From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 13873 invoked by alias); 27 Jan 2015 09:32:49 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 13684 invoked by uid 48); 27 Jan 2015 09:32:30 -0000 From: "chefmax at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/64820] New: Libsanitizer fails with ((AddrIsAlignedByGranularity(addr + size))) != (0)" (0x0, 0x0) if ssp is enabled. Date: Tue, 27 Jan 2015 09:32:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 5.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: chefmax at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc cf_gcchost cf_gcctarget attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-01/txt/msg03028.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64820 Bug ID: 64820 Summary: Libsanitizer fails with ((AddrIsAlignedByGranularity(addr + size))) != (0)" (0x0, 0x0) if ssp is enabled. Product: gcc Version: 5.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: chefmax at gcc dot gnu.org CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, ygribov at gcc dot gnu.org Host: x86_64-pc-linux-gnu Target: i386-linux-gnu, arm-linux-gnueabi Created attachment 34589 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34589&action=edit Simple reprocase If compile with both -fsanitize=address and -fstack-protector for 32-bit architectures and run with ASAN_OPTIONS=detect_stack_use_after_return=1, libsanitizer fails with: $ ~/install/master/bin/gcc -m32 -fsanitize=address -fstack-protector test.c $ ASAN_OPTIONS=detect_stack_use_after_return=1 ./a.out ==7299==AddressSanitizer CHECK failed: /home/max/workspace/downloads/gcc/libsanitizer/asan/asan_poisoning.cc:25 "((AddrIsAlignedByGranularity(addr + size))) != (0)" (0x0, 0x0) #0 0xf72d8afc in AsanCheckFailed /home/max/workspace/downloads/gcc/libsanitizer/asan/asan_rtl.cc:68 #1 0xf72dda89 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /home/max/workspace/downloads/gcc/libsanitizer/sanitizer_common/sanitizer_common.cc:72 #2 0xf72d39b1 in __asan::PoisonShadow(unsigned long, unsigned long, unsigned char) /home/max/workspace/downloads/gcc/libsanitizer/asan/asan_poisoning.cc:25 #3 0xf7261e29 in __asan::SetShadow(unsigned long, unsigned long, unsigned long, unsigned long long) /home/max/workspace/downloads/gcc/libsanitizer/asan/asan_fake_stack.cc:32 #4 0xf7261e29 in __asan::OnMalloc(unsigned long, unsigned long, unsigned long) /home/max/workspace/downloads/gcc/libsanitizer/asan/asan_fake_stack.cc:198 #5 0xf7261e29 in __asan_stack_malloc_7 /home/max/workspace/downloads/gcc/libsanitizer/asan/asan_fake_stack.cc:230 #6 0x8048655 in foo (/tmp/a.out+0x8048655) #7 0x8048707 in main (/tmp/a.out+0x8048707) Simple reprocase is attached. This happens because size parameter is not aligned by 8 bytes (Granularity) here: $~/install/master/bin/gcc -m32 -fsanitize=address-fstack-protector test.c -o- -S ....................................................... cmpl $0, __asan_option_detect_stack_use_after_return je .L1 subl $8, %esp pushl %eax pushl $4188 // Aligned by 4 bytes. call __asan_stack_malloc_7 addl $16, %esp Perhaps we should emit some warning (error) in compile time to prevent the issue? $ ~/install/master/bin/gcc -v Using built-in specs. COLLECT_GCC=/home/max/install/master/bin/gcc COLLECT_LTO_WRAPPER=/home/max/install/master/libexec/gcc/x86_64-unknown-linux-gnu/5.0.0/lto-wrapper Target: x86_64-unknown-linux-gnu Configured with: /home/max/workspace/downloads/gcc/configure --enable-multilib --enable-checking --target=x86_64-unknown-linux-gnu --host=x86_64-unknown-linux-gnu --build=x86_64-unknown-linux-gnu --prefix=/home/max/install/master --disable-bootstrap --enable-languages=c,c++ Thread model: posix gcc version 5.0.0 20150127 (experimental) (GCC)