From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9624 invoked by alias); 29 Nov 2012 21:25:50 -0000 Received: (qmail 8705 invoked by uid 48); 29 Nov 2012 21:25:20 -0000 From: "howarth at nitro dot med.uc.edu" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/55521] many instances of ASAN:SIGSEGV failures in g++ testsuite with -fsanitize=address Date: Thu, 29 Nov 2012 21:25:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: howarth at nitro dot med.uc.edu X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2012-11/txt/msg02935.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55521 --- Comment #6 from Jack Howarth 2012-11-29 21:25:07 UTC --- Opened radr://12777299 so that the darwin linker maintainer could look at this issue. His analysis of the failing test case so far is... ---------------------------------------------------------------------------------- I debugged this a bit and it seems the mach_override patching of __cxa_throw is bogus. The start of that function is patched to jump to garbage. Breakpoint 1, 0x0000000100001c19 in main () (gdb) display/i $pc 2: x/i $pc 0x100001c19 : callq 0x100016386 (gdb) si 0x0000000100016386 in dyld_stub___cxa_throw () 2: x/i $pc 0x100016386 : jmpq *0xae1c(%rip) # 0x1000211a8 (gdb) 0x0000000102244870 in __cxa_throw () 2: x/i $pc 0x102244870 <__cxa_throw>: jmpq 0xffd27000 (gdb) # the above its __cxa_throw in gcc's libstdc++.6.dylib. The first instruction has been patch to jump to a garbage address. (gdb) x/8i 0x102244870-8 0x102244868 <_ZL23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception+56>: std 0x102244869 <_ZL23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception+57>: (bad) 0x10224486a <_ZL23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception+58>: decl (%rdi) 0x10224486c <_ZL23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception+60>: (bad) 0x10224486d <_ZL23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception+61>: add %r8b,(%rax) 0x102244870 <__cxa_throw>: jmpq 0xffd27000 0x102244875 <__cxa_throw+5>: or (%rax),%eax 0x102244877 <__cxa_throw+7>: push %rbx (gdb) (gdb) watch *0x102244870 Hardware watchpoint 2: *4330899568 (gdb) r Old value = -788165304 New value = -1373139991 0x0000000100016203 in __asan_mach_override_ptr_custom () (gdb) bt #0 0x0000000100016203 in __asan_mach_override_ptr_custom () #1 0x0000000100015a9e in __interception::OverrideFunction () #2 0x00007fff5fc13378 in ImageLoaderMachO::doModInitFunctions () #3 0x00007fff5fc13762 in ImageLoaderMachO::doInitialization () #4 0x00007fff5fc1006e in ImageLoader::recursiveInitialization () #5 0x00007fff5fc0feba in ImageLoader::runInitializers () #6 0x00007fff5fc01fc0 in dyld::initializeMainExecutable () #7 0x00007fff5fc05b04 in dyld::_main () #8 0x00007fff5fc01397 in dyldbootstrap::start () #9 0x00007fff5fc0105e in _dyld_start () (gdb) x/8i 0x102244870 0x102244870 <__cxa_throw>: jmpq 0xffd27000 0x102244875 <__cxa_throw+5>: or (%rax),%eax 0x102244877 <__cxa_throw+7>: push %rbx 0x102244878 <__cxa_throw+8>: lea -0x20(%rdi),%rbx 0x10224487c <__cxa_throw+12>: mov %rsi,-0x70(%rdi) # Here is where the patching is being done