Message 217547 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	neologix
Recipients	christian.heimes, neologix, pitrou, skrah, vstinner
Date	2014年04月29日.20:54:45
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<CAH_1eM13JxHo=GNxe=9XpmN=uctqkvZJcQqKz7jxxn838VTgGQ@mail.gmail.com>
In-reply-to	<1398803234.15.0.897159631014.issue21037@psf.upfronthosting.co.za>

Content
> How do we spot any ASAN issues, though? Does ASAN change the process' return code on errors? It aborts: $ cat /tmp/test.c int main(int argc, char argv[]) { int bar[16] = {0}; / oops / return bar[16]; } $ gcc -Wall -fsanitize=address -o /tmp/test /tmp/test.c $ /tmp/test ================================================================= ==15028== ERROR: AddressSanitizer: stack-buffer-overflow on address 0xbffab500 at pc 0x80485ec bp 0xbffab488 sp 0xbffab47c READ of size 4 at 0xbffab500 thread T0 #0 0x80485eb (/tmp/test+0x80485eb) #1 0xb5fd8a62 (/lib/i386-linux-gnu/i686/cmov/libc-2.18.so+0x19a62) #2 0x8048490 (/tmp/test+0x8048490) Address 0xbffab500 is located at offset 96 in frame <main> of T0's stack: This frame has 1 object(s): [32, 96) 'bar' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions are* supported) Shadow bytes around the buggy address: 0x37ff5650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x37ff5660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x37ff5670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x37ff5680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x37ff5690: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 =>0x37ff56a0:[f3]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x37ff56b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x37ff56c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x37ff56d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x37ff56e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x37ff56f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap righ redzone: fb Freed Heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==15028== ABORTING You obviously don't see here, but it also colors the output in a terminal :-)

Content

> How do we spot any ASAN issues, though? Does ASAN change the process' return code on errors?
It aborts:
$ cat /tmp/test.c
int main(int argc, char *argv[])
{
 int bar[16] = {0};
 /* oops */
 return bar[16];
}
$ gcc -Wall -fsanitize=address -o /tmp/test /tmp/test.c
$ /tmp/test
=================================================================
==15028== ERROR: AddressSanitizer: stack-buffer-overflow on address
0xbffab500 at pc 0x80485ec bp 0xbffab488 sp 0xbffab47c
READ of size 4 at 0xbffab500 thread T0
 #0 0x80485eb (/tmp/test+0x80485eb)
 #1 0xb5fd8a62 (/lib/i386-linux-gnu/i686/cmov/libc-2.18.so+0x19a62)
 #2 0x8048490 (/tmp/test+0x8048490)
Address 0xbffab500 is located at offset 96 in frame <main> of T0's stack:
 This frame has 1 object(s):
 [32, 96) 'bar'
HINT: this may be a false positive if your program uses some custom
stack unwind mechanism or swapcontext
 (longjmp and C++ exceptions *are* supported)
Shadow bytes around the buggy address:
 0x37ff5650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x37ff5660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x37ff5670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x37ff5680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x37ff5690: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00
=>0x37ff56a0:[f3]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
 0x37ff56b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x37ff56c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x37ff56d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x37ff56e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x37ff56f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
 Addressable: 00
 Partially addressable: 01 02 03 04 05 06 07
 Heap left redzone: fa
 Heap righ redzone: fb
 Freed Heap region: fd
 Stack left redzone: f1
 Stack mid redzone: f2
 Stack right redzone: f3
 Stack partial redzone: f4
 Stack after return: f5
 Stack use after scope: f8
 Global redzone: f9
 Global init order: f6
 Poisoned by user: f7
 ASan internal: fe
==15028== ABORTING
You obviously don't see here, but it also colors the output in a terminal :-)

History
Date	User	Action	Args
2014年04月29日 20:54:46	neologix	set	recipients: + neologix, pitrou, vstinner, christian.heimes, skrah
2014年04月29日 20:54:46	neologix	link	issue21037 messages
2014年04月29日 20:54:45	neologix	create

homepage