Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

asan memory problem by pthreading #1567

Open
freerabix opened this issue Sep 13, 2022 · 0 comments
Open

asan memory problem by pthreading #1567

freerabix opened this issue Sep 13, 2022 · 0 comments

Comments

@freerabix
Copy link

Hello,

i have discovered a asan memory problem, if phreads are used. The log shows the problem and a test.c file is under the log.

Where is the problem?

Used clang version: 13.0.1

Greetings,
Robert

###########################################Log
$ clang -fsanitize=fuzzer,address test.c
$ ./a.out
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1237427910
INFO: Loaded 1 modules (2 inline 8-bit counters): 2 [0x7b0f10, 0x7b0f12),
INFO: Loaded 1 PC tables (2 PCs): 2 [0x574010,0x574030),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
#2 INITED cov: 2 ft: 2 corp: 1/1b exec/s: 0 rss: 30Mb
#131072 pulse cov: 2 ft: 2 corp: 1/1b lim: 1300 exec/s: 43690 rss: 231Mb
#262144 pulse cov: 2 ft: 2 corp: 1/1b lim: 2611 exec/s: 37449 rss: 268Mb
#524288 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 34952 rss: 339Mb
#1048576 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 34952 rss: 484Mb
#2097152 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 33825 rss: 798Mb
#4194304 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 34379 rss: 1025Mb
#8388608 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 33825 rss: 1849Mb
==15278== ERROR: libFuzzer: out-of-memory (used: 2050Mb; limit: 2048Mb)
To change the out-of-memory limit use -rss_limit_mb=

Live Heap Allocations: 24204092 bytes in 42 chunks; quarantined: 1713907 bytes in 58520 chunks; 4623266 other chunks; total chunks: 4681828; showing top 95% (at most 8 unique contexts)
24120848 byte(s) (99%) in 10 allocation(s)
#0 0x5276ed in malloc /home/abuild/rpmbuild/BUILD/llvm-13.0.1.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
#1 0x43b60a in operator new(unsigned long) cxa_noexception.cpp
#2 0x475022 in main /home/abuild/rpmbuild/BUILD/llvm-13.0.1.src/build/../projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#3 0x7f2333cf92bc in __libc_start_main (/lib64/libc.so.6+0x352bc)

MS: 3 ShuffleBytes-ChangeBit-ChangeByte-; base unit: adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
0x2a,
*
artifact_prefix='./'; Test unit written to ./oom-df58248c414f342c81e056b40bee12d17a08bf61
Base64: Kg==
SUMMARY: libFuzzer: out-of-memory

########################test.c

#include <pthread.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void *sicct_cmd_thread(void *args) {
return NULL;
}

//int main() {
int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) {

	pthread_t cmd_thread, tx_thread  ;

    int i =0;
pthread_create(&cmd_thread, NULL, sicct_cmd_thread, NULL);
pthread_join(cmd_thread, NULL);
pthread_cancel(cmd_thread) ;

return 1;

}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@freerabix