-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why can't I print? #1356
Comments
two questions: |
Is this x86_64 or AArch64? |
is aarch64 and it does not work? |
@kcc Can you give me some advice? |
I switched to an Aarch64 device, and I got this.followed: [root@localhost test]# cat test.c int a[16] = {0}; int main() {
|
Hello, everyone. Recently, I researched Hwasan, but I found out why Hwasan cannot print the same code after adding a print function.
demo like this:
[root@kwephicprd11837 test]# clang aa.c -o main -g -O0 -fsanitize=address -fsanitize-recover=address,all
aa.c:25:13: warning: implicitly declaring library function 'strstr' with type 'char *(const char *, const char *)' [-Wimplicit-function-declaration]
if (strstr(line_buff, "VmRSS:") != NULL)
^
aa.c:25:13: note: include the header <string.h> or explicitly provide a declaration for 'strstr'
aa.c:50:16: warning: implicit declaration of function 'getpid' is invalid in C99 [-Wimplicit-function-declaration]
int ppid = getpid();
^
aa.c:46:13: warning: array index 12 is past the end of the array (which contains 12 elements) [-Warray-bounds]
int b = a[12];
^ ~~
aa.c:45:5: note: array 'a' declared here
int a[12] = {0};
^
aa.c:49:14: warning: array index -1 is before the beginning of the array [-Warray-bounds]
int cc = abc[-1];
^ ~~
aa.c:48:5: note: array 'abc' declared here
int abc[10] = {0};
^
4 warnings generated.
[root@kwephicprd11837 test]# ./main
hello
nihao!
huaidan
==28940==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xffffc34a24d0 at pc 0x0000004e9b90 bp 0xffffc34a2460 sp 0xffffc34a2478
READ of size 4 at 0xffffc34a24d0 thread T0
#0 0x4e9b8c in main /home/hss/test/aa.c:46:13
#1 0xffffafe3eadc in __libc_start_main (/lib64/libc.so.6+0x20adc)
#2 0x423098 in _start (/home/hss/test/main+0x423098)
Address 0xffffc34a24d0 is located in stack of thread T0 at offset 80 in frame
#0 0x4e995c in main /home/hss/test/aa.c:38
This frame has 2 object(s):
[32, 80) 'a' (line 45) <== Memory access at offset 80 overflows this variable
[112, 152) 'abc' (line 48)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/hss/test/aa.c:46:13 in main
Shadow bytes around the buggy address:
0x200ff8694440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff8694450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff8694460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff8694470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff8694480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x200ff8694490: f1 f1 f1 f1 00 00 00 00 00 00[f2]f2 f2 f2 f8 f8
0x200ff86944a0: f8 f8 f8 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
0x200ff86944b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff86944c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff86944d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff86944e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==28940==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xffffc34a24ec at pc 0x0000004e9c18 bp 0xffffc34a2460 sp 0xffffc34a2478
READ of size 4 at 0xffffc34a24ec thread T0
#0 0x4e9c14 in main /home/hss/test/aa.c:49:14
#1 0xffffafe3eadc in __libc_start_main (/lib64/libc.so.6+0x20adc)
#2 0x423098 in _start (/home/hss/test/main+0x423098)
Address 0xffffc34a24ec is located in stack of thread T0 at offset 108 in frame
#0 0x4e995c in main /home/hss/test/aa.c:38
This frame has 2 object(s):
[32, 80) 'a' (line 45)
[112, 152) 'abc' (line 48) <== Memory access at offset 108 underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/hss/test/aa.c:49:14 in main
Shadow bytes around the buggy address:
0x200ff8694440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff8694450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff8694460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff8694470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff8694480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x200ff8694490: f1 f1 f1 f1 00 00 00 00 00 00 f2 f2 f2[f2]00 00
0x200ff86944a0: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
0x200ff86944b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff86944c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff86944d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200ff86944e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
28940
15096
q
[root@kwephicprd11837 test]#
[root@kwephicprd11837 test]#
[root@kwephicprd11837 test]# clang aa.c -o main -g -O0 -fsanitize=hwaddress -fsanitize-recover=hwaddress,all
aa.c:25:13: warning: implicitly declaring library function 'strstr' with type 'char *(const char *, const char *)' [-Wimplicit-function-declaration]
if (strstr(line_buff, "VmRSS:") != NULL)
^
aa.c:25:13: note: include the header <string.h> or explicitly provide a declaration for 'strstr'
aa.c:50:16: warning: implicit declaration of function 'getpid' is invalid in C99 [-Wimplicit-function-declaration]
int ppid = getpid();
^
aa.c:46:13: warning: array index 12 is past the end of the array (which contains 12 elements) [-Warray-bounds]
int b = a[12];
^ ~~
aa.c:45:5: note: array 'a' declared here
int a[12] = {0};
^
aa.c:49:14: warning: array index -1 is before the beginning of the array [-Warray-bounds]
int cc = abc[-1];
^ ~~
aa.c:48:5: note: array 'abc' declared here
int abc[10] = {0};
^
4 warnings generated.
[root@kwephicprd11837 test]# ./main
==29280==ERROR: HWAddressSanitizer: tag-mismatch on address 0xffffe901ff90 at pc 0xaaaabc9124d8
READ of size 4 at 0xffffe901ff90 tags: 97/00 (ptr/mem) in thread T0
#0 0xaaaabc9124d4 in main /home/hss/test/aa.c:46:13
#1 0xffffa6b70adc in __libc_start_main (/lib64/libc.so.6+0x20adc)
#2 0xaaaabc8d43bc in _start (/home/hss/test/main+0x63bc)
LLVMSymbolizer: error reading file: No such file or directory
0xffffe901ff90 is located 130960 bytes to the right of 0-byte global variable ?? [0xffffe9000000,0xffffe9000000) in [stack]
Address 0xffffe901ff90 is located in stack of thread T0
Thread: T0 0xeffe00002000 stack: [0xffffe8822000,0xffffe9022000) sz: 8388608 tls: [0xffffa6e7cb70,0xffffa6e7d2c0)
Previously allocated frames:
record_addr:0xffffa6b284b8 record:0x1ffaaaaabc9120f8 in main /home/hss/test/aa.c:38
Memory tags around the buggy address (one tag corresponds to 16 bytes):
0xfffefe901f70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901f90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901fa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0xfffefe901ff0: 00 00 17 17 08 00 97 97 97 [00] 00 00 00 00 00 00
0xfffefe902000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Tags for short granules around the buggy address (one tag corresponds to 16 bytes):
0xfffefe901fe0: .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
=>0xfffefe901ff0: .. .. .. .. 17 .. .. .. .. [..] .. .. .. .. .. ..
0xfffefe902000: .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
See https://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html#short-granules for a description of short granule tags
SUMMARY: HWAddressSanitizer: tag-mismatch /home/hss/test/aa.c:46:13 in main
==29280==ERROR: HWAddressSanitizer: tag-mismatch on address 0xffffe901ff1c at pc 0xaaaabc912648
READ of size 4 at 0xffffe901ff1c tags: 17/00 (ptr/mem) in thread T0
#0 0xaaaabc912644 in main /home/hss/test/aa.c:49:14
#1 0xffffa6b70adc in __libc_start_main (/lib64/libc.so.6+0x20adc)
#2 0xaaaabc8d43bc in _start (/home/hss/test/main+0x63bc)
0xffffe901ff1c is located -130844 bytes to the left of 0-byte global variable ?? [0xffffe9000000,0xffffe9000000) in [stack]
Address 0xffffe901ff1c is located in stack of thread T0
Previously allocated frames:
record_addr:0xffffa6b284b8 record:0x1ffaaaaabc9120f8 in main /home/hss/test/aa.c:38
Memory tags around the buggy address (one tag corresponds to 16 bytes):
0xfffefe901f70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901f90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901fa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe901fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0xfffefe901ff0: 00 [00] 17 17 08 00 97 97 97 00 00 00 00 00 00 00
0xfffefe902000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xfffefe902070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Tags for short granules around the buggy address (one tag corresponds to 16 bytes):
0xfffefe901fe0: .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
=>0xfffefe901ff0: .. [..] .. .. 17 .. .. .. .. .. .. .. .. .. .. ..
0xfffefe902000: .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
See https://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html#short-granules for a description of short granule tags
SUMMARY: HWAddressSanitizer: tag-mismatch /home/hss/test/aa.c:49:14 in main
[root@kwephicprd11837 test]#
[root@kwephicprd11837 test]# cat aa.c
#include <stdio.h>
int get_memory_by_pid(int p)
{
FILE *fd;
char name[32], line_buff[256] = {0}, file[64] = {0};
int i, vmrss = 0;
}
int main() {
printf("hello\r\n");
fflush(stdout);
printf("nihao!\n");
fflush(stdout);
printf("huaidan\n");
fflush(stdout);
int a[12] = {0};
int b = a[12];
}
[root@kwephicprd11837 test]#
Can someone help you with that? Thank you very much!
The text was updated successfully, but these errors were encountered: