Hello there, We've reproduced this bug with Chromium code (see https://code.google.com/p/address-sanitizer/issues/detail?id=274) Can you please update to Clang r203916 and verify that it's fixed?
On Tue, Feb 18, 2014 at 3:38 PM, Alexander Potapenko <gli...@google.com> wrote: >> Thanks very much for your quickly help. For #1, you mean it is my program >> bug? > Not sure yet. There is much library code involved, and something wrong > is going on with the globals (see below). > >> >> For #2, I have set the ASAN_SYMBOLIZER_PATH to point to the llvm-symbolizer >> binary, so that the report can only show function name. But no line number, >> could you please review the full report below? > Can you please run dsymutil on your program and check whether it helps > to get line numbers? > >> ==12807==ERROR: AddressSanitizer: global-buffer-overflow on address >> 0x0001007784c0 at pc 0x100a3f594 bp 0x7fff5fbfe310 sp 0x7fff5fbfe2d8 >> READ of size 18 at 0x0001007784c0 thread T0 >> #0 0x100a3f593 in wrap_memcmp >> (/Users/oupeng/llvm/Release+Asserts/lib/clang/3.5/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x16593) >> #1 0x7fff8f40cd56 in __CFStringEqual >> (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xfd56) > ... >> >> #25 0x100001fad in main (/path/myapp+0x100001fad) >> >> #26 0x100001d33 in start (/path/myapp+0x100001d33) >> >> #27 0x0 (/path/myapp+0x0) >> >> >> 0x0001007784c0 is located 32 bytes to the left of global variable '.str5' >> from '/path/myapp/Controller.m' (0x1007784e0) of size 13 >> >> '.str5' is ascii string 'ctestString' >> >> 0x0001007784c0 is located 0 bytes inside of global variable '.str3' from >> '/path/myapp/Controller.m' (0x1007784c0) of size 19 >> >> '.str3' is ascii string 'ctestOptions' >> >> 0x0001007784c0 is located 4 bytes to the right of global variable '.str1' >> from '/path/myapp/Controller.m' (0x1007784a0) of size 28 >> >> '.str1' is ascii string 'appMode' >> >> SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 wrap_memcmp >> >> Shadow bytes around the buggy address: >> >> 0x1000200ef040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> >> 0x1000200ef050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> >> 0x1000200ef060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> >> 0x1000200ef070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> >> 0x1000200ef080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> >> =>0x1000200ef090: 00 00 05 f9 f9 f9 f9 04[f9]f9 03 f9 f9 05 f9 f9 >> >> 0x1000200ef0a0: f9 f9 01 f9 f9 06 f9 f9 01 f9 f9 f9 04 f9 f9 f9 >> >> 0x1000200ef0b0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 >> >> 0x1000200ef0c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> >> 0x1000200ef0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> >> 0x1000200ef0e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> >> Shadow byte legend (one shadow byte represents 8 application bytes): > > This is weird. According to the report, there are three globals > aligned on 32 bytes: > str1 of size 28 starting at 0x1007784a0 and containing "appMode" > (shadow bytes f9f9f904) > str3 of size 19 starting at 0x1007784c0 and containing "ctestOptions" > (shadow bytes f9f903f9) > str5 of size 13 starting at 0x1007784e0 and containing "ctestString" > (shadow bytes f905f9f9) > > For some reason the leading shadow bytes of the globals are set to f9 > instead of 00. > > Do you have a reproducer that doesn't contain proprietary code? > >> Addressable: 00 >> >> Partially addressable: 01 02 03 04 05 06 07 >> >> Heap left redzone: fa >> >> Heap right redzone: fb >> >> Freed heap region: fd >> >> Stack left redzone: f1 >> >> Stack mid redzone: f2 >> >> Stack right redzone: f3 >> >> Stack partial redzone: f4 >> >> Stack after return: f5 >> >> Stack use after scope: f8 >> >> Global redzone: f9 >> >> Global init order: f6 >> >> Poisoned by user: f7 >> >> Contiguous container OOB:fc >> >> ASan internal: fe >> >> ==13800==ABORTING >> >> On Monday, February 17, 2014 11:53:37 PM UTC+8, Alexander Potapenko wrote: >>> >>> 1. This is an actual global buffer overflow. This means that the >>> program tried to read past the end of a global string. >>> fun:memcmp won't help because we don't compile memcmp (it's in the >>> system library), but wrap in with our interceptor (aka wrap_memcmp) >>> that checks the validity of memory. >>> You can disable checks in memcmp by setting the ASAN_OPTIONS env var >>> to "replace_intrin=0", but this may mask other bugs. >>> >>> 2. Please refer to http://clang.llvm.org/docs/AddressSanitizer.html >>> for the instructions on report symbolization. >>> Note that your report contains only library functions for which Apple >>> doesn't provide the debug information. Is this a full report? >>> >>> >>> On Mon, Feb 17, 2014 at 7:29 AM, laser <sjzw...@gmail.com> wrote: >>> > I got the flollowing global-buffer-overflow issue after I replace the >>> > clang >>> > from pre-built binary build to build a llvm/clang with my-self >>> > >>> > I have two questions: >>> > >>> > 1. What's the problem, how to bypass the issue? >>> > I have set fun:wrap_memcmp in the blacklist >>> > -fsanitize-blacklist=blacklist.txt but still doesnt' work. >>> > >>> > 2. How can I get the code line number? >>> > -gdwarf-2 -g have set in compile flag. >>> > >>> > Many Thanks! >>> > >>> > ================================================================= >>> > ==12807==ERROR: AddressSanitizer: global-buffer-overflow on address >>> > 0x0001007784c0 at pc 0x100a3f594 bp 0x7fff5fbfe310 sp 0x7fff5fbfe2d8 >>> > READ of size 18 at 0x0001007784c0 thread T0 >>> > #0 0x100a3f593 in wrap_memcmp >>> > >>> > (/Users/oupeng/llvm/Release+Asserts/lib/clang/3.5/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x16593) >>> > #1 0x7fff8f40cd56 in __CFStringEqual >>> > >>> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xfd56) >>> > #2 0x7fff8f40cbd7 in CFEqual >>> > >>> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xfbd7) >>> > #3 0x7fff8f40c928 in __CFDictionaryStandardEquateKeys >>> > >>> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xf928) >>> > #4 0x7fff8f3ff404 in CFBasicHashFindBucket >>> > >>> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x2404) >>> > #5 0x7fff8f3fec05 in CFDictionaryGetValue >>> > >>> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x1c05) >>> > #6 0x7fff8f576aac in -[CFPrefsPlistSource copyValueForKey:] >>> > >>> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x179aac) >>> > #7 0x7fff8f575a32 in -[CFPrefsSearchListSource copyValueForKey:] >>> > >>> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x178a32) >>> > #8 0x7fff8f57189f in __CFPreferencesCopyAppValue_block_invoke_0 >>> > >>> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x17489f) >>> > #9 0x7fff8f575007 in +[CFPrefsSearchListSource >>> > withSearchListForIdentifier:perform:] >>> > >>> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x178007) >>> > #10 0x7fff8f44a9c9 in CFPreferencesCopyAppValue >>> > >>> > (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x4d9c9) >>> > #11 0x7fff8efe9aef in -[NSUserDefaults(NSUserDefaults) >>> > objectForKey:] >>> > >>> > (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation+0x49aef) >>> > #12 0x7fff8efeca88 in -[NSUserDefaults(NSUserDefaults) >>> > integerForKey:] >>> > >>> > (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation+0x4ca88) >>> > >>> > -------------------------- >>> > >>> > >>> > >>> > >>> > >>> > >>> > On Friday, February 14, 2014 8:17:34 AM UTC+8, laser wrote: >>> >> >>> >> Load command 0 >>> >> cmd LC_SEGMENT_64 >>> >> cmdsize 72 >>> >> segname __PAGEZERO >>> >> vmaddr 0x0000000000000000 >>> >> vmsize 0x0000000100000000 >>> >> fileoff 0 >>> >> filesize 0 >>> >> maxprot 0x00000000 >>> >> initprot 0x00000000 >>> >> nsects 0 >>> >> flags 0x0 >>> >> Load command 1 >>> >> cmd LC_SEGMENT_64 >>> >> cmdsize 1032 >>> >> segname __TEXT >>> >> vmaddr 0x0000000100000000 >>> >> vmsize 0x00000000008b6000 >>> >> fileoff 0 >>> >> filesize 9134080 >>> >> maxprot 0x00000007 >>> >> initprot 0x00000005 >>> >> nsects 12 >>> >> flags 0x0 >>> >> Section >>> >> sectname __text >>> >> segname __TEXT >>> >> addr 0x0000000100002080 >>> >> size 0x00000000007159c7 >>> >> offset 8320 >>> >> align 2^6 (64) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x80000400 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __stubs >>> >> segname __TEXT >>> >> addr 0x0000000100717a48 >>> >> size 0x00000000000011ca >>> >> offset 7436872 >>> >> align 2^1 (2) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x80000408 >>> >> reserved1 0 (index into indirect symbol table) >>> >> reserved2 6 (size of stubs) >>> >> Section >>> >> sectname __stub_helper >>> >> segname __TEXT >>> >> addr 0x0000000100718c14 >>> >> size 0x0000000000001370 >>> >> offset 7441428 >>> >> align 2^2 (4) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x80000400 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __const >>> >> segname __TEXT >>> >> addr 0x0000000100719fa0 >>> >> size 0x000000000008d204 >>> >> offset 7446432 >>> >> align 2^5 (32) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __cstring >>> >> segname __TEXT >>> >> addr 0x00000001007a71b0 >>> >> size 0x000000000005f79a >>> >> offset 8024496 >>> >> align 2^4 (16) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000002 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_methname >>> >> segname __TEXT >>> >> addr 0x000000010080694a >>> >> size 0x000000000000654e >>> >> offset 8415562 >>> >> align 2^0 (1) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000002 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_classname >>> >> segname __TEXT >>> >> addr 0x000000010080ce98 >>> >> size 0x00000000000005f7 >>> >> offset 8441496 >>> >> align 2^0 (1) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000002 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_methtype >>> >> segname __TEXT >>> >> addr 0x000000010080d48f >>> >> size 0x0000000000001f74 >>> >> offset 8443023 >>> >> align 2^0 (1) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000002 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __gcc_except_tab >>> >> segname __TEXT >>> >> addr 0x000000010080f404 >>> >> size 0x000000000000bcd4 >>> >> offset 8451076 >>> >> align 2^2 (4) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __ustring >>> >> segname __TEXT >>> >> addr 0x000000010081b0e0 >>> >> size 0x00000000000000ce >>> >> offset 8499424 >>> >> align 2^4 (16) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __unwind_info >>> >> segname __TEXT >>> >> addr 0x000000010081b1ae >>> >> size 0x0000000000006df4 >>> >> offset 8499630 >>> >> align 2^0 (1) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __eh_frame >>> >> segname __TEXT >>> >> addr 0x0000000100821fa8 >>> >> size 0x0000000000094050 >>> >> offset 8527784 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Load command 2 >>> >> cmd LC_SEGMENT_64 >>> >> cmdsize 1752 >>> >> segname __DATA >>> >> vmaddr 0x00000001008b6000 >>> >> vmsize 0x0000000000089000 >>> >> fileoff 9134080 >>> >> filesize 528384 >>> >> maxprot 0x00000007 >>> >> initprot 0x00000003 >>> >> nsects 21 >>> >> flags 0x0 >>> >> Section >>> >> sectname __program_vars >>> >> segname __DATA >>> >> addr 0x00000001008b6000 >>> >> size 0x0000000000000028 >>> >> offset 9134080 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __nl_symbol_ptr >>> >> segname __DATA >>> >> addr 0x00000001008b6028 >>> >> size 0x0000000000000010 >>> >> offset 9134120 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000006 >>> >> reserved1 759 (index into indirect symbol table) >>> >> reserved2 0 >>> >> Section >>> >> sectname __got >>> >> segname __DATA >>> >> addr 0x00000001008b6038 >>> >> size 0x0000000000000298 >>> >> offset 9134136 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000006 >>> >> reserved1 761 (index into indirect symbol table) >>> >> reserved2 0 >>> >> Section >>> >> sectname __la_symbol_ptr >>> >> segname __DATA >>> >> addr 0x00000001008b62d0 >>> >> size 0x00000000000017b8 >>> >> offset 9134800 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000007 >>> >> reserved1 844 (index into indirect symbol table) >>> >> reserved2 0 >>> >> Section >>> >> sectname __mod_init_func >>> >> segname __DATA >>> >> addr 0x00000001008b7a88 >>> >> size 0x00000000000004d8 >>> >> offset 9140872 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000009 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __mod_term_func >>> >> segname __DATA >>> >> addr 0x00000001008b7f60 >>> >> size 0x00000000000003d8 >>> >> offset 9142112 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x0000000a >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_classlist >>> >> segname __DATA >>> >> addr 0x00000001008b8338 >>> >> size 0x0000000000000198 >>> >> offset 9143096 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x10000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_catlist >>> >> segname __DATA >>> >> addr 0x00000001008b84d0 >>> >> size 0x0000000000000030 >>> >> offset 9143504 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x10000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_protolist >>> >> segname __DATA >>> >> addr 0x00000001008b8500 >>> >> size 0x0000000000000028 >>> >> offset 9143552 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_imageinfo >>> >> segname __DATA >>> >> addr 0x00000001008b8528 >>> >> size 0x0000000000000008 >>> >> offset 9143592 >>> >> align 2^2 (4) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_const >>> >> segname __DATA >>> >> addr 0x00000001008b8530 >>> >> size 0x000000000000ca78 >>> >> offset 9143600 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_selrefs >>> >> segname __DATA >>> >> addr 0x00000001008c4fa8 >>> >> size 0x0000000000001c38 >>> >> offset 9195432 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x10000005 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_classrefs >>> >> segname __DATA >>> >> addr 0x00000001008c6be0 >>> >> size 0x0000000000000300 >>> >> offset 9202656 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x10000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_superrefs >>> >> segname __DATA >>> >> addr 0x00000001008c6ee0 >>> >> size 0x0000000000000178 >>> >> offset 9203424 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x10000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_data >>> >> segname __DATA >>> >> addr 0x00000001008c7058 >>> >> size 0x0000000000000ff0 >>> >> offset 9203800 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __data >>> >> segname __DATA >>> >> addr 0x00000001008c8060 >>> >> size 0x000000000003eccc >>> >> offset 9207904 >>> >> align 2^5 (32) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __cfstring >>> >> segname __DATA >>> >> addr 0x0000000100906d30 >>> >> size 0x0000000000001760 >>> >> offset 9465136 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __objc_ivar >>> >> segname __DATA >>> >> addr 0x0000000100908490 >>> >> size 0x00000000000006f0 >>> >> offset 9471120 >>> >> align 2^3 (8) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __const >>> >> segname __DATA >>> >> addr 0x0000000100908b80 >>> >> size 0x000000000002d9b8 >>> >> offset 9472896 >>> >> align 2^5 (32) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000000 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __common >>> >> segname __DATA >>> >> addr 0x0000000100936540 >>> >> size 0x00000000000000d4 >>> >> offset 0 >>> >> align 2^5 (32) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000001 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Section >>> >> sectname __bss >>> >> segname __DATA >>> >> addr 0x0000000100936620 >>> >> size 0x0000000000008560 >>> >> offset 0 >>> >> align 2^5 (32) >>> >> reloff 0 >>> >> nreloc 0 >>> >> flags 0x00000001 >>> >> reserved1 0 >>> >> reserved2 0 >>> >> Load command 3 >>> >> cmd LC_SEGMENT_64 >>> >> cmdsize 72 >>> >> segname __LINKEDIT >>> >> vmaddr 0x000000010093f000 >>> >> vmsize 0x00000000001dd000 >>> >> fileoff 9662464 >>> >> filesize 1951076 >>> >> maxprot 0x00000007 >>> >> initprot 0x00000001 >>> >> nsects 0 >>> >> flags 0x0 >>> >> Load command 4 >>> >> cmd LC_DYLD_INFO_ONLY >>> >> cmdsize 48 >>> >> rebase_off 0 >>> >> rebase_size 0 >>> >> bind_off 9662464 >>> >> bind_size 5520 >>> >> weak_bind_off 9667984 >>> >> weak_bind_size 14616 >>> >> lazy_bind_off 9682600 >>> >> lazy_bind_size 11264 >>> >> export_off 9693864 >>> >> export_size 208200 >>> >> Load command 5 >>> >> cmd LC_SYMTAB >>> >> cmdsize 24 >>> >> symoff 9921608 >>> >> nsyms 47112 >>> >> stroff 10681812 >>> >> strsize 931728 >>> >> Load command 6 >>> >> cmd LC_DYSYMTAB >>> >> cmdsize 80 >>> >> ilocalsym 0 >>> >> nlocalsym 38097 >>> >> iextdefsym 38097 >>> >> nextdefsym 8376 >>> >> iundefsym 46473 >>> >> nundefsym 639 >>> >> tocoff 0 >>> >> ntoc 0 >>> >> modtaboff 0 >>> >> nmodtab 0 >>> >> extrefsymoff 0 >>> >> nextrefsyms 0 >>> >> indirectsymoff 10675400 >>> >> nindirectsyms 1603 >>> >> extreloff 0 >>> >> nextrel 0 >>> >> locreloff 0 >>> >> nlocrel 0 >>> >> Load command 7 >>> >> cmd LC_LOAD_DYLINKER >>> >> cmdsize 32 >>> >> name /usr/lib/dyld (offset 12) >>> >> Load command 8 >>> >> cmd LC_UUID >>> >> cmdsize 24 >>> >> uuid D90F6E36-AC16-38F7-AE77-B0134B774146 >>> >> Load command 9 >>> >> cmd LC_VERSION_MIN_MACOSX >>> >> cmdsize 16 >>> >> version 10.6 >>> >> sdk n/a >>> >> Load command 10 >>> >> cmd LC_UNIXTHREAD >>> >> cmdsize 184 >>> >> flavor x86_THREAD_STATE64 >>> >> count x86_THREAD_STATE64_COUNT >>> >> rax 0x0000000000000000 rbx 0x0000000000000000 rcx >>> >> 0x0000000000000000 >>> >> rdx 0x0000000000000000 rdi 0x0000000000000000 rsi >>> >> 0x0000000000000000 >>> >> rbp 0x0000000000000000 rsp 0x0000000000000000 r8 >>> >> 0x0000000000000000 >>> >> r9 0x0000000000000000 r10 0x0000000000000000 r11 >>> >> 0x0000000000000000 >>> >> r12 0x0000000000000000 r13 0x0000000000000000 r14 >>> >> 0x0000000000000000 >>> >> r15 0x0000000000000000 rip 0x0000000100002080 >>> >> rflags 0x0000000000000000 cs 0x0000000000000000 fs >>> >> 0x0000000000000000 >>> >> gs 0x0000000000000000 >>> >> Load command 11 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 80 >>> >> name @executable_path/../Frameworks/libglib-2.0.0.dylib >>> >> (offset >>> >> 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 2201.1.0 >>> >> compatibility version 2201.0.0 >>> >> Load command 12 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 80 >>> >> name @executable_path/../Frameworks/libgobject-2.0.0.dylib >>> >> (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 2201.1.0 >>> >> compatibility version 2201.0.0 >>> >> Load command 13 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 80 >>> >> name @executable_path/../Frameworks/libgmodule-2.0.0.dylib >>> >> (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 2201.1.0 >>> >> compatibility version 2201.0.0 >>> >> Load command 14 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 80 >>> >> name @executable_path/../Frameworks/libgthread-2.0.0.dylib >>> >> (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 2201.1.0 >>> >> compatibility version 2201.0.0 >>> >> Load command 15 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 80 >>> >> name @executable_path/../Frameworks/libintl.8.0.2.dylib >>> >> (offset >>> >> 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 9.2.0 >>> >> compatibility version 9.0.0 >>> >> Load command 16 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 56 >>> >> name /usr/lib/libSystem.B.dylib (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 1197.1.1 >>> >> compatibility version 1.0.0 >>> >> Load command 17 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 72 >>> >> name @executable_path/../Frameworks/libcrtbora.dylib (offset >>> >> 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 0.0.0 >>> >> compatibility version 0.0.0 >>> >> Load command 18 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 56 >>> >> name /usr/lib/libxml2.2.dylib (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 10.9.0 >>> >> compatibility version 10.0.0 >>> >> Load command 19 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 48 >>> >> name /usr/lib/libz.1.dylib (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 1.2.5 >>> >> compatibility version 1.0.0 >>> >> Load command 20 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 56 >>> >> name /usr/lib/libstdc++.6.dylib (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 60.0.0 >>> >> compatibility version 7.0.0 >>> >> Load command 21 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 88 >>> >> name >>> >> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit (offset >>> >> 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 1265.0.0 >>> >> compatibility version 45.0.0 >>> >> Load command 22 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 88 >>> >> name >>> >> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon (offset >>> >> 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 157.0.0 >>> >> compatibility version 2.0.0 >>> >> Load command 23 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 88 >>> >> name >>> >> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa >>> >> (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 20.0.0 >>> >> compatibility version 1.0.0 >>> >> Load command 24 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 96 >>> >> name >>> >> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData >>> >> (offset >>> >> 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 481.0.0 >>> >> compatibility version 1.0.0 >>> >> Load command 25 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 104 >>> >> name >>> >> >>> >> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices >>> >> (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 59.0.0 >>> >> compatibility version 1.0.0 >>> >> Load command 26 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 104 >>> >> name >>> >> >>> >> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation >>> >> (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 855.11.0 >>> >> compatibility version 150.0.0 >>> >> Load command 27 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 96 >>> >> name >>> >> /System/Library/Frameworks/Security.framework/Versions/A/Security >>> >> (offset >>> >> 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 55471.0.0 >>> >> compatibility version 1.0.0 >>> >> Load command 28 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 112 >>> >> name >>> >> >>> >> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface >>> >> (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 55047.0.0 >>> >> compatibility version 1.0.0 >>> >> Load command 29 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 112 >>> >> name >>> >> >>> >> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration >>> >> (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 596.12.0 >>> >> compatibility version 1.0.0 >>> >> Load command 30 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 128 >>> >> name >>> >> >>> >> /users/laser/Downloads/clang3.4-darwin/lib/clang/3.4/lib/darwin/libclang_rt.asan_osx_dynamic.dylib >>> >> (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 0.0.0 >>> >> compatibility version 0.0.0 >>> >> Load command 31 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 56 >>> >> name /usr/lib/libobjc.A.dylib (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 228.0.0 >>> >> compatibility version 1.0.0 >>> >> Load command 32 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 104 >>> >> name >>> >> >>> >> /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics >>> >> (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 600.0.0 >>> >> compatibility version 64.0.0 >>> >> Load command 33 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 96 >>> >> name >>> >> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation >>> >> (offset 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 1056.0.0 >>> >> compatibility version 300.0.0 >>> >> Load command 34 >>> >> cmd LC_LOAD_DYLIB >>> >> cmdsize 96 >>> >> name >>> >> /System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork >>> >> (offset >>> >> 24) >>> >> time stamp 2 Thu Jan 1 08:30:02 1970 >>> >> current version 673.0.3 >>> >> compatibility version 1.0.0 >>> >> Load command 35 >>> >> cmd LC_FUNCTION_STARTS >>> >> cmdsize 16 >>> >> dataoff 9902064 >>> >> datasize 19544 >>> >> >>> >> On Thursday, February 13, 2014 7:57:14 PM UTC+8, Alexander Potapenko >>> >> wrote: >>> >>> >>> >>> Can you please attach the output of otool -l for you binary? >>> >>> >>> >>> On Thu, Feb 13, 2014 at 3:47 PM, laser <sjzw...@gmail.com> wrote: >>> >>> > Hi experts, >>> >>> > >>> >>> > I got the following error when run my app with Asan in Mac OS, Could >>> >>> > you >>> >>> > take a look what's the problem? It is likely a asan related issue, >>> >>> > how >>> >>> > to >>> >>> > bypass it? >>> >>> > >>> >>> > >>> >>> > ==23202==ERROR: AddressSanitizer: heap-use-after-free on address >>> >>> > 0x6110000f4450 at pc 0x10019379f bp 0x7fff5fbfa190 sp 0x7fff5fbfa188 >>> >>> > WRITE of size 8 at 0x6110000f4450 thread T0 >>> >>> > ==23202==AddressSanitizer CHECK failed: >>> >>> > >>> >>> > >>> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:215 >>> >>> > "((n_ranges_)) < ((kMaxNumberOfAddressRanges))" (0x6, 0x6) >>> >>> > ==23202==AddressSanitizer CHECK failed: >>> >>> > >>> >>> > >>> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >>> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >>> >>> > 0x7fff7c459180) >>> >>> > ==23202==AddressSanitizer CHECK failed: >>> >>> > >>> >>> > >>> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >>> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >>> >>> > 0x7fff7c459180) >>> >>> > ==23202==AddressSanitizer CHECK failed: >>> >>> > >>> >>> > >>> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >>> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >>> >>> > 0x7fff7c459180) >>> >>> > ==23202==AddressSanitizer CHECK failed: >>> >>> > >>> >>> > >>> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >>> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >>> >>> > 0x7fff7c459180) >>> >>> > ==23202==AddressSanitizer CHECK failed: >>> >>> > >>> >>> > >>> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >>> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >>> >>> > 0x7fff7c459180) >>> >>> > ==23202==AddressSanitizer CHECK failed: >>> >>> > >>> >>> > >>> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >>> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >>> >>> > 0x7fff7c459180) >>> >>> > ==23202==AddressSanitizer CHECK failed: >>> >>> > >>> >>> > >>> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >>> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >>> >>> > 0x7fff7c459180) >>> >>> > ==23202==AddressSanitizer CHECK failed: >>> >>> > >>> >>> > >>> >>> > /Users/macs/Developer/llvm/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:335 >>> >>> > "((owner_)) != (((uptr)pthread_self()))" (0x7fff7c459180, >>> >>> > 0x7fff7c459180) >>> >>> > Segmentation fault: 11 >>> >>> > >>> >>> > Thanks! >>> >>> > >>> >>> > -- >>> >>> > You received this message because you are subscribed to the Google >>> >>> > Groups >>> >>> > "address-sanitizer" group. >>> >>> > To unsubscribe from this group and stop receiving emails from it, >>> >>> > send >>> >>> > an >>> >>> > email to address-saniti...@googlegroups.com. >>> >>> > For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> Alexander Potapenko >>> >>> Software Engineer >>> >>> Google Moscow >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> > Groups >>> > "address-sanitizer" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an >>> > email to address-saniti...@googlegroups.com. >>> > For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> >>> -- >>> Alexander Potapenko >>> Software Engineer >>> Google Moscow >> >> -- >> You received this message because you are subscribed to the Google Groups >> "address-sanitizer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to address-sanitizer+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > Alexander Potapenko > Software Engineer > Google Moscow -- Alexander Potapenko Software Engineer Google Moscow -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to address-sanitizer+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
