
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/PDB.cpp:336
    #8 0x912430 in lld::coff::createPDB(lld::coff::SymbolTable*,
llvm::ArrayRef<unsigned char>, llvm::codeview::DebugInfo const*)
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/PDB.cpp:480
    #9 0x8c493c in (anonymous namespace)::Writer::run()
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/Writer.cpp:242:5
    #10 0x8b89bb in lld::coff::writeResult(lld::coff::SymbolTable*)
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/Writer.cpp:160:46
    #11 0x844568 in lld::coff::LinkerDriver::link(llvm::ArrayRef<char
const*>) /mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/Driver.cpp:1137:3
    #12 0x82ee68 in lld::coff::link(llvm::ArrayRef<char const*>,
llvm::raw_ostream&)
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/COFF/Driver.cpp:63:11
    #13 0x70cfa9 in main
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/tools/lld/tools/lld/lld.cpp:106:13
    #14 0x7fa93596182f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: use-after-poison
/mnt/b/sanitizer-buildbot3/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/Support/Endian.h:69:3
in read<unsigned int, 1>
Shadow bytes around the buggy address:
  0x0c427fffb6e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c427fffb6f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c427fffb700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c427fffb710: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c427fffb720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c427fffb730: 00 00 00 00 00 00 00 00 00 04[f7]f7 f7 f7 f7 f7
  0x0c427fffb740: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c427fffb750: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c427fffb760: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c427fffb770: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x0c427fffb780: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==13156==ABORTING

--

********************
Testing: 0 .. 10.. 20.. 30.. 40.. 50.. 60.. 70.. 80.. 90..
Testing Time: 25.85s
********************
Failing Tests (1):
    lld :: COFF/pdb-invalid-func-type.yaml




On Tue, Jul 11, 2017 at 4:40 PM, Reid Kleckner via llvm-commits <
llvm-commits at lists.llvm.org> wrote:

> On Tue, Jul 11, 2017 at 4:10 PM, Rui Ueyama <ruiu at google.com> wrote:
>
>> On Tue, Jul 11, 2017 at 4:04 PM, Reid Kleckner <rnk at google.com> wrote:
>>
>>> On Tue, Jul 11, 2017 at 3:42 PM, Rui Ueyama <ruiu at google.com> wrote:
>>>
>>>> -static bool remapTypesInSymbolRecord(ObjectFile *File,
>>>>> +static void remapTypesInSymbolRecord(ObjectFile *File,
>>>>>                                       MutableArrayRef<uint8_t>
>>>>> Contents,
>>>>>                                       ArrayRef<TypeIndex> TypeIndexMap,
>>>>>                                       ArrayRef<TiReference> TypeRefs) {
>>>>>    for (const TiReference &Ref : TypeRefs) {
>>>>>      unsigned ByteSize = Ref.Count * sizeof(TypeIndex);
>>>>> -    if (Contents.size() < Ref.Offset + ByteSize) {
>>>>> -      log("ignoring short symbol record");
>>>>> -      return false;
>>>>> -    }
>>>>> +    if (Contents.size() < Ref.Offset + ByteSize)
>>>>> +      fatal("ignoring short symbol record");
>>>>>
>>>>
>>>> If you use `fatal`, it doesn't ignore records but exits immediately.
>>>>
>>>
>>> This is intentional. A short record is more indicative of data
>>> corruption than an invalid type index. An invalid type index probably means
>>> we just can't find the PDB.
>>>
>>
>> The error message is a bit confusing, isn't it? It says "ignoring" but
>> what it does is to abort immediately.
>>
>
> Oh, good point. :)
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170711/552752c3/attachment.html>

More information about the llvm-commits mailing list