Re: libc6:i386 yields invalid writes, triggered by GCC's AddressSanitizer

To: Vincent Lefevre <vincent@vinc17.net>
Cc: 892096@bugs.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
Subject: Re: libc6:i386 yields invalid writes, triggered by GCC's AddressSanitizer
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Mon, 5 Mar 2018 20:46:32 +0100
Message-id: <[🔎] 20180305194632.GA531@aurel32.net>
Mail-followup-to: Vincent Lefevre <vincent@vinc17.net>, 892096@bugs.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
In-reply-to: <[🔎] 20180305132708.GC11025@zira.vinc17.org>
References: <20180305131056.GA24910@cventin.lip.ens-lyon.fr> <[🔎] 20180305132708.GC11025@zira.vinc17.org>

control: reassign -1 gcc-snapshot
control: gcc-snapshot: AddressSanitizer uses glibc internal functions

On 2018-03-05 14:27, Vincent Lefevre wrote:
> Control: reassign -1 libc6 2.27-1
> Control: retitle -1 libc6:i386 yields invalid writes, triggered by GCC's AddressSanitizer
> Control: severity -1 serious
> 
> On 2018-03-05 14:10:56 +0100, Vincent Lefevre wrote:
> > cventin:~> cat tst.c
> > int main (void)
> > {
> >   return 0;
> > }
> > cventin:~> gcc-snapshot -m32 -fsanitize=address tst.c -o tst
> > cventin:~> ./tst
> > AddressSanitizer:DEADLYSIGNAL
> > =================================================================
> > ==25032==ERROR: AddressSanitizer: SEGV on unknown address 0xf7fa7e70 (pc 0xf7fa7e84 bp 0xffbf40ac sp 0xffbf406c T16777215)
> > ==25032==The signal is caused by a WRITE memory access.
> >     #0 0xf7fa7e83 in _dl_get_tls_static_info (/lib/ld-linux.so.2+0x11e83)
> >     #1 0xf7ac147d  (/usr/lib/gcc-snapshot/lib32/libasan.so.5+0x10e47d)
> >     #2 0xf7aafd27  (/usr/lib/gcc-snapshot/lib32/libasan.so.5+0xfcd27)
> >     #3 0xf7fa591a  (/lib/ld-linux.so.2+0xf91a)
> >     #4 0xf7f96cb9  (/lib/ld-linux.so.2+0xcb9)
> > 
> > AddressSanitizer can not provide additional info.
> > SUMMARY: AddressSanitizer: SEGV (/lib/ld-linux.so.2+0x11e83) in _dl_get_tls_static_info
> > ==25032==ABORTING
> 
> libc6:i386 was actually the cause (gcc-snapshot had not changed).
> Reverting to 2.26-6 makes the crash disappear.

The AddressSanitizer is using glibc internal functions though dlsym(),
and such functions have the right to change in new major versions:

From libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cc:
|  void *get_tls_static_info_ptr = dlsym(RTLD_NEXT, "_dl_get_tls_static_info");

And on the glibc side:
| $ readelf -s /lib/ld-linux.so.2  | grep _dl_get_tls_static_info
|      4: 00011e70    35 FUNC    GLOBAL DEFAULT   12 _dl_get_tls_static_info@@GLIBC_PRIVATE

This has been discussed for example there:
https://www.sourceware.org/ml/libc-alpha/2018-02/msg00611.html

The AddressSanitizer people should discuss for a public API so that it
doesn't happen again. Otherwise it might break at every new glibc
version.

I am therefore reassigning the bug to gcc-snapshot.

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

Reply to:

References:
- libc6:i386 yields invalid writes, triggered by GCC's AddressSanitizer
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: libc6:i386 yields invalid writes, triggered by GCC's AddressSanitizer
Next by Date: Processed (with 1 error): Re: libc6:i386 yields invalid writes, triggered by GCC's AddressSanitizer
Previous by thread: Processed: libc6:i386 yields invalid writes, triggered by GCC's AddressSanitizer
Next by thread: Processed (with 1 error): Re: libc6:i386 yields invalid writes, triggered by GCC's AddressSanitizer
Index(es):
- Date
- Thread