From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 77263 invoked by alias); 20 Aug 2015 06:09:29 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 77182 invoked by uid 48); 20 Aug 2015 06:09:25 -0000 From: "zhouweiguo2008 at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/67286] New: asan doen't work on Android(32bit ARM) Date: Thu, 20 Aug 2015 06:09:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 4.9.2 X-Bugzilla-Keywords: X-Bugzilla-Severity: critical X-Bugzilla-Who: zhouweiguo2008 at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-08/txt/msg01383.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67286 Bug ID: 67286 Summary: asan doen't work on Android(32bit ARM) Product: gcc Version: 4.9.2 Status: UNCONFIRMED Severity: critical Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: zhouweiguo2008 at gmail dot com CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org Target Milestone: --- >> cat invalid-free.cc // RUN: %clangxx_asan -O0 %s -o %t // RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=MALLOC-CTX // Also works if no malloc context is available. // RUN: env ASAN_OPTIONS=malloc_context_size=0:fast_unwind_on_malloc=0 not %run %t 2>&1 | FileCheck %s // RUN: env ASAN_OPTIONS=malloc_context_size=0:fast_unwind_on_malloc=1 not %run %t 2>&1 | FileCheck %s // XFAIL: arm-linux-gnueabi #include #include int main(int argc, char **argv) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); int res = x[argc]; free(x + 5); // BOOM // CHECK: AddressSanitizer: attempting free on address{{.*}}in thread T0 // CHECK: invalid-free.cc:[[@LINE-2]] // CHECK: is located 5 bytes inside of 10-byte region // CHECK: allocated by thread T0 here: // MALLOC-CTX: invalid-free.cc:[[@LINE-8]] return res; } when running above testcase (could be found at external/compiler-rt/test/asan/TestCases)on Android5.0 phone, the testcase will SEGV as following(in the fact, all testcases would be SEGV on android phone): [1m[31m==3909==ERROR: AddressSanitizer: SEGV on unknown address 0x369a00fe (pc 0xb6f51662 bp 0xbeb58a1c sp 0xbeb589e0 T0) [1m[0m #0 0xb6f51661 in main TestCases/invalid-free.cc:14 #1 0xb69c0e09 (/system/lib/libc.so+0x12e09) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV TestCases/invalid-free.cc:14 main ==3909==ABORTING the root cause is that when using Asan on 32-bit ARM android system, the shadow offset should be zero, not 0x20000000(1<<29). this serious bug could be fixed according to following steps: modify function static unsigned HOST_WIDE_INT arm_asan_shadow_offset(void) in the gcc-4.9.2/config/arm/arm.c from static unsigned HOST_WIDE_INT arm_asan_shadow_offset (void) { return (unsigned HOST_WIDE_INT) 1 << 29; } to static unsigned HOST_WIDE_INT arm_asan_shadow_offset (void) { #ifdef TARGET_ANDROID return 0; #else return (unsigned HOST_WIDE_INT) 1 << 29; #endif }