Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASan incorrectly wraps memmove on OS X Lion #34

Closed
ramosian-glider opened this issue Aug 31, 2015 · 4 comments
Closed

ASan incorrectly wraps memmove on OS X Lion #34

ramosian-glider opened this issue Aug 31, 2015 · 4 comments
Labels
OpSys-OSX Priority-Medium ProjectAddressSanitizer Status-Fixed Type-Defect

Comments

@ramosian-glider
Copy link
Member

Originally reported on Google Code with ID 34

$ cat t.c
#include <stdio.h>
extern void *memmove(void *dest, void *src, size_t n);
int main() {
  char a[] = "Hello World!\n";
  memmove(a+3, a, 5);
  printf("%s\n", a);
  return 0;
}
=============================
$ gcc t.c -o t && ./t
HelHellorld!
=============================
$ clang t.c -o t -fno-builtin -O0  -faddress-sanitizer && ./t 2>&1 | scripts/asan_symbolize.py

==51112== ERROR: AddressSanitizer memcpy-param-overlap: memory ranges [0x7fff6904eb43,0x7fff6904eb48)
and [0x7fff6904eb40, 0x7fff6904eb45) overlap
    #0 0x1094543b0 in wrap_memcpy (in t) + 128
    #1 0x109450127 in main (in t) + 471
    #2 0x10944ff44 in start (in t) + 52
    #3 0x1
Stats: 0M malloced (0M for red zones) by 0 calls
Stats: 0M realloced by 0 calls
Stats: 0M freed by 0 calls
Stats: 0M really freed by 0 calls
Stats: 0M (0 full pages) mmaped in 0 calls
  mmaps   by size class:
  mallocs by size class:
  frees   by size class:
  rfrees  by size class:
Stats: malloc large: 0 small slow: 0

Reported by ramosian.glider on 2012-01-30 13:03:02
@ramosian-glider
Copy link
Member Author 

It appears that memcpy() and memmove() are aliases on Lion:


$ nm /usr/lib/system/libsystem_c.dylib | grep "memcpy\|memmove"
0000000000013830 T ___memcpy_chk
000000000001381c T ___memmove_chk
00000000000a1969 T _memcpy
0000000000027ebd t _memcpy$VARIANT$sse3x
0000000000027cbd t _memcpy$VARIANT$sse42
00000000000e0af0 d _memcpy_platfunc_descriptors
000000000009ea1a T _memmove
0000000000027ebd t _memmove$VARIANT$sse3x
0000000000027cbd t _memmove$VARIANT$sse42
00000000000e0ab0 d _memmove_platfunc_descriptors
00000000000e19f0 s _platfunc_memcpy$VARIANT$sse3x
00000000000e19c0 s _platfunc_memcpy$VARIANT$sse42
00000000000e1a00 s _platfunc_memmove$VARIANT$sse3x
00000000000e19d0 s _platfunc_memmove$VARIANT$sse42
00000000000295a5 T _wmemcpy
0000000000006793 T _wmemmove

Therefore we're wrapping the same function twice, so for both memcpy() and memmove()
we're calling wrap_memcpy() => wrap_memmove() => original function.

To fix this we should just wrap memmove() and forget about memcpy-param-overlap errors.

See also https://bugzilla.mozilla.org/show_bug.cgi?id=715750 and http://code.google.com/p/valgrind-variant/issues/detail?id=5

Reported by ramosian.glider on 2012-01-31 11:30:33

@ramosian-glider
Copy link
Member Author 

Fixed in clang:r149492

Reported by ramosian.glider on 2012-02-01 10:13:01

@ramosian-glider
Copy link
Member Author

Reported by ramosian.glider on 2012-02-01 10:13:15

  • Status changed: Fixed

@ramosian-glider
Copy link
Member Author 

Adding Project:AddressSanitizer as part of GitHub migration.

Reported by ramosian.glider on 2015-07-30 09:12:58

  • Labels added: ProjectAddressSanitizer

@sarora5 sarora5 mentioned this issue Jun 12, 2019
Open
@oviano oviano mentioned this issue Mar 31, 2020
Open
@UjjwalChitransh UjjwalChitransh mentioned this issue Apr 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
OpSys-OSX Priority-Medium ProjectAddressSanitizer Status-Fixed Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ramosian-glider