public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "howarth at nitro dot med.uc.edu" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/55521] many instances of ASAN:SIGSEGV failures in g++ testsuite with -fsanitize=address Date: Thu, 29 Nov 2012 21:25:00 -0000 [thread overview] Message-ID: <bug-55521-4-ojfmatLHfZ@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-55521-4@http.gcc.gnu.org/bugzilla/> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55521 --- Comment #6 from Jack Howarth <howarth at nitro dot med.uc.edu> 2012-11-29 21:25:07 UTC --- Opened radr://12777299 so that the darwin linker maintainer could look at this issue. His analysis of the failing test case so far is... ---------------------------------------------------------------------------------- I debugged this a bit and it seems the mach_override patching of __cxa_throw is bogus. The start of that function is patched to jump to garbage. Breakpoint 1, 0x0000000100001c19 in main () (gdb) display/i $pc 2: x/i $pc 0x100001c19 <main+318>: callq 0x100016386 <dyld_stub___cxa_throw> (gdb) si 0x0000000100016386 in dyld_stub___cxa_throw () 2: x/i $pc 0x100016386 <dyld_stub___cxa_throw>: jmpq *0xae1c(%rip) # 0x1000211a8 (gdb) 0x0000000102244870 in __cxa_throw () 2: x/i $pc 0x102244870 <__cxa_throw>: jmpq 0xffd27000 (gdb) # the above its __cxa_throw in gcc's libstdc++.6.dylib. The first instruction has been patch to jump to a garbage address. (gdb) x/8i 0x102244870-8 0x102244868 <_ZL23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception+56>: std 0x102244869 <_ZL23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception+57>: (bad) 0x10224486a <_ZL23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception+58>: decl (%rdi) 0x10224486c <_ZL23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception+60>: (bad) 0x10224486d <_ZL23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception+61>: add %r8b,(%rax) 0x102244870 <__cxa_throw>: jmpq 0xffd27000 0x102244875 <__cxa_throw+5>: or (%rax),%eax 0x102244877 <__cxa_throw+7>: push %rbx (gdb) (gdb) watch *0x102244870 Hardware watchpoint 2: *4330899568 (gdb) r Old value = -788165304 New value = -1373139991 0x0000000100016203 in __asan_mach_override_ptr_custom () (gdb) bt #0 0x0000000100016203 in __asan_mach_override_ptr_custom () #1 0x0000000100015a9e in __interception::OverrideFunction () #2 0x00007fff5fc13378 in ImageLoaderMachO::doModInitFunctions () #3 0x00007fff5fc13762 in ImageLoaderMachO::doInitialization () #4 0x00007fff5fc1006e in ImageLoader::recursiveInitialization () #5 0x00007fff5fc0feba in ImageLoader::runInitializers () #6 0x00007fff5fc01fc0 in dyld::initializeMainExecutable () #7 0x00007fff5fc05b04 in dyld::_main () #8 0x00007fff5fc01397 in dyldbootstrap::start () #9 0x00007fff5fc0105e in _dyld_start () (gdb) x/8i 0x102244870 0x102244870 <__cxa_throw>: jmpq 0xffd27000 0x102244875 <__cxa_throw+5>: or (%rax),%eax 0x102244877 <__cxa_throw+7>: push %rbx 0x102244878 <__cxa_throw+8>: lea -0x20(%rdi),%rbx 0x10224487c <__cxa_throw+12>: mov %rsi,-0x70(%rdi) # Here is where the patching is being done
next prev parent reply other threads:[~2012-11-29 21:25 UTC|newest] Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-11-28 21:44 [Bug sanitizer/55521] New: " howarth at nitro dot med.uc.edu 2012-11-28 21:48 ` [Bug sanitizer/55521] " howarth at nitro dot med.uc.edu 2012-11-28 21:55 ` howarth at nitro dot med.uc.edu 2012-11-28 22:16 ` howarth at nitro dot med.uc.edu 2012-11-28 22:29 ` howarth at nitro dot med.uc.edu 2012-11-29 0:47 ` howarth at nitro dot med.uc.edu 2012-11-29 21:25 ` howarth at nitro dot med.uc.edu [this message] 2012-11-30 18:01 ` howarth at nitro dot med.uc.edu 2012-12-01 1:51 ` howarth at nitro dot med.uc.edu 2012-12-01 13:55 ` jakub at gcc dot gnu.org 2012-12-01 21:37 ` howarth at nitro dot med.uc.edu 2012-12-01 21:43 ` howarth at nitro dot med.uc.edu 2012-12-01 23:27 ` howarth at nitro dot med.uc.edu 2012-12-01 23:50 ` howarth at nitro dot med.uc.edu 2012-12-01 23:51 ` howarth at nitro dot med.uc.edu 2012-12-02 2:58 ` howarth at nitro dot med.uc.edu 2012-12-02 5:38 ` howarth at nitro dot med.uc.edu 2012-12-02 21:25 ` howarth at nitro dot med.uc.edu 2012-12-03 4:10 ` dvyukov at google dot com 2012-12-04 14:53 ` howarth at nitro dot med.uc.edu
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-55521-4-ojfmatLHfZ@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).