use-of-uninitialized-value in libcxxabi when throwing an exception - Please improve bootstrapping documentation #1155
Comments
|
This looks a lot like google/oss-fuzz#1099.
Could you check if that solution (blacklisting the personality
function) works for you?
…On Mon, Oct 21, 2019 at 3:03 PM zjturner ***@***.***> wrote:
I followed the instructions at these three links:
https://clang.llvm.org/docs/MemorySanitizer.html
https://github.com/google/sanitizers/wiki/MemorySanitizer
https://github.com/google/sanitizers/wiki/MemorySanitizerLibcxxHowTo
to get MSAN working for my case. It reports an uninitialized read as in the following call-stack.
Running 1 test case...
==114098==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7f94fb98a276 in __cxxabiv1::__getExceptionClass(_Unwind_Exception const*) /home/zturner/src/llvm-project/libcxxabi/src/cxa_exception.cpp:101:5
#1 0x7f94fb98c98e in get_thrown_object_ptr /home/zturner/src/llvm-project/libcxxabi/src/cxa_personality.cpp:504:9
#2 0x7f94fb98c98e in __cxxabiv1::scan_eh_tab(__cxxabiv1::(anonymous namespace)::scan_results&, _Unwind_Action, bool, _Unwind_Exception*, _Unwind_Context*) /home/zturner/src/llvm-project/libcxxabi/src/cxa_personality.cpp:750
#3 0x7f94fb98bb15 in __gxx_personality_v0 /home/zturner/src/llvm-project/libcxxabi/src/cxa_personality.cpp:969:9
#4 0x7f94fa798a0a in _Unwind_RaiseException (/lib/x86_64-linux-gnu/libgcc_s.so.1+0x10a0a)
#5 0x7f94fb98a5b6 in __cxa_throw /home/zturner/src/llvm-project/libcxxabi/src/cxa_exception.cpp:279:5
#6 0x5570432cca60 in throwUndefinedFlagAccessedFromLua(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) /home/zturner/src/roblox/Branches/ClientIntegration/Client/App/v8datamodel/GlobalSettings.cpp:351:5
...
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/zturner/src/llvm-project/libcxxabi/src/cxa_exception.cpp:101:5 in __cxxabiv1::__getExceptionClass(_Unwind_Exception const*)
ORIGIN: invalid (0). Might be a bug in MemorySanitizer origin tracking.
This could still be a bug in your code, too!
Exiting
The problem here is clearly from libgcc_s.so which is not instrumented. However, there is no documentation on this website about how to use libunwind in this scenario. I spent at least 6 hours and was not able to solve this problem on my own.
I think the documentation -- in particular this webpage -- should include specific instructions on how to build an instrumented libunwind to replace libgcc_s.
I was able to build instrumented libunwind but I was unsuccessful at getting the libcxxabi which I linked into my program to use libunwind instead of libgcc_s despite having spent a pretty significant amount of time on it.
Ultimately my solution was to add __attribute__((no_sanitize("memory"))) to a couple of places in libcxxabi when building, but this seems less than ideal and I think we should have instructions for this
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
I blacklisted it with the attribute and that worked, but I assume it would also work to blacklist it with a sanitizer blacklist file. The former was easier and seems equivalent so I just did that. That said, I had this workaround in place already, so I filed this bug more to get the documentation improved than to fix my problem. I think most people throwing exceptions in C++ will run into this, so it's probably worth mentioning either this workaround, or how to build / use instrumented libunwind as part of the documentation. |
|
I've uploaded https://reviews.llvm.org/D69587 (could not find you in
phabricator to cc).
…On Tue, Oct 29, 2019 at 11:33 AM zjturner ***@***.***> wrote:
I blacklisted it with the attribute and that worked, but I assume it would
also work to blacklist it with a sanitizer blacklist file. The former was
easier and seems equivalent so I just did that.
That said, I had this workaround in place already, so I filed this bug
more to get the documentation improved than to fix my problem. I think most
people throwing exceptions in C++ will run into this, so it's probably
worth mentioning either this workaround, or how to build / use instrumented
libunwind as part of the documentation.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1155?email_source=notifications&email_token=AADG4SSZ2ZA53MHNSOUILF3QRB6ZBA5CNFSM4JDFZGM2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECRTVOA#issuecomment-547568312>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADG4STASLGEXBHFPALJ5ATQRB6ZBANCNFSM4JDFZGMQ>
.
|
|
Thanks! |
eugenis
added a commit
to llvm/llvm-project
that referenced
this issue
Oct 31, 2019
Summary: Fixes https://bugs.llvm.org/show_bug.cgi?id=31877. Fixes google/sanitizers#1155. Enables exceptions in msan/tsan buid of libcxx, and in msan tests. -fdepfile-entry stuff is a workaround for https://reviews.llvm.org/D69290 (default blacklist missing from -MMD output). Reviewers: pcc, dvyukov Subscribers: mgorny, christof, #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D69587
arichardson
pushed a commit
to arichardson/llvm-project
that referenced
this issue
Nov 16, 2019
Summary: Fixes https://bugs.llvm.org/show_bug.cgi?id=31877. Fixes google/sanitizers#1155. Enables exceptions in msan/tsan buid of libcxx, and in msan tests. -fdepfile-entry stuff is a workaround for https://reviews.llvm.org/D69290 (default blacklist missing from -MMD output). Reviewers: pcc, dvyukov Subscribers: mgorny, christof, #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D69587
akuzm
added a commit
to ClickHouse/ClickHouse
that referenced
this issue
Dec 12, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I followed the instructions at these three links:
https://clang.llvm.org/docs/MemorySanitizer.html
https://github.com/google/sanitizers/wiki/MemorySanitizer
https://github.com/google/sanitizers/wiki/MemorySanitizerLibcxxHowTo
to get MSAN working for my case. It reports an uninitialized read as in the following call-stack.
The problem here is clearly from libgcc_s.so which is not instrumented. However, there is no documentation on this website about how to use libunwind in this scenario. I spent at least 6 hours and was not able to solve this problem on my own.
I think the documentation -- in particular this webpage -- should include specific instructions on how to build an instrumented libunwind to replace libgcc_s.
I was able to build instrumented libunwind but I was unsuccessful at getting the libcxxabi which I linked into my program to use libunwind instead of libgcc_s despite having spent a pretty significant amount of time on it.
Ultimately my solution was to add
__attribute__((no_sanitize("memory")))to a couple of places in libcxxabi when building, but this seems less than ideal and I think we should have instructions for thisThe text was updated successfully, but these errors were encountered: