public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug sanitizer/113785] New: c-c++-common/asan/swapcontext-test-1.c FAILs
@ 2024-02-06 13:01 ro at gcc dot gnu.org
2024-02-12 12:41 ` [Bug sanitizer/113785] " ro at CeBiTec dot Uni-Bielefeld.DE
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: ro at gcc dot gnu.org @ 2024-02-06 13:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113785
Bug ID: 113785
Summary: c-c++-common/asan/swapcontext-test-1.c FAILs
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: ro at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org
Target Milestone: ---
Target: sparc*-sun-solaris2.11, powerpc64-suse-linux-gnu,
x86_64-unknown-freebsd12.4
The c-c++-common/asan/swapcontext-test-1.c test FAILs on 32-bit Solaris/SPARC
(asan doesn't yet support 64-bit SPARC):
FAIL: c-c++-common/asan/swapcontext-test-1.c -O0 execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -O1 execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -O2 execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -O2 -flto execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -O2 -flto -flto-partition=none
execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -O3 -fomit-frame-pointer
-funroll-loops -fpeel-loops -ftracer -finline-functions execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -O3 -g execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -Os execution test
both as C and C++.
==2100==WARNING: ASan doesn't fully support makecontext/swapcontext functions
and may produce false positives in some cases!
Test1 passed
=================================================================
==2100==ERROR: AddressSanitizer: stack-buffer-underflow on address 0xffb74480
at pc 0x00011c3c bp 0xffaf44b0 sp 0xffaf44ac
WRITE of size 1 at 0xffb74480 thread T0
#0 0x11c34 in Run
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/asan/swapcontext-test-1.c:45
#1 0x11da8 in main
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/asan/swapcontext-test-1.c:56
#2 0x11604 in _start (swapcontext-test-1.exe+0x11604)
Address 0xffb74480 is located in stack of thread T0 at offset 0 in frame
#0 0x11808 in Child
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/asan/swapcontext-test-1.c:12
This frame has 1 object(s):
[32, 64) 'x' (line 13)
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-underflow
/vol/gcc/src/hg/master/local/gcc/testsuite/c-c++-common/asan/swapcontext-test-1.c:45
in Run
Shadow bytes around the buggy address:
0xffb74200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xffb74280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xffb74300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xffb74380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xffb74400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0xffb74480:[f1]f1 f1 f1 00 00 00 00 f3 f3 f3 f3 00 00 00 00
0xffb74500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xffb74580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xffb74600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xffb74680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xffb74700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2100==ABORTING
There are also gcc-testresults reports for Linux/powerpc64 and FreeBSD/x86_64.
Looking at the test, I notice that ss_flags isn't initialized. I also wonder
why ss_size is set to kStackSize / 2 while child_stack[] is kStackSize + 1.
Also the upstream version of this test
(compiler-rt/test/asan/TestCases/Linux/swapcontext_test.cpp)
is restricted like this:
// This test is too sublte to try on non-x86 arch for now.
// Android and musl do not support swapcontext.
// REQUIRES: x86-target-arch && glibc-2.27
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug sanitizer/113785] c-c++-common/asan/swapcontext-test-1.c FAILs
2024-02-06 13:01 [Bug sanitizer/113785] New: c-c++-common/asan/swapcontext-test-1.c FAILs ro at gcc dot gnu.org
@ 2024-02-12 12:41 ` ro at CeBiTec dot Uni-Bielefeld.DE
2024-02-12 12:42 ` ro at gcc dot gnu.org
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: ro at CeBiTec dot Uni-Bielefeld.DE @ 2024-02-12 12:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113785
--- Comment #1 from ro at CeBiTec dot Uni-Bielefeld.DE <ro at CeBiTec dot Uni-Bielefeld.DE> ---
I've found what's going on: as described in Solaris makecontext(3C), the
function changed starting with Solaris 10:
NOTES
The semantics of the uc_stack member of the ucontext_t structure have
changed as they apply to inputs to makecontext(). Prior to Solaris 10,
the ss_sp member of the uc_stack structure represented the high memory
address of the area reserved for the stack. The ss_sp member now repre-
sents the base (low memory address), in keeping with other uses of
ss_sp.
This change in the meaning of ss_sp is now the default behavior. The
-D__MAKECONTEXT_V2_SOURCE compilation flag used in Solaris 9 update
releases to access this behavior is obsolete.
To preserve, binary compatiblity, the old behaviour of makecontext() has
been retained, and the following snippet in <ucontext.h> ensures that a
different function with the new behavious is called from user code
instead:
/* makecontext removed in SUSv4 (XPG7, UNIX V7) */
#if !defined(_XPG7) || defined(__EXTENSIONS__)
#ifdef __sparc
#ifdef __PRAGMA_REDEFINE_EXTNAME
#pragma redefine_extname makecontext __makecontext_v2
#else
#define makecontext __makecontext_v2
#endif
#endif /* __sparc */
#endif /* !defined(_XPG7) || ... */
However, libasan knows nothing about this and just intercepts unadorned
makecontext, but this interceptor is never called.
I've got a patch (attached for reference) that changes the makecontext
interceptor to call __makecontext_v2 instead on Solaris/SPARC. With
this, the c-c++-common/asan/swapcontext-test-1.c test now PASSes on
Solaris/SPARC.
I'm going to submit it upstream soon.
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug sanitizer/113785] c-c++-common/asan/swapcontext-test-1.c FAILs
2024-02-06 13:01 [Bug sanitizer/113785] New: c-c++-common/asan/swapcontext-test-1.c FAILs ro at gcc dot gnu.org
2024-02-12 12:41 ` [Bug sanitizer/113785] " ro at CeBiTec dot Uni-Bielefeld.DE
@ 2024-02-12 12:42 ` ro at gcc dot gnu.org
2024-02-12 12:42 ` ro at gcc dot gnu.org
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: ro at gcc dot gnu.org @ 2024-02-12 12:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113785
--- Comment #2 from Rainer Orth <ro at gcc dot gnu.org> ---
Created attachment 57396
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=57396&action=edit
Preliminary patch
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug sanitizer/113785] c-c++-common/asan/swapcontext-test-1.c FAILs
2024-02-06 13:01 [Bug sanitizer/113785] New: c-c++-common/asan/swapcontext-test-1.c FAILs ro at gcc dot gnu.org
2024-02-12 12:41 ` [Bug sanitizer/113785] " ro at CeBiTec dot Uni-Bielefeld.DE
2024-02-12 12:42 ` ro at gcc dot gnu.org
@ 2024-02-12 12:42 ` ro at gcc dot gnu.org
2024-02-13 9:30 ` ro at CeBiTec dot Uni-Bielefeld.DE
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: ro at gcc dot gnu.org @ 2024-02-12 12:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113785
Rainer Orth <ro at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |14.0
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug sanitizer/113785] c-c++-common/asan/swapcontext-test-1.c FAILs
2024-02-06 13:01 [Bug sanitizer/113785] New: c-c++-common/asan/swapcontext-test-1.c FAILs ro at gcc dot gnu.org
` (2 preceding siblings ...)
2024-02-12 12:42 ` ro at gcc dot gnu.org
@ 2024-02-13 9:30 ` ro at CeBiTec dot Uni-Bielefeld.DE
2024-02-16 12:33 ` ro at gcc dot gnu.org
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: ro at CeBiTec dot Uni-Bielefeld.DE @ 2024-02-13 9:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113785
--- Comment #3 from ro at CeBiTec dot Uni-Bielefeld.DE <ro at CeBiTec dot Uni-Bielefeld.DE> ---
Upstream pull request posted: https://github.com/llvm/llvm-project/pull/81588
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug sanitizer/113785] c-c++-common/asan/swapcontext-test-1.c FAILs
2024-02-06 13:01 [Bug sanitizer/113785] New: c-c++-common/asan/swapcontext-test-1.c FAILs ro at gcc dot gnu.org
` (3 preceding siblings ...)
2024-02-13 9:30 ` ro at CeBiTec dot Uni-Bielefeld.DE
@ 2024-02-16 12:33 ` ro at gcc dot gnu.org
2024-02-16 13:06 ` cvs-commit at gcc dot gnu.org
2024-02-16 13:08 ` ro at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: ro at gcc dot gnu.org @ 2024-02-16 12:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113785
Rainer Orth <ro at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at gcc dot gnu.org |ro at gcc dot gnu.org
Last reconfirmed| |2024-02-16
Status|UNCONFIRMED |NEW
URL| |https://gcc.gnu.org/piperma
| |il/gcc-patches/2024-Februar
| |y/645798.html
Ever confirmed|0 |1
--- Comment #4 from Rainer Orth <ro at gcc dot gnu.org> ---
Mine, patch posted.
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug sanitizer/113785] c-c++-common/asan/swapcontext-test-1.c FAILs
2024-02-06 13:01 [Bug sanitizer/113785] New: c-c++-common/asan/swapcontext-test-1.c FAILs ro at gcc dot gnu.org
` (4 preceding siblings ...)
2024-02-16 12:33 ` ro at gcc dot gnu.org
@ 2024-02-16 13:06 ` cvs-commit at gcc dot gnu.org
2024-02-16 13:08 ` ro at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-02-16 13:06 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113785
--- Comment #5 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Rainer Orth <ro@gcc.gnu.org>:
https://gcc.gnu.org/g:7c6071a66f32f43cea7aa4aa32d89b338e768307
commit r14-9030-g7c6071a66f32f43cea7aa4aa32d89b338e768307
Author: Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE>
Date: Fri Feb 16 14:06:24 2024 +0100
libsanitizer: Intercept __makecontext_v2 on Solaris/SPARC [PR113785]
c-c++-common/asan/swapcontext-test-1.c FAILs on Solaris/SPARC:
FAIL: c-c++-common/asan/swapcontext-test-1.c -O0 execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -O1 execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -O2 execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -O2 -flto execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -O2 -flto -flto-partition=none
execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -O3 -fomit-frame-pointer
-funroll-loops -fpeel-loops -ftracer -finline-functions execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -O3 -g execution test
FAIL: c-c++-common/asan/swapcontext-test-1.c -Os execution test
As detailed in PR sanitizer/113785, this happens because an ABI change
in Solaris 10/SPARC caused the external symbol for makecontext to be
changed to __makecontext_v2, which isn't intercepted.
The following patch, submitted upstream at
https://github.com/llvm/llvm-project/pull/81588, fixes that.
Tested on sparc-sun-solaris2.11 and i386-pc-solaris2.11.
2024-02-16 Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE>
libsanitizer:
PR sanitizer/113785
* asan/asan_interceptors.cpp: Cherry-pick llvm-project revision
8c2033719a843a1880427a5e8caa5563248bce78.
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug sanitizer/113785] c-c++-common/asan/swapcontext-test-1.c FAILs
2024-02-06 13:01 [Bug sanitizer/113785] New: c-c++-common/asan/swapcontext-test-1.c FAILs ro at gcc dot gnu.org
` (5 preceding siblings ...)
2024-02-16 13:06 ` cvs-commit at gcc dot gnu.org
@ 2024-02-16 13:08 ` ro at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: ro at gcc dot gnu.org @ 2024-02-16 13:08 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113785
Rainer Orth <ro at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #6 from Rainer Orth <ro at gcc dot gnu.org> ---
Fixed for GCC 14.0.1.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-02-16 13:08 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-06 13:01 [Bug sanitizer/113785] New: c-c++-common/asan/swapcontext-test-1.c FAILs ro at gcc dot gnu.org
2024-02-12 12:41 ` [Bug sanitizer/113785] " ro at CeBiTec dot Uni-Bielefeld.DE
2024-02-12 12:42 ` ro at gcc dot gnu.org
2024-02-12 12:42 ` ro at gcc dot gnu.org
2024-02-13 9:30 ` ro at CeBiTec dot Uni-Bielefeld.DE
2024-02-16 12:33 ` ro at gcc dot gnu.org
2024-02-16 13:06 ` cvs-commit at gcc dot gnu.org
2024-02-16 13:08 ` ro at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).