[PATCH] D138986: [AIX][BigArchive] Treat the archive is empty if the first child member offset is zero
Mitch Phillips via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Dec 19 13:05:21 PST 2022
hctim added a comment.
FYI - here's the ASan report from my local machine (by hacking with the following patch):
diff --git a/llvm/test/Object/archive-big-malformed-first-member.test b/llvm/test/Object/archive-big-malformed-first-member.test
index 9107bdb6d9d2..a085d98c8d6d 100644
--- a/llvm/test/Object/archive-big-malformed-first-member.test
+++ b/llvm/test/Object/archive-big-malformed-first-member.test
@@ -1,4 +1,4 @@
# Test reading an empty archive with first member's offset is not zero.
# RUN: echo "<bigaf>" > %t.a
# RUN: echo -n "0 0 0 128 0 0 " >> %t.a
-# RUN: not llvm-ar tv %t.a 2>&1 | grep 'truncated or malformed archive'
+# RUN: llvm-ar tv %t.a 2>&1
$ LIT_OPTS='--filter=archive-big' ninja check-llvm
[0/1] Running the LLVM regression tests
llvm-lit: /llvm/llvm/utils/lit/lit/llvm/subst.py:122: note: Did not find llvm-debuginfod in /llvm-build/asan-test/bin
llvm-lit: /llvm/llvm/utils/lit/lit/llvm/config.py:459: note: using ld.lld: /llvm-build/asan-test/bin/ld.lld
llvm-lit: /llvm/llvm/utils/lit/lit/llvm/config.py:459: note: using lld-link: /llvm-build/asan-test/bin/lld-link
llvm-lit: /llvm/llvm/utils/lit/lit/llvm/config.py:459: note: using ld64.lld: /llvm-build/asan-test/bin/ld64.lld
llvm-lit: /llvm/llvm/utils/lit/lit/llvm/config.py:459: note: using wasm-ld: /llvm-build/asan-test/bin/wasm-ld
-- Testing: 5 of 47262 tests, 5 workers --
Testing: 0.. 10
FAIL: LLVM :: Object/archive-big-malformed-first-member.test (5 of 5)
******************** TEST 'LLVM :: Object/archive-big-malformed-first-member.test' FAILED ********************
Script:
--
: 'RUN: at line 2'; echo "<bigaf>" > /llvm-build/asan-test/test/Object/Output/archive-big-malformed-first-member.test.tmp.a
: 'RUN: at line 3'; echo -n "0 0 0 128 0 0 " >> /llvm-build/asan-test/test/Object/Output/archive-big-malformed-first-member.test.tmp.a
: 'RUN: at line 4'; /llvm-build/asan-test/bin/llvm-ar tv /llvm-build/asan-test/test/Object/Output/archive-big-malformed-first-member.test.tmp.a 2>&1
--
Exit Code: 1
Command Output (stdout):
--
=================================================================
==2063113==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6120000001cf at pc 0x55ef0a9db6fa bp 0x7fff8f3b70d0 sp 0x7fff8f3b70c8
READ of size 1 at 0x6120000001cf thread T0
#0 0x55ef0a9db6f9 in llvm::StringRef::find_last_not_of(llvm::StringRef, unsigned long) const /llvm/llvm/lib/Support/StringRef.cpp:319:39
#1 0x55ef0a68b732 in rtrim /llvm/llvm/include/llvm/ADT/StringRef.h:802:50
#2 0x55ef0a68b732 in getFieldRawString<char, 4UL> /llvm/llvm/lib/Object/Archive.cpp:66:30
#3 0x55ef0a68b732 in llvm::object::BigArchiveMemberHeader::getRawName() const /llvm/llvm/lib/Object/Archive.cpp:210:18
#4 0x55ef0a68ecb1 in llvm::object::BigArchiveMemberHeader::getName(unsigned long) const /llvm/llvm/lib/Object/Archive.cpp:346:10
#5 0x55ef0a686ea9 in createMemberHeaderParseError(llvm::object::AbstractArchiveMemberHeader const*, char const*, unsigned long) /llvm/llvm/lib/Object/Archive.cpp:55:48
#6 0x55ef0a688193 in llvm::object::BigArchiveMemberHeader::BigArchiveMemberHeader(llvm::object::Archive const*, char const*, unsigned long, llvm::Error*) /llvm/llvm/lib/Object/Archive.cpp:139:20
#7 0x55ef0a6924da in make_unique<llvm::object::BigArchiveMemberHeader, const llvm::object::Archive *, const char *&, unsigned long &, llvm::Error *&> /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:1065:34
#8 0x55ef0a6924da in createArchiveMemberHeader /llvm/llvm/lib/Object/Archive.cpp:681:10
#9 0x55ef0a6924da in llvm::object::Archive::Child::Child(llvm::object::Archive const*, char const*, llvm::Error*) /llvm/llvm/lib/Object/Archive.cpp:467:20
#10 0x55ef0a69c620 in llvm::object::Archive::child_begin(llvm::Error&, bool) const /llvm/llvm/lib/Object/Archive.cpp:953:9
#11 0x55ef0a69faa9 in llvm::object::BigArchive::BigArchive(llvm::MemoryBufferRef, llvm::Error&) /llvm/llvm/lib/Object/Archive.cpp:1240:22
#12 0x55ef0a699207 in make_unique<llvm::object::BigArchive, llvm::MemoryBufferRef &, llvm::Error &> /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:1065:34
#13 0x55ef0a699207 in llvm::object::Archive::create(llvm::MemoryBufferRef) /llvm/llvm/lib/Object/Archive.cpp:666:11
#14 0x55ef0997c4da in performOperation(ArchiveOperation) /llvm/llvm/tools/llvm-ar/llvm-ar.cpp:1146:9
#15 0x55ef09979bb1 in ar_main /llvm/llvm/tools/llvm-ar/llvm-ar.cpp:1413:10
#16 0x55ef09979bb1 in llvm_ar_main(int, char**) /llvm/llvm/tools/llvm-ar/llvm-ar.cpp:1482:12
#17 0x7f8112629209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#18 0x7f81126292bb in __libc_start_main csu/../csu/libc-start.c:389:3
#19 0x55ef098c04f0 in _start (/llvm-build/asan-test/bin/llvm-ar+0x3a114f0)
0x6120000001cf is located 106 bytes to the right of 293-byte region [0x612000000040,0x612000000165)
allocated by thread T0 here:
#0 0x55ef09974c5d in operator new(unsigned long, std::nothrow_t const&) /llvm/compiler-rt/lib/asan/asan_new_delete.cpp:101:3
#1 0x55ef0a9876db in llvm::WritableMemoryBuffer::getNewUninitMemBuffer(unsigned long, llvm::Twine const&, std::optional<llvm::Align>) /llvm/llvm/lib/Support/MemoryBuffer.cpp:313:34
#2 0x55ef0a987fb2 in llvm::ErrorOr<std::unique_ptr<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer>>> getOpenFileImpl<llvm::MemoryBuffer>(int, llvm::Twine const&, unsigned long, unsigned long, long, bool, bool, std::optional<llvm::Align>) /llvm/llvm/lib/Support/MemoryBuffer.cpp:493:7
#3 0x55ef0a986f7a in llvm::ErrorOr<std::unique_ptr<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer>>> getFileAux<llvm::MemoryBuffer>(llvm::Twine const&, unsigned long, unsigned long, bool, bool, bool, std::optional<llvm::Align>) /llvm/llvm/lib/Support/MemoryBuffer.cpp:272:14
#4 0x55ef0a986d95 in llvm::MemoryBuffer::getFile(llvm::Twine const&, bool, bool, bool, std::optional<llvm::Align>) /llvm/llvm/lib/Support/MemoryBuffer.cpp:251:10
#5 0x55ef0997c412 in performOperation(ArchiveOperation) /llvm/llvm/tools/llvm-ar/llvm-ar.cpp:1138:48
#6 0x55ef09979bb1 in ar_main /llvm/llvm/tools/llvm-ar/llvm-ar.cpp:1413:10
#7 0x55ef09979bb1 in llvm_ar_main(int, char**) /llvm/llvm/tools/llvm-ar/llvm-ar.cpp:1482:12
#8 0x7f8112629209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
SUMMARY: AddressSanitizer: heap-buffer-overflow /llvm/llvm/lib/Support/StringRef.cpp:319:39 in llvm::StringRef::find_last_not_of(llvm::StringRef, unsigned long) const
Shadow bytes around the buggy address:
0x0c247fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c247fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c247fff8000: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c247fff8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c247fff8020: 00 00 00 00 00 00 00 00 00 00 00 00 05 fa fa fa
=>0x0c247fff8030: fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa fa fa
0x0c247fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2063113==ABORTING
--
********************
Testing: 0.. 10.. 20.. 30.. 40.. 50.. 60.. 70.. 80.. 90..
********************
Failed Tests (1):
LLVM :: Object/archive-big-malformed-first-member.test
Testing Time: 2.17s
Excluded: 44834
Passed : 4
Failed : 1
FAILED: test/CMakeFiles/check-llvm /llvm-build/asan-test/test/CMakeFiles/check-llvm
cd /llvm-build/asan-test/test && /usr/bin/python3.10 /llvm-build/asan-test/./bin/llvm-lit -sv /llvm-build/asan-test/test
ninja: build stopped: subcommand failed.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D138986/new/
https://reviews.llvm.org/D138986
More information about the llvm-commits
mailing list