public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/110442] New: IFUNC resolvers which use __builtin_cpu_supports crash with -fsanitize=address
@ 2023-06-27 19:09 fw at gcc dot gnu.org
0 siblings, 0 replies; only message in thread
From: fw at gcc dot gnu.org @ 2023-06-27 19:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110442
Bug ID: 110442
Summary: IFUNC resolvers which use __builtin_cpu_supports crash
with -fsanitize=address
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: fw at gcc dot gnu.org
Target Milestone: ---
With -O2 -fsanitize=address, this code:
“
#include <stdio.h>
void
f1 (void)
{
puts ("f1");
}
void
f2 (void)
{
puts ("f2");
}
void *
resolve (void)
{
__builtin_cpu_init ();
if (__builtin_cpu_supports ("f16c"))
return f1;
else
return f2;
}
void f (void) __attribute__ ((ifunc ("resolve")));
int
main (void)
{
f ();
}
”
In the store to the shadow mapping:
Dump of assembler code for function resolve:
0x0000000000402320 <+0>: sub $0x8,%rsp
0x0000000000402324 <+4>: call 0x4010f0 <__cpu_indicator_init>
0x0000000000402329 <+9>: mov $0x4050f0,%eax
0x000000000040232e <+14>: shr $0x3,%rax
=> 0x0000000000402332 <+18>: movzbl 0x7fff8000(%rax),%eax
0x0000000000402339 <+25>: test %al,%al
0x000000000040233b <+27>: je 0x402341 <resolve+33>
0x000000000040233d <+29>: cmp $0x3,%al
[…]
This happens because with IRELATIVE relocations (or BIND_NOW), IFUNC resolvers
run early, before libasan had a chance to set up the shadow mapping.
Setting the component to the C front-end because the ifunc function attribute
probably needs to be changed to imply no_sanitize_address. IFUNC resolvers are
not supposed to call functions (although it works in some cases on x86), so I
think this would really help building random code with -fsanitize=address.
(In theory, if libasan were an audit module, it would be possible to set up the
mapping before relocation, but that's a change that seems unlikely to happen.)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-06-27 19:09 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-27 19:09 [Bug c/110442] New: IFUNC resolvers which use __builtin_cpu_supports crash with -fsanitize=address fw at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).