Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A simple ObjC program crashes in objc_msgSend #88

Closed
ramosian-glider opened this issue Aug 31, 2015 · 6 comments
Closed

A simple ObjC program crashes in objc_msgSend #88

ramosian-glider opened this issue Aug 31, 2015 · 6 comments
Labels
OpSys-OSX Priority-Medium ProjectAddressSanitizer Status-Accepted Type-Defect

Comments

@ramosian-glider
Copy link
Member

Originally reported on Google Code with ID 88

A test case from Anna Zaks:

$ cat t.mm
#import <Foundation/Foundation.h>
int main() {
  NSString *number = [[NSString alloc] initWithFormat:@"5 %d", 5];
  [number release];
  NSString *d = [number description];
}
$ clang t.mm -o t-native -framework Foundation
$ ./t-native
$ clang t.mm -o t -framework Foundation -faddress-sanitizer

$ ./t 2>&1  | /Users/glider/src/asan/llvm/projects/compiler-rt/lib/asan/scripts/asan_symbolize.py

ASAN:SIGSEGV
==44396== ERROR: AddressSanitizer crashed on unknown address 0x000000000000 (pc 0x7fff8a6f1f0c
sp 0x7fff5fbffa58 bp 0x7fff5fbffb90 T0)
AddressSanitizer can not provide additional info. ABORTING
    #0 0x7fff8a6f1f0b in objc_msgSend (in libobjc.A.dylib) + 40
    #1 0x100001254 in start (in t) + 52
atos cannot load symbols for the file /Users/glider/src/t for architecture i386.
    #2 0x1 in 
Stats: 0M malloced (0M for red zones) by 11 calls
Stats: 0M realloced by 0 calls
Stats: 0M freed by 3 calls
Stats: 0M really freed by 0 calls
Stats: 4M (1024 full pages) mmaped in 1 calls
  mmaps   by size class: 8:16383;
  mallocs by size class: 8:11;
  frees   by size class: 8:3;
  rfrees  by size class:
Stats: malloc large: 0 small slow: 1

$ gdb t
(gdb) r
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: 13 at address: 0x0000000000000000
0x00007fff8a6f1f0c in objc_msgSend ()
(gdb) bt
#0  0x00007fff8a6f1f0c in objc_msgSend ()
#1  0x0000000100001412 in main ()

Reported by ramosian.glider on 2012-07-11 07:19:25
@ramosian-glider
Copy link
Member Author 

This example is really a buggy program, but ASan should be more verbose about the problem.
For example, NSZombie detects the bug correctly:

$ NSZombieEnabled=YES ./t-native
2012-07-11 16:50:18.581 t-native[94386:903] *** -[CFString description]: message sent
to deallocated instance 0x10010e080
Trace/BPT trap

even with ASan:

$ NSZombieEnabled=YES ./t
2012-07-11 16:53:27.968 t[94894:903] *** -[CFString description]: message sent to deallocated
instance 0x16e0284
Trace/BPT trap

Reported by ramosian.glider on 2012-07-11 13:06:15

@ramosian-glider
Copy link
Member Author 

are we going to take any action here?

Reported by konstantin.s.serebryany on 2013-02-18 08:19:30

@ramosian-glider
Copy link
Member Author 

Yes, if we want to improve the coverage for ObjC

Reported by ramosian.glider on 2013-02-18 09:36:28

@ramosian-glider
Copy link
Member Author

Reported by ramosian.glider on 2015-07-30 09:05:30

  • Labels added: ProjectAddressSanitizer

@ramosian-glider
Copy link
Member Author 

Adding Project:AddressSanitizer as part of GitHub migration.

Reported by ramosian.glider on 2015-07-30 09:06:54

@kcc
Copy link
Contributor

kcc commented Dec 1, 2015

Not working on this. If we want to work more on ObjC -- let file bugs in llvm tracker.

@kcc kcc closed this as completed Dec 1, 2015
@oviano oviano mentioned this issue Mar 31, 2020
Open
@UjjwalChitransh UjjwalChitransh mentioned this issue Apr 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
OpSys-OSX Priority-Medium ProjectAddressSanitizer Status-Accepted Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ramosian-glider @kcc