[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#869090: gcc-6: Address sanitizer: Shadow memory range interleaves



On Sun, 23 Jul 2017 23:06:15 -0500 Jason Crain <jason@inspiresomeone.us> wrote:
> On Thu, Jul 20, 2017 at 02:45:11PM +0200, Tim Ruehsen wrote:
> > ==13782==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.
> > ==13782==ASan shadow was supposed to be located in the [0x00007fff7000-0x10007fff7fff] range.
> > ==13782==Process memory map follows:
> >         0x005450338000-0x005450339000   /usr/oms/src/libpsl/conftest
> >         0x005450539000-0x00545053a000   /usr/oms/src/libpsl/conftest
> > ...
> >         0x7fff70943000-0x7fff70964000   [stack]
> >         0x7fff709a4000-0x7fff709a6000   [vvar]
> >         0x7fff709a6000-0x7fff709a8000   [vdso]
> > ==13782==End of process memory map.
> 
> I noticed these same error messages after rebooting today.  Not when
> building a package, but when testing other software, like this:
> 
> LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libasan.so.3 /bin/ls
> 
> Downgrading the kernel from linux-image-4.11.0-2-amd64 (4.11.11-1+b1) to
> linux-image-4.11.0-1-amd64 (4.11.6-1) fixed this.  I wonder if the stack
> clash fix has broken ASan.

The address space change that went into 4.11.11-1 and might have
triggered this is "binfmt_elf: use ELF_ET_DYN_BASE only for PIE" (CVE-
2017-1000370, CVE-2017-1000371).  This moved PIEs to lower addresses on
x86 (starting at 0x400000 on i386 and 0x100000000 on amd4) while
keeping the dynamic linker in the mmap area.

Ben.

-- 
Ben Hutchings
All extremists should be taken out and shot.

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: