This repository has been archived by the owner on Feb 2, 2025. It is now read-only.
Buffer Overflow? #32
Comments
|
@ckornher Hi, AddressSanitizer can show stack buffer overflow warning because it can't detect the change of stack location (google/sanitizers#189). Also please pay attention to this issue which has already been discussed - #22 |
|
@belozierov Thanks for the reply. It looks like it was probably a race condition in my code. I am going to close the one. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I have been experiencing random crashes some of which seem to involve random memory corruption. I have since found a probable cause, but did run across this while I was searching for issues.
I ran address sanitizer on my code and it spit out the following. There is a warning of potential false positives...
==47182==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x70000f1bb000; bottom 0x00010a1da000; size: 0x6fff04fe1000 (123141091102720)
False positive error reports may follow
For details see google/sanitizers#189
==47182==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x00010a1db9e1 at pc 0x000100136a7a bp 0x70000f1b9bb0 sp 0x70000f1b9370
READ of size 5664 at 0x00010a1db9e1 thread T2
#0 0x100136a79 in wrap_memmove+0x169 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x1da79)
#1 0x109ce5d60 in SharedCoroutine.saveStack()+0x830 (goSwiftlyTests:x86_64+0xdad60)
#2 0x109cedc9d in SharedCoroutineQueue.start(dispatcher:scheduler:task:)+0x47d (goSwiftlyTests:x86_64+0xe2c9d)
#3 0x109ceac4a in closure #1 in SharedCoroutineDispatcher.execute(on:task:)+0x22a (goSwiftlyTests:x86_64+0xdfc4a)
#4 0x109cbd932 in thunk for @escaping @callee_guaranteed () -> ()+0x92 (goSwiftlyTests:x86_64+0xb2932)
#5 0x1001613ba in __wrap_dispatch_async_block_invoke+0xca (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x483ba)
#6 0x7fff72cb56c3 in _dispatch_call_block_and_release+0xb (libdispatch.dylib:x86_64+0x16c3)
#7 0x7fff72cb6657 in _dispatch_client_callout+0x7 (libdispatch.dylib:x86_64+0x2657)
#8 0x7fff72cbbc43 in _dispatch_lane_serial_drain+0x254 (libdispatch.dylib:x86_64+0x7c43)
#9 0x7fff72cbc5d5 in _dispatch_lane_invoke+0x16a (libdispatch.dylib:x86_64+0x85d5)
#10 0x7fff72cc5c08 in _dispatch_workloop_worker_thread+0x253 (libdispatch.dylib:x86_64+0x11c08)
#11 0x7fff72f10a3c in _pthread_wqthread+0x121 (libsystem_pthread.dylib:x86_64+0x2a3c)
#12 0x7fff72f0fb76 in start_wqthread+0xe (libsystem_pthread.dylib:x86_64+0x1b76)
0x00010a1db9e1 is located 190945 bytes inside of 200704-byte region [0x00010a1ad000,0x00010a1de000)
allocated by thread T2 here:
#0 0x100162870 in wrap_posix_memalign+0xb0 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x49870)
#1 0x7fff7262bcd1 in swift_slowAlloc+0x41 (libswiftCore.dylib:x86_64+0x2f2cd1)
#2 0x109cd817b in CoroutineContext.init(stackSize:guardPage:)+0x4fb (goSwiftlyTests:x86_64+0xcd17b)
#3 0x109cd7c68 in CoroutineContext.__allocating_init(stackSize:guardPage:)+0x38 (goSwiftlyTests:x86_64+0xccc68)
#4 0x109ced426 in SharedCoroutineQueue.init(stackSize:)+0x5b6 (goSwiftlyTests:x86_64+0xe2426)
#5 0x109cece58 in SharedCoroutineQueue.__allocating_init(stackSize:)+0x28 (goSwiftlyTests:x86_64+0xe1e58)
#6 0x109ceb158 in SharedCoroutineDispatcher.getFreeQueue()+0x438 (goSwiftlyTests:x86_64+0xe0158)
#7 0x109ceac2f in closure #1 in SharedCoroutineDispatcher.execute(on:task:)+0x20f (goSwiftlyTests:x86_64+0xdfc2f)
#8 0x109cbd932 in thunk for @escaping @callee_guaranteed () -> ()+0x92 (goSwiftlyTests:x86_64+0xb2932)
#9 0x1001613ba in __wrap_dispatch_async_block_invoke+0xca (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x483ba)
#10 0x7fff72cb56c3 in _dispatch_call_block_and_release+0xb (libdispatch.dylib:x86_64+0x16c3)
#11 0x7fff72cb6657 in _dispatch_client_callout+0x7 (libdispatch.dylib:x86_64+0x2657)
#12 0x7fff72cbbc43 in _dispatch_lane_serial_drain+0x254 (libdispatch.dylib:x86_64+0x7c43)
#13 0x7fff72cbc5d5 in _dispatch_lane_invoke+0x16a (libdispatch.dylib:x86_64+0x85d5)
#14 0x7fff72cc5c08 in _dispatch_workloop_worker_thread+0x253 (libdispatch.dylib:x86_64+0x11c08)
#15 0x7fff72f10a3c in _pthread_wqthread+0x121 (libsystem_pthread.dylib:x86_64+0x2a3c)
#16 0x7fff72f0fb76 in start_wqthread+0xe (libsystem_pthread.dylib:x86_64+0x1b76)
Thread T2 created by T1 here:
Thread T1 created by T0 here:
SUMMARY: AddressSanitizer: stack-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x1da79) in wrap_memmove+0x169
Shadow bytes around the buggy address:
0x10002143b6e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002143b6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002143b700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002143b710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002143b720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10002143b730: 00 00 00 00 00 00 00 00 f1 f1 f1 f1[01]f3 f3 f3
0x10002143b740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002143b750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002143b760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002143b770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002143b780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
2020-11-06 15:47:39.270045-0700 xctest[47182:2741407] ==47182==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x70000f1bb000; bottom 0x00010a1da000; size: 0x6fff04fe1000 (123141091102720)
2020-11-06 15:47:39.270161-0700 xctest[47182:2741407] False positive error reports may follow
2020-11-06 15:47:39.270244-0700 xctest[47182:2741407] For details see google/sanitizers#189
2020-11-06 15:47:39.270366-0700 xctest[47182:2741407] =================================================================
2020-11-06 15:47:39.270476-0700 xctest[47182:2741407] ==47182==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x00010a1db9e1 at pc 0x000100136a7a bp 0x70000f1b9bb0 sp 0x70000f1b9370
2020-11-06 15:47:39.270527-0700 xctest[47182:2741407] READ of size 5664 at 0x00010a1db9e1 thread T2
2020-11-06 15:47:39.270648-0700 xctest[47182:2741407] #0 0x100136a79 in wrap_memmove+0x169 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x1da79)
2020-11-06 15:47:39.270708-0700 xctest[47182:2741407] #1 0x109ce5d60 in SharedCoroutine.saveStack()+0x830 (goSwiftlyTests:x86_64+0xdad60)
2020-11-06 15:47:39.270798-0700 xctest[47182:2741407] #2 0x109cedc9d in SharedCoroutineQueue.start(dispatcher:scheduler:task:)+0x47d (goSwiftlyTests:x86_64+0xe2c9d)
2020-11-06 15:47:39.270892-0700 xctest[47182:2741407] #3 0x109ceac4a in closure #1 in SharedCoroutineDispatcher.execute(on:task:)+0x22a (goSwiftlyTests:x86_64+0xdfc4a)
2020-11-06 15:47:39.270955-0700 xctest[47182:2741407] #4 0x109cbd932 in thunk for @escaping @callee_guaranteed () -> ()+0x92 (goSwiftlyTests:x86_64+0xb2932)
2020-11-06 15:47:39.271008-0700 xctest[47182:2741407] #5 0x1001613ba in __wrap_dispatch_async_block_invoke+0xca (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x483ba)
2020-11-06 15:47:39.271119-0700 xctest[47182:2741407] #6 0x7fff72cb56c3 in _dispatch_call_block_and_release+0xb (libdispatch.dylib:x86_64+0x16c3)
2020-11-06 15:47:39.271189-0700 xctest[47182:2741407] #7 0x7fff72cb6657 in _dispatch_client_callout+0x7 (libdispatch.dylib:x86_64+0x2657)
2020-11-06 15:47:39.271266-0700 xctest[47182:2741407] #8 0x7fff72cbbc43 in _dispatch_lane_serial_drain+0x254 (libdispatch.dylib:x86_64+0x7c43)
2020-11-06 15:47:39.271346-0700 xctest[47182:2741407] #9 0x7fff72cbc5d5 in _dispatch_lane_invoke+0x16a (libdispatch.dylib:x86_64+0x85d5)
2020-11-06 15:47:39.271396-0700 xctest[47182:2741407] #10 0x7fff72cc5c08 in _dispatch_workloop_worker_thread+0x253 (libdispatch.dylib:x86_64+0x11c08)
2020-11-06 15:47:39.271445-0700 xctest[47182:2741407] #11 0x7fff72f10a3c in _pthread_wqthread+0x121 (libsystem_pthread.dylib:x86_64+0x2a3c)
2020-11-06 15:47:39.271534-0700 xctest[47182:2741407] #12 0x7fff72f0fb76 in start_wqthread+0xe (libsystem_pthread.dylib:x86_64+0x1b76)
2020-11-06 15:47:39.271578-0700 xctest[47182:2741407]
2020-11-06 15:47:39.271621-0700 xctest[47182:2741407] 0x00010a1db9e1 is located 190945 bytes inside of 200704-byte region [0x00010a1ad000,0x00010a1de000)
2020-11-06 15:47:39.271667-0700 xctest[47182:2741407] allocated by thread T2 here:
2020-11-06 15:47:39.271708-0700 xctest[47182:2741407] #0 0x100162870 in wrap_posix_memalign+0xb0 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x49870)
2020-11-06 15:47:39.271749-0700 xctest[47182:2741407] #1 0x7fff7262bcd1 in swift_slowAlloc+0x41 (libswiftCore.dylib:x86_64+0x2f2cd1)
2020-11-06 15:47:39.271861-0700 xctest[47182:2741407] #2 0x109cd817b in CoroutineContext.init(stackSize:guardPage:)+0x4fb (goSwiftlyTests:x86_64+0xcd17b)
2020-11-06 15:47:39.271926-0700 xctest[47182:2741407] #3 0x109cd7c68 in CoroutineContext.__allocating_init(stackSize:guardPage:)+0x38 (goSwiftlyTests:x86_64+0xccc68)
2020-11-06 15:47:39.272024-0700 xctest[47182:2741407] #4 0x109ced426 in SharedCoroutineQueue.init(stackSize:)+0x5b6 (goSwiftlyTests:x86_64+0xe2426)
2020-11-06 15:47:39.272134-0700 xctest[47182:2741407] #5 0x109cece58 in SharedCoroutineQueue.__allocating_init(stackSize:)+0x28 (goSwiftlyTests:x86_64+0xe1e58)
2020-11-06 15:47:39.272253-0700 xctest[47182:2741407] #6 0x109ceb158 in SharedCoroutineDispatcher.getFreeQueue()+0x438 (goSwiftlyTests:x86_64+0xe0158)
2020-11-06 15:47:39.272323-0700 xctest[47182:2741407] #7 0x109ceac2f in closure #1 in SharedCoroutineDispatcher.execute(on:task:)+0x20f (goSwiftlyTests:x86_64+0xdfc2f)
2020-11-06 15:47:39.272388-0700 xctest[47182:2741407] #8 0x109cbd932 in thunk for @escaping @callee_guaranteed () -> ()+0x92 (goSwiftlyTests:x86_64+0xb2932)
2020-11-06 15:47:39.272434-0700 xctest[47182:2741407] #9 0x1001613ba in __wrap_dispatch_async_block_invoke+0xca (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x483ba)
2020-11-06 15:47:39.272518-0700 xctest[47182:2741407] #10 0x7fff72cb56c3 in _dispatch_call_block_and_release+0xb (libdispatch.dylib:x86_64+0x16c3)
2020-11-06 15:47:39.272628-0700 xctest[47182:2741407] #11 0x7fff72cb6657 in _dispatch_client_callout+0x7 (libdispatch.dylib:x86_64+0x2657)
2020-11-06 15:47:39.272735-0700 xctest[47182:2741407] #12 0x7fff72cbbc43 in _dispatch_lane_serial_drain+0x254 (libdispatch.dylib:x86_64+0x7c43)
2020-11-06 15:47:39.272836-0700 xctest[47182:2741407] #13 0x7fff72cbc5d5 in _dispatch_lane_invoke+0x16a (libdispatch.dylib:x86_64+0x85d5)
2020-11-06 15:47:39.272911-0700 xctest[47182:2741407] #14 0x7fff72cc5c08 in _dispatch_workloop_worker_thread+0x253 (libdispatch.dylib:x86_64+0x11c08)
2020-11-06 15:47:39.273034-0700 xctest[47182:2741407] #15 0x7fff72f10a3c in _pthread_wqthread+0x121 (libsystem_pthread.dylib:x86_64+0x2a3c)
2020-11-06 15:47:39.273105-0700 xctest[47182:2741407] #16 0x7fff72f0fb76 in start_wqthread+0xe (libsystem_pthread.dylib:x86_64+0x1b76)
2020-11-06 15:47:39.273255-0700 xctest[47182:2741407]
2020-11-06 15:47:39.273320-0700 xctest[47182:2741407] Thread T2 created by T1 here:
2020-11-06 15:47:39.273371-0700 xctest[47182:2741407]
2020-11-06 15:47:39.273523-0700 xctest[47182:2741407]
2020-11-06 15:47:39.273596-0700 xctest[47182:2741407] Thread T1 created by T0 here:
2020-11-06 15:47:39.273647-0700 xctest[47182:2741407]
2020-11-06 15:47:39.273745-0700 xctest[47182:2741407]
2020-11-06 15:47:39.273816-0700 xctest[47182:2741407] SUMMARY: AddressSanitizer: stack-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x1da79) in wrap_memmove+0x169
2020-11-06 15:47:39.273872-0700 xctest[47182:2741407] Shadow bytes around the buggy address:
2020-11-06 15:47:39.273990-0700 xctest[47182:2741407] 0x10002143b6e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2020-11-06 15:47:39.274067-0700 xctest[47182:2741407] 0x10002143b6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2020-11-06 15:47:39.274157-0700 xctest[47182:2741407] 0x10002143b700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2020-11-06 15:47:39.274265-0700 xctest[47182:2741407] 0x10002143b710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2020-11-06 15:47:39.274326-0700 xctest[47182:2741407] 0x10002143b720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2020-11-06 15:47:39.274419-0700 xctest[47182:2741407] =>0x10002143b730: 00 00 00 00 00 00 00 00 f1 f1 f1 f1[01]f3 f3 f3
2020-11-06 15:47:39.274529-0700 xctest[47182:2741407] 0x10002143b740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2020-11-06 15:47:39.274609-0700 xctest[47182:2741407] 0x10002143b750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2020-11-06 15:47:39.274754-0700 xctest[47182:2741407] 0x10002143b760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2020-11-06 15:47:39.274823-0700 xctest[47182:2741407] 0x10002143b770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2020-11-06 15:47:39.274904-0700 xctest[47182:2741407] 0x10002143b780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2020-11-06 15:47:39.274969-0700 xctest[47182:2741407] Shadow byte legend (one shadow byte represents 8 application bytes):
2020-11-06 15:47:39.275105-0700 xctest[47182:2741407] Addressable: 00
2020-11-06 15:47:39.275183-0700 xctest[47182:2741407] Partially addressable: 01 02 03 04 05 06 07
2020-11-06 15:47:39.275238-0700 xctest[47182:2741407] Heap left redzone: fa
2020-11-06 15:47:39.275349-0700 xctest[47182:2741407] Freed heap region: fd
2020-11-06 15:47:39.275440-0700 xctest[47182:2741407] Stack left redzone: f1
2020-11-06 15:47:39.275499-0700 xctest[47182:2741407] Stack mid redzone: f2
2020-11-06 15:47:39.275594-0700 xctest[47182:2741407] Stack right redzone: f3
2020-11-06 15:47:39.275647-0700 xctest[47182:2741407] Stack after return: f5
2020-11-06 15:47:39.275709-0700 xctest[47182:2741407] Stack use after scope: f8
2020-11-06 15:47:39.275749-0700 xctest[47182:2741407] Global redzone: f9
2020-11-06 15:47:39.275838-0700 xctest[47182:2741407] Global init order: f6
2020-11-06 15:47:39.275905-0700 xctest[47182:2741407] Poisoned by user: f7
2020-11-06 15:47:39.275996-0700 xctest[47182:2741407] Container overflow: fc
2020-11-06 15:47:39.276094-0700 xctest[47182:2741407] Array cookie: ac
2020-11-06 15:47:39.276177-0700 xctest[47182:2741407] Intra object redzone: bb
2020-11-06 15:47:39.276229-0700 xctest[47182:2741407] ASan internal: fe
2020-11-06 15:47:39.276335-0700 xctest[47182:2741407] Left alloca redzone: ca
2020-11-06 15:47:39.276429-0700 xctest[47182:2741407] Right alloca redzone: cb
2020-11-06 15:47:39.276583-0700 xctest[47182:2741407] Shadow gap: cc
==47182==ABORTING
Warning: hit breakpoint while running function, skipping commands and conditions to prevent recursion.
AddressSanitizer report breakpoint hit. Use 'thread info -s' to get extended information about the report.
(lldb) thread info -s
thread #3: tid = 0x29d49f, 0x000000010016ab20 libclang_rt.asan_osx_dynamic.dylib`__asan::AsanDie(), queue = 'GoSwiftly[1]', stop reason = Stack buffer overflow
{
"access_size": 5664,
"access_type": 0,
"address": 4464687585,
"description": "stack-buffer-overflow",
"instrumentation_class": "AddressSanitizer",
"pc": 4296239738,
"stop_type": "fatal_error"
}
(lldb)
The text was updated successfully, but these errors were encountered: