[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
building/using address-sanitizer-enabled emacs?
From: |
Jim Meyering |
Subject: |
building/using address-sanitizer-enabled emacs? |
Date: |
Sat, 06 May 2017 20:40:05 -0700 |
Has anyone managed to dump an ASAN-enabled emacs recently?
I can build and use an ASAN-enabled temacs, but it's too slow, of course.
When I build as follows, (using latest gcc-built-from-today's-git[*] --
very recent gcc is required for my use of the new
-fsanitize-address-use-after-scope), the temacs-to-emacs dump fails
with a global-buffer-overflow:
san='-fsanitize-address-use-after-scope -fsanitize=address -static-libasan'
./configure --prefix=/p/p/emacs-asan --without-gpm --without-x \
--with-x-toolkit=no --with-png=no --with-jpeg=no --with-sound=no \
CFLAGS="-O0 -ggdb3 $san" LDFLAGS="$san" && make
I guess it's not too surprising -- given what dumping does -- that it
is not yet ASAN-aware, but there are so many traces of address sanitizer
work already in emacs that I'm hoping someone has already dealt with this.
------------------
Finding pointers to doc strings...
Finding pointers to doc strings...done
Dumping under the name emacs
=================================================================
==8192==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000001d561e1 at pc 0x000000463102 bp 0x7fffffffbca0 sp 0x7fffffffb450
READ of size 13643296 at 0x000001d561e1 thread T0
#0 0x463101 in __interceptor_memcpy
/h/j/gcc/libsanitizer/asan/asan_interceptors.cc:456
#1 0x9896c0 in unexec /h/j/emacs/src/unexelf.c:407
#2 0x74d8ad in Fdump_emacs /h/j/emacs/src/emacs.c:2191
#3 0x8df69d in eval_sub /h/j/emacs/src/eval.c:2223
#4 0x8d51c4 in Fprogn /h/j/emacs/src/eval.c:449
#5 0x8deed5 in eval_sub /h/j/emacs/src/eval.c:2173
#6 0x8d4d41 in Fif /h/j/emacs/src/eval.c:406
#7 0x8deed5 in eval_sub /h/j/emacs/src/eval.c:2173
#8 0x945a9c in readevalloop /h/j/emacs/src/lread.c:1947
#9 0x942b1d in Fload /h/j/emacs/src/lread.c:1352
#10 0x8df946 in eval_sub /h/j/emacs/src/eval.c:2234
#11 0x8ddf54 in Feval /h/j/emacs/src/eval.c:2042
#12 0x751a34 in top_level_2 /h/j/emacs/src/keyboard.c:1121
#13 0x8da12d in internal_condition_case /h/j/emacs/src/eval.c:1326
#14 0x751a97 in top_level_1 /h/j/emacs/src/keyboard.c:1129
#15 0x8d8911 in internal_catch /h/j/emacs/src/eval.c:1091
#16 0x751899 in command_loop /h/j/emacs/src/keyboard.c:1090
#17 0x75033f in recursive_edit_1 /h/j/emacs/src/keyboard.c:697
#18 0x7506dd in Frecursive_edit /h/j/emacs/src/keyboard.c:768
#19 0x74bbb9 in main /h/j/emacs/src/emacs.c:1687
#20 0x7ffff5b52400 in __libc_start_main (/lib64/libc.so.6+0x20400)
#21 0x40d369 in _start (/h/j/emacs/src/temacs+0x40d369)
0x000001d561e1 is located 0 bytes to the right of global variable
'display_completed' defined in 'dispnew.c:100:6' (0x1d561e0) of size 1
'display_completed' is ascii string ''
0x000001d561e1 is located 63 bytes to the left of global variable
'delayed_size_change' defined in 'dispnew.c:104:13' (0x1d56220) of size 1
SUMMARY: AddressSanitizer: global-buffer-overflow
/h/j/gcc/libsanitizer/asan/asan_interceptors.cc:456 in __interceptor_memcpy
Shadow bytes around the buggy address:
0x0000803a2be0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000803a2bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000803a2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000803a2c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000803a2c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0000803a2c30: 00 00 00 00 00 00 00 00 00 00 00 00[01]f9 f9 f9
0x0000803a2c40: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x0000803a2c50: 00 00 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x0000803a2c60: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x0000803a2c70: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
0x0000803a2c80: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==8192==ABORTING
Makefile:735: recipe for target 'bootstrap-emacs' failed
make[1]: *** [bootstrap-emacs] Error 1
make[1]: Leaving directory '/h/j/emacs/src'
Makefile:416: recipe for target 'src' failed
make: *** [src] Error 2
-------------------
[*] One caveat: to get past a gcc ICE (just reported as
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80659), I had to apply this
kludgey patch:
diff --git a/src/process.c b/src/process.c
index 0edd092..8abd0d2 100644
--- a/src/process.c
+++ b/src/process.c
@@ -4724,10 +4725,13 @@ server_accept_connection (Lisp_Object server, int
channel)
case AF_LOCAL:
#endif
default:
+ abort ();
+#if 0
caller = Fnumber_to_string (make_number (connect_counter));
AUTO_STRING (space_less_than, " <");
AUTO_STRING (greater_than, ">");
caller = concat3 (space_less_than, caller, greater_than);
+#endif
break;
}
- building/using address-sanitizer-enabled emacs?,
Jim Meyering <=
- Re: building/using address-sanitizer-enabled emacs?, Paul Eggert, 2017/05/07
- Re: building/using address-sanitizer-enabled emacs?, Jim Meyering, 2017/05/07
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/07
- Re: building/using address-sanitizer-enabled emacs?, Paul Eggert, 2017/05/08
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/08
- Re: building/using address-sanitizer-enabled emacs?, Paul Eggert, 2017/05/08
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/08
- Re: building/using address-sanitizer-enabled emacs?, Jim Meyering, 2017/05/09
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/09
- Re: building/using address-sanitizer-enabled emacs?, Jim Meyering, 2017/05/09