AddressSanitizer tool on Android 6.0.1

[dragonltx]

According to the below link,I build the whole Android 6.0.1_r46 system， but it seems the AddressSanitizer can't work.
https://source.android.com/devices/tech/debug/asan.html#sanitize_target

the above link which mentioned 2 build command, so I build my Android 6.0.1_r46 source code with below commands:
make -j16
make USE_CLANG_PLATFORM_BUILD:=true SANITIZE_TARGET=address -j16

The build got success, but after I flash the both userdata and system images to my device, I can't find the '/data/lib' path, I also can't find the path '/system/lib/asan' from the device.

Can this tool work on Android 6.0.1 and how to make it work?

[eugenis]

What's your lunch target?
Are there libraries in $ANDROID_PRODUCT_OUT/data/lib? Some targets don't
build userdata.img (or build a fake one).

On Tue, Jul 12, 2016 at 12:37 AM, dragonltx [email protected]
wrote:

According to the below link,I build the whole Android 6.0.1_r46 system，
but it seems the AddressSanitizer can't work.
https:source.android.com/devices/tech/debug/asan.html#sanitize_target

In above link it mentioned 2 build command, so I build my Android with
below commands:
make -j16
make USE_CLANG_PLATFORM_BUILD:=true SANITIZE_TARGET=address -j16

The build got success, but after I flash the both userdata and system
images to my device, I can't find the '/data/lib' path, I also can't find
the path '/system/lib/asan' from the device.

Can this tool work on Android 6.0.1 and how to make it work?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#698, or mute the thread
https://github.com/notifications/unsubscribe/AAZuSlF92eq_JV32-_g6iVg9_CsqTCkuks5qU0QjgaJpZM4JKHfz
.

[dragonltx]

my lunch target is 21:aosp_shamu-userdebug

There aren't any libraries in $ANDROID_PRODUCT_OUT/data/lib.

[eugenis]

Could you try the master branch?
I could not start the build on 6.0.1_r46 becasue of unrelated issues, but
master seems to work fine.

On Tue, Jul 12, 2016 at 6:42 PM, dragonltx [email protected] wrote:

my lunch target is 21:aosp_shamu-userdebug

There aren't any libraries in $ANDROID_PRODUCT_OUT/data.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#698 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AAZuSp9R47c-K12nCwcVmHZ6_SeHg2cLks5qVEJ3gaJpZM4JKHfz
.

[dragonltx]

Ok!Let me have a try and feed back!

[dragonltx]

I test master branch:
make -j16:success
make USE_CLANG_PLATFORM_BUILD:=true SANITIZE_TARGET=address -j16:
system/core/libcutils/fs_config.c:223: error: undefined reference to '__ubsan_handle_sub_overflow'
system/core/libcutils/fs_config.c:64: error: undefined reference to '__ubsan_handle_shift_out_of_bounds'
system/core/libcutils/fs_config.c:65: error: undefined reference to '__ubsan_handle_shift_out_of_bounds'
system/core/libcutils/fs_config.c:194: error: undefined reference to '__ubsan_handle_sub_overflow'
system/core/libcutils/fs_config.c:195: error: undefined reference to '__ubsan_handle_sub_overflow'
system/core/libcutils/fs_config.c:273: error: undefined reference to '__ubsan_handle_add_overflow'
system/core/libcutils/fs_config.c:273: error: undefined reference to '__ubsan_handle_add_overflow'
system/core/libcutils/fs_config.c:273: error: undefined reference to '__ubsan_handle_add_overflow'
system/core/libcutils/fs_config.c:64: error: undefined reference to '__ubsan_handle_shift_out_of_bounds'
system/core/libcutils/fs_config.c:65: error: undefined reference to '__ubsan_handle_shift_out_of_bounds'
system/core/libcutils/canned_fs_config.c:76: error: undefined reference to '__ubsan_handle_add_overflow'
system/core/libcutils/canned_fs_config.c:58: error: undefined reference to '__ubsan_handle_mul_overflow'
system/core/libcutils/canned_fs_config.c:59: error: undefined reference to '__ubsan_handle_mul_overflow'
system/core/libcutils/hashmap.c:54: error: undefined reference to '__ubsan_handle_mul_overflow'
system/core/libcutils/hashmap.c:101: error: undefined reference to '__ubsan_handle_sub_overflow'
system/core/libcutils/hashmap.c:106: error: undefined reference to '__ubsan_handle_mul_overflow'
system/core/libcutils/sched_policy.c:283: error: undefined reference to '__ubsan_handle_negate_overflow'
system/core/libcutils/sched_policy.c:363: error: undefined reference to '__ubsan_handle_negate_overflow'
system/core/libcutils/fs.c:217: error: undefined reference to '__ubsan_handle_negate_overflow'
system/core/libcutils/fs.c:197: error: undefined reference to '__ubsan_handle_negate_overflow'
clang++: error: linker command failed with exit code 1 (use -v to see invocation)
[ 0% 5/20396] cc out/soong/.intermedi...ternal/google-benchmark/src/walltime.o
ninja: build stopped: subcommand failed.
make: *** [ninja_wrapper] Error 1

do you have any ideas?

[dragonltx]

PLATFORM_VERSION_CODENAME=REL
PLATFORM_VERSION=6.0.1
TARGET_PRODUCT=aosp_shamu
TARGET_BUILD_VARIANT=userdebug
TARGET_BUILD_TYPE=release
TARGET_BUILD_APPS=
TARGET_ARCH=arm
TARGET_ARCH_VARIANT=armv7-a-neon
TARGET_CPU_VARIANT=krait
TARGET_2ND_ARCH=
TARGET_2ND_ARCH_VARIANT=
TARGET_2ND_CPU_VARIANT=
HOST_ARCH=x86_64
HOST_2ND_ARCH=x86
HOST_OS=linux
HOST_OS_EXTRA=Linux-3.13.0-24-generic-x86_64-with-Ubuntu-14.04-trusty
HOST_CROSS_OS=windows
HOST_CROSS_ARCH=x86
HOST_CROSS_2ND_ARCH=x86_64
HOST_BUILD_TYPE=release
BUILD_ID=MASTER

OUT_DIR=out

[eugenis]

Yes, that looks familiar.
This was broken last week, and fixed on Friday in
https://android-review.googlesource.com/#/c/248512/
Please sync and try again :)

On Mon, Jul 18, 2016 at 12:50 AM, dragonltx [email protected]
wrote:

I test master branch:
make -j16:success
make USE_CLANG_PLATFORM_BUILD:=true SANITIZE_TARGET=address -j16:
system/core/libcutils/fs_config.c:223: error: undefined reference to
'__ubsan_handle_sub_overflow'
system/core/libcutils/fs_config.c:64: error: undefined reference to
'__ubsan_handle_shift_out_of_bounds'
system/core/libcutils/fs_config.c:65: error: undefined reference to
'__ubsan_handle_shift_out_of_bounds'
system/core/libcutils/fs_config.c:194: error: undefined reference to
'__ubsan_handle_sub_overflow'
system/core/libcutils/fs_config.c:195: error: undefined reference to
'__ubsan_handle_sub_overflow'
system/core/libcutils/fs_config.c:273: error: undefined reference to
'__ubsan_handle_add_overflow'
system/core/libcutils/fs_config.c:273: error: undefined reference to
'__ubsan_handle_add_overflow'
system/core/libcutils/fs_config.c:273: error: undefined reference to
'__ubsan_handle_add_overflow'
system/core/libcutils/fs_config.c:64: error: undefined reference to
'__ubsan_handle_shift_out_of_bounds'
system/core/libcutils/fs_config.c:65: error: undefined reference to
'__ubsan_handle_shift_out_of_bounds'
system/core/libcutils/canned_fs_config.c:76: error: undefined reference to
'__ubsan_handle_add_overflow'
system/core/libcutils/canned_fs_config.c:58: error: undefined reference to
'__ubsan_handle_mul_overflow'
system/core/libcutils/canned_fs_config.c:59: error: undefined reference to
'__ubsan_handle_mul_overflow'
system/core/libcutils/hashmap.c:54: error: undefined reference to
'__ubsan_handle_mul_overflow'
system/core/libcutils/hashmap.c:101: error: undefined reference to
'__ubsan_handle_sub_overflow'
system/core/libcutils/hashmap.c:106: error: undefined reference to
'__ubsan_handle_mul_overflow'
system/core/libcutils/sched_policy.c:283: error: undefined reference to
'__ubsan_handle_negate_overflow'
system/core/libcutils/sched_policy.c:363: error: undefined reference to
'__ubsan_handle_negate_overflow'
system/core/libcutils/fs.c:217: error: undefined reference to
'__ubsan_handle_negate_overflow'
system/core/libcutils/fs.c:197: error: undefined reference to
'__ubsan_handle_negate_overflow'
clang++: error: linker command failed with exit code 1 (use -v to see
invocation)
[ 0% 5/20396] cc
out/soong/.intermedi...ternal/google-benchmark/src/walltime.o
ninja: build stopped: subcommand failed.
make: *** [ninja_wrapper] Error 1

do you have any ideas?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#698 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAZuSjoxEh9wSP3Yj1d71LyBCpV70fw-ks5qWzBUgaJpZM4JKHfz
.

[dragonltx]

I sync and build with "make USE_CLANG_PLATFORM_BUILD:=true SANITIZE_TARGET=address -j16",it succeed!

but the crash stack from the logcat looks like the version build without asan:
01-01 04:05:14.447 11674 11679 F libc : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x13160 in tid 11679 (le.h264.decoder)
01-01 04:05:14.449 270 270 W : debuggerd: handling request: pid=11674 uid=2000 gid=2000 tid=11679
01-01 04:05:14.464 11687 11687 W debuggerd: type=1400 audit(0.0:18067): avc: denied { search } for name="tmp" dev="dm-1" ino=1068962 scontext=u:r:debuggerd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=dir permissive=0
01-01 04:05:14.484 11687 11687 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-01 04:05:14.486 11687 11687 F DEBUG : Build fingerprint: 'Android/aosp_shamu/shamu:6.0.1/MASTER/dragon07190128:userdebug/test-keys'
01-01 04:05:14.486 11687 11687 F DEBUG : Revision: '0'
01-01 04:05:14.487 11687 11687 F DEBUG : ABI: 'arm'
01-01 04:05:14.488 11687 11687 F DEBUG : pid: 11674, tid: 11679, name: le.h264.decoder >>> ./stagefright <<<
01-01 04:05:14.488 11687 11687 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x13160
01-01 04:05:14.488 11687 11687 F DEBUG : r0 b58811a4 r1 00000058 r2 00000006 r3 b6d433f6
01-01 04:05:14.489 11687 11687 F DEBUG : r4 b498060c r5 00000001 r6 b6d43444 r7 00000b06
01-01 04:05:14.489 11687 11687 F DEBUG : r8 00013000 r9 00000003 sl fffffffe fp 00000001
01-01 04:05:14.489 11687 11687 F DEBUG : ip 00000024 sp b5881190 lr b498060e pc b6d18764 cpsr 000f0030
01-01 04:05:14.555 11687 11687 F DEBUG :
01-01 04:05:14.555 11687 11687 F DEBUG : backtrace:
01-01 04:05:14.555 11687 11687 F DEBUG : #00 pc 00028764 /system/lib/libstagefright_soft_avcdec.so (ih264d_cavlc_4x4res_block_totalcoeff_2to10+715)
01-01 04:05:14.555 11687 11687 F DEBUG : #1 pc 000292b9 /system/lib/libstagefright_soft_avcdec.so (ih264d_cavlc_parse4x4coeff_n8+108)
01-01 04:05:14.555 11687 11687 F DEBUG : #2 pc 00029795 /system/lib/libstagefright_soft_avcdec.so (ih264d_cavlc_parse_8x8block_both_available+336)
01-01 04:05:14.555 11687 11687 F DEBUG : #3 pc 0002a0db /system/lib/libstagefright_soft_avcdec.so (ih264d_parse_residual4x4_cavlc+494)
01-01 04:05:14.555 11687 11687 F DEBUG : #4 pc 00018ed3 /system/lib/libstagefright_soft_avcdec.so (ih264d_parse_pmb_cavlc+1466)
01-01 04:05:14.555 11687 11687 F DEBUG : #5 pc 00019a79 /system/lib/libstagefright_soft_avcdec.so (ih264d_parse_inter_slice_data_cavlc+754)
01-01 04:05:14.555 11687 11687 F DEBUG : #6 pc 00027bc1 /system/lib/libstagefright_soft_avcdec.so (ih264d_parse_decode_slice+2756)
01-01 04:05:14.556 11687 11687 F DEBUG : #7 pc 0001fc2b /system/lib/libstagefright_soft_avcdec.so (ih264d_parse_nal_unit+118)
01-01 04:05:14.556 11687 11687 F DEBUG : #8 pc 0000c337 /system/lib/libstagefright_soft_avcdec.so (ih264d_video_decode+1210)
01-01 04:05:14.556 11687 11687 F DEBUG : #9 pc 0000ae2d /system/lib/libstagefright_soft_avcdec.so (android::SoftAVC::onQueueFilled(unsigned int)+504)
01-01 04:05:14.556 11687 11687 F DEBUG : #10 pc 00021ccd /system/lib/libstagefright_omx.so (android::SimpleSoftOMXComponent::onMessageReceived(android::spandroid::AMessage const&)+272)
01-01 04:05:14.557 11687 11687 F DEBUG : #11 pc 00022c9f /system/lib/libstagefright_omx.so (android::AHandlerReflectorandroid::SimpleSoftOMXComponent::onMessageReceived(android::spandroid::AMessage const&)+50)
01-01 04:05:14.557 11687 11687 F DEBUG : #12 pc 0000b5f1 /system/lib/libstagefright_foundation.so (android::AHandler::deliverMessage(android::spandroid::AMessage const&)+24)
01-01 04:05:14.557 11687 11687 F DEBUG : #13 pc 0000d89b /system/lib/libstagefright_foundation.so (android::AMessage::deliver()+62)
01-01 04:05:14.557 11687 11687 F DEBUG : #14 pc 0000c225 /system/lib/libstagefright_foundation.so (android::ALooper::loop()+568)
01-01 04:05:14.557 11687 11687 F DEBUG : #15 pc 0000d9e9 /system/lib/libutils.so (android::Thread::threadLoop(void)+152)
01-01 04:05:14.557 11687 11687 F DEBUG : #16 pc 000486c3 /system/lib/libc.so (_pthread_start(void)+22)
01-01 04:05:14.557 11687 11687 F DEBUG : #17 pc 0001a1cf /system/lib/libc.so (__start_thread+6)

not like this with asan:
===14639==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xaef03b32
at pc 0xb35b8bc0 bp 0xae3d9808 sp 0xae3d9804
WRITE of size 1 at 0xaef03b32 thread T5
#0 0xb35b8bbf in ih264d_decode_recon_tfr_nmb_thread
external/libavc/decoder/ih264d_thread_parse_decode.c:388
#1 0xb35b917f in ih264d_decode_slice_thread
external/libavc/decoder/ih264d_thread_parse_decode.c:585
#2 0xb35b9603 in ih264d_decode_picture_thread
external/libavc/decoder/ih264d_thread_parse_decode.c:602
#3 0xb4ff1adf in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:200
#4 0xb4fc44bb in __start_thread bionic/libc/bionic/clone.cpp:41

0xaef03b32 is located 0 bytes to the right of 690-byte region [0xaef03880,0xaef03b32)
allocated by thread T3 (le.h264.decoder) here:
#5 0xb5d1f3d3 in malloc_stats ??:?
#6 0xb357fe3b in
ih264d_allocate_dynamic_bufs external/libavc/decoder/ih264d_utils.c:1869
#7 0xb357ed13 in
ih264d_init_pic external/libavc/decoder/ih264d_utils.c:825
#8 0xb3596c9f in \

am i something wrong?

and which binary(https://developers.google.com/android/nexus/drivers#shamumob30o) do you build with the master branch?

[eugenis]

Does this happen early during boot? /data is mounted quite late, and
everything that starts before that would run with non-ASan libraries.

Did you flash the userdata partition?

/system/lib/libstagefright_soft_avcdec.so is a library built w/o ASan. It's
ASan counterpart could be found in /data/lib.

Hmm, I see you ran "./stagefright", probably from shell. Was it built with
ASan? You can verify that with "readelf -l", it should name
/system/bin/linker_asan as the interpreter.

On Tue, Jul 19, 2016 at 4:28 AM, dragonltx [email protected] wrote:

I sync and build with "make USE_CLANG_PLATFORM_BUILD:=true
SANITIZE_TARGET=address -j16",it succeed!

but the crash stack from the logcat looks like the version build without
asan:
01-01 04:05:14.447 11674 11679 F libc : Fatal signal 11 (SIGSEGV), code 1,
fault addr 0x13160 in tid 11679 (le.h264.decoder)
01-01 04:05:14.449 270 270 W : debuggerd: handling request: pid=11674
uid=2000 gid=2000 tid=11679
01-01 04:05:14.464 11687 11687 W debuggerd: type=1400 audit(0.0:18067):
avc: denied { search } for name="tmp" dev="dm-1" ino=1068962
scontext=u:r:debuggerd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=dir
permissive=0
01-01 04:05:14.484 11687 11687 F DEBUG : *** *** *** *** *** *** *** ***

---

01-01 04:05:14.486 11687 11687 F DEBUG : Build fingerprint:
'Android/aosp_shamu/shamu:6.0.1/MASTER/dragon07190128:userdebug/test-keys'
01-01 04:05:14.486 11687 11687 F DEBUG : Revision: '0'
01-01 04:05:14.487 11687 11687 F DEBUG : ABI: 'arm'
01-01 04:05:14.488 11687 11687 F DEBUG : pid: 11674, tid: 11679, name:
le.h264.decoder >>> ./stagefright <<<
01-01 04:05:14.488 11687 11687 F DEBUG : signal 11 (SIGSEGV), code 1
(SEGV_MAPERR), fault addr 0x13160
01-01 04:05:14.488 11687 11687 F DEBUG : r0 b58811a4 r1 00000058 r2
00000006 r3 b6d433f6
01-01 04:05:14.489 11687 11687 F DEBUG : r4 b498060c r5 00000001 r6
b6d43444 r7 00000b06
01-01 04:05:14.489 11687 11687 F DEBUG : r8 00013000 r9 00000003 sl
fffffffe fp 00000001
01-01 04:05:14.489 11687 11687 F DEBUG : ip 00000024 sp b5881190 lr
b498060e pc b6d18764 cpsr 000f0030
01-01 04:05:14.555 11687 11687 F DEBUG :
01-01 04:05:14.555 11687 11687 F DEBUG : backtrace:
01-01 04:05:14.555 11687 11687 F DEBUG : #00 pc 00028764
/system/lib/libstagefright_soft_avcdec.so
(ih264d_cavlc_4x4res_block_totalcoeff_2to10+715)
01-01 04:05:14.555 11687 11687 F DEBUG : #1
#1 pc 000292b9
/system/lib/libstagefright_soft_avcdec.so
(ih264d_cavlc_parse4x4coeff_n8+108)
01-01 04:05:14.555 11687 11687 F DEBUG : #2
#2 pc 00029795
/system/lib/libstagefright_soft_avcdec.so
(ih264d_cavlc_parse_8x8block_both_available+336)
01-01 04:05:14.555 11687 11687 F DEBUG : #3
#3 pc 0002a0db
/system/lib/libstagefright_soft_avcdec.so
(ih264d_parse_residual4x4_cavlc+494)
01-01 04:05:14.555 11687 11687 F DEBUG : #4
#4 pc 00018ed3
/system/lib/libstagefright_soft_avcdec.so (ih264d_parse_pmb_cavlc+1466)
01-01 04:05:14.555 11687 11687 F DEBUG : #5
#5 pc 00019a79
/system/lib/libstagefright_soft_avcdec.so
(ih264d_parse_inter_slice_data_cavlc+754)
01-01 04:05:14.555 11687 11687 F DEBUG : #6
#6 pc 00027bc1
/system/lib/libstagefright_soft_avcdec.so (ih264d_parse_decode_slice+2756)
01-01 04:05:14.556 11687 11687 F DEBUG : #7
#7 pc 0001fc2b
/system/lib/libstagefright_soft_avcdec.so (ih264d_parse_nal_unit+118)
01-01 04:05:14.556 11687 11687 F DEBUG : #8
#8 pc 0000c337
/system/lib/libstagefright_soft_avcdec.so (ih264d_video_decode+1210)
01-01 04:05:14.556 11687 11687 F DEBUG : #9
#9 pc 0000ae2d
/system/lib/libstagefright_soft_avcdec.so
(android::SoftAVC::onQueueFilled(unsigned int)+504)
01-01 04:05:14.556 11687 11687 F DEBUG : #10
#10 pc 00021ccd
/system/lib/libstagefright_omx.so
(android::SimpleSoftOMXComponent::onMessageReceived(android::spandroid::AMessage
const&)+272)
01-01 04:05:14.557 11687 11687 F DEBUG : #11
#11 pc 00022c9f
/system/lib/libstagefright_omx.so
(android::AHandlerReflectorandroid::SimpleSoftOMXComponent::onMessageReceived(android::spandroid::AMessage
const&)+50)
01-01 04:05:14.557 11687 11687 F DEBUG : #12
#12 pc 0000b5f1
/system/lib/libstagefright_foundation.so
(android::AHandler::deliverMessage(android::spandroid::AMessage const&)+24)
01-01 04:05:14.557 11687 11687 F DEBUG : #13
#13 pc 0000d89b
/system/lib/libstagefright_foundation.so (android::AMessage::deliver()+62)
01-01 04:05:14.557 11687 11687 F DEBUG : #14
#14 pc 0000c225
/system/lib/libstagefright_foundation.so (android::ALooper::loop()+568)
01-01 04:05:14.557 11687 11687 F DEBUG : #15
#15 pc 0000d9e9
/system/lib/libutils.so (android::Thread::_threadLoop(void
_)+152) 01-01 04:05:14.557 11687 11687 F DEBUG : #16
#16 pc 000486c3
/system/lib/libc.so (_pthread_start(void)+22)
01-01 04:05:14.557 11687 11687 F DEBUG : #17
#17 pc 0001a1cf
/system/lib/libc.so (__start_thread+6)

not like this with asan:
===14639==ERROR: AddressSanitizer: heap-buffer-overflow on address
0xaef03b32
at pc 0xb35b8bc0 bp 0xae3d9808 sp 0xae3d9804
WRITE of size 1 at 0xaef03b32 thread T5
#0 0xb35b8bbf in ih264d_decode_recon_tfr_nmb_thread
external/libavc/decoder/ih264d_thread_parse_decode.c:388
#1 #1 0xb35b917f in
ih264d_decode_slice_thread
external/libavc/decoder/ih264d_thread_parse_decode.c:585
#2 #2 0xb35b9603 in
ih264d_decode_picture_thread
external/libavc/decoder/ih264d_thread_parse_decode.c:602
#3 #3 0xb4ff1adf in
__pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:200
#4 #4 0xb4fc44bb in
__start_thread bionic/libc/bionic/clone.cpp:41

0xaef03b32 is located 0 bytes to the right of 690-byte region
[0xaef03880,0xaef03b32)
allocated by thread T3 (le.h264.decoder) here:
#5 https://github.com//issues/5 0xb5d1f3d3 in
malloc_stats ??:?
#6 https://github.com//issues/6 0xb357fe3b in
ih264d_allocate_dynamic_bufs external/libavc/decoder/ih264d_utils.c:1869
#7 https://github.com//issues/7 0xb357ed13 in
ih264d_init_pic external/libavc/decoder/ih264d_utils.c:825
#8 https://github.com//issues/8 0xb3596c9f in \

am i something wrong?

and which binary(
https://developers.google.com/android/nexus/drivers#shamumob30o) do you
build with the master branch?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#698 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAZuShYBkaGCcCxZgXJGtDcDXwAWLskIks5qXLTFgaJpZM4JKHfz
.

[eugenis]

As for the binaries, the master branch needs "preview" blobs from
https://developers.google.com/android/nexus/blobs-preview

On Tue, Jul 19, 2016 at 11:36 AM, Evgenii Stepanov <
[email protected]> wrote:

Does this happen early during boot? /data is mounted quite late, and
everything that starts before that would run with non-ASan libraries.

Did you flash the userdata partition?

/system/lib/libstagefright_soft_avcdec.so is a library built w/o ASan.
It's ASan counterpart could be found in /data/lib.

Hmm, I see you ran "./stagefright", probably from shell. Was it built with
ASan? You can verify that with "readelf -l", it should name
/system/bin/linker_asan as the interpreter.

On Tue, Jul 19, 2016 at 4:28 AM, dragonltx [email protected]
wrote:

I sync and build with "make USE_CLANG_PLATFORM_BUILD:=true
SANITIZE_TARGET=address -j16",it succeed!

but the crash stack from the logcat looks like the version build without
asan:
01-01 04:05:14.447 11674 11679 F libc : Fatal signal 11 (SIGSEGV), code
1, fault addr 0x13160 in tid 11679 (le.h264.decoder)
01-01 04:05:14.449 270 270 W : debuggerd: handling request: pid=11674
uid=2000 gid=2000 tid=11679
01-01 04:05:14.464 11687 11687 W debuggerd: type=1400 audit(0.0:18067):
avc: denied { search } for name="tmp" dev="dm-1" ino=1068962
scontext=u:r:debuggerd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=dir
permissive=0
01-01 04:05:14.484 11687 11687 F DEBUG : *** *** *** *** *** *** *** ***

---

01-01 04:05:14.486 11687 11687 F DEBUG : Build fingerprint:
'Android/aosp_shamu/shamu:6.0.1/MASTER/dragon07190128:userdebug/test-keys'
01-01 04:05:14.486 11687 11687 F DEBUG : Revision: '0'
01-01 04:05:14.487 11687 11687 F DEBUG : ABI: 'arm'
01-01 04:05:14.488 11687 11687 F DEBUG : pid: 11674, tid: 11679, name:
le.h264.decoder >>> ./stagefright <<<
01-01 04:05:14.488 11687 11687 F DEBUG : signal 11 (SIGSEGV), code 1
(SEGV_MAPERR), fault addr 0x13160
01-01 04:05:14.488 11687 11687 F DEBUG : r0 b58811a4 r1 00000058 r2
00000006 r3 b6d433f6
01-01 04:05:14.489 11687 11687 F DEBUG : r4 b498060c r5 00000001 r6
b6d43444 r7 00000b06
01-01 04:05:14.489 11687 11687 F DEBUG : r8 00013000 r9 00000003 sl
fffffffe fp 00000001
01-01 04:05:14.489 11687 11687 F DEBUG : ip 00000024 sp b5881190 lr
b498060e pc b6d18764 cpsr 000f0030
01-01 04:05:14.555 11687 11687 F DEBUG :
01-01 04:05:14.555 11687 11687 F DEBUG : backtrace:
01-01 04:05:14.555 11687 11687 F DEBUG : #00 pc 00028764
/system/lib/libstagefright_soft_avcdec.so
(ih264d_cavlc_4x4res_block_totalcoeff_2to10+715)
01-01 04:05:14.555 11687 11687 F DEBUG : #1
#1 pc 000292b9
/system/lib/libstagefright_soft_avcdec.so
(ih264d_cavlc_parse4x4coeff_n8+108)
01-01 04:05:14.555 11687 11687 F DEBUG : #2
#2 pc 00029795
/system/lib/libstagefright_soft_avcdec.so
(ih264d_cavlc_parse_8x8block_both_available+336)
01-01 04:05:14.555 11687 11687 F DEBUG : #3
#3 pc 0002a0db
/system/lib/libstagefright_soft_avcdec.so
(ih264d_parse_residual4x4_cavlc+494)
01-01 04:05:14.555 11687 11687 F DEBUG : #4
#4 pc 00018ed3
/system/lib/libstagefright_soft_avcdec.so (ih264d_parse_pmb_cavlc+1466)
01-01 04:05:14.555 11687 11687 F DEBUG : #5
#5 pc 00019a79
/system/lib/libstagefright_soft_avcdec.so
(ih264d_parse_inter_slice_data_cavlc+754)
01-01 04:05:14.555 11687 11687 F DEBUG : #6
#6 pc 00027bc1
/system/lib/libstagefright_soft_avcdec.so (ih264d_parse_decode_slice+2756)
01-01 04:05:14.556 11687 11687 F DEBUG : #7
#7 pc 0001fc2b
/system/lib/libstagefright_soft_avcdec.so (ih264d_parse_nal_unit+118)
01-01 04:05:14.556 11687 11687 F DEBUG : #8
#8 pc 0000c337
/system/lib/libstagefright_soft_avcdec.so (ih264d_video_decode+1210)
01-01 04:05:14.556 11687 11687 F DEBUG : #9
#9 pc 0000ae2d
/system/lib/libstagefright_soft_avcdec.so
(android::SoftAVC::onQueueFilled(unsigned int)+504)
01-01 04:05:14.556 11687 11687 F DEBUG : #10
#10 pc 00021ccd
/system/lib/libstagefright_omx.so
(android::SimpleSoftOMXComponent::onMessageReceived(android::spandroid::AMessage
const&)+272)
01-01 04:05:14.557 11687 11687 F DEBUG : #11
#11 pc 00022c9f
/system/lib/libstagefright_omx.so
(android::AHandlerReflectorandroid::SimpleSoftOMXComponent::onMessageReceived(android::spandroid::AMessage
const&)+50)
01-01 04:05:14.557 11687 11687 F DEBUG : #12
#12 pc 0000b5f1
/system/lib/libstagefright_foundation.so
(android::AHandler::deliverMessage(android::spandroid::AMessage const&)+24)
01-01 04:05:14.557 11687 11687 F DEBUG : #13
#13 pc 0000d89b
/system/lib/libstagefright_foundation.so (android::AMessage::deliver()+62)
01-01 04:05:14.557 11687 11687 F DEBUG : #14
#14 pc 0000c225
/system/lib/libstagefright_foundation.so (android::ALooper::loop()+568)
01-01 04:05:14.557 11687 11687 F DEBUG : #15
#15 pc 0000d9e9
/system/lib/libutils.so (android::Thread::_threadLoop(void
_)+152) 01-01 04:05:14.557 11687 11687 F DEBUG : #16
#16 pc 000486c3
/system/lib/libc.so (_pthread_start(void)+22)
01-01 04:05:14.557 11687 11687 F DEBUG : #17
#17 pc 0001a1cf
/system/lib/libc.so (__start_thread+6)

not like this with asan:
===14639==ERROR: AddressSanitizer: heap-buffer-overflow on address
0xaef03b32
at pc 0xb35b8bc0 bp 0xae3d9808 sp 0xae3d9804
WRITE of size 1 at 0xaef03b32 thread T5
#0 0xb35b8bbf in ih264d_decode_recon_tfr_nmb_thread
external/libavc/decoder/ih264d_thread_parse_decode.c:388
#1 #1 0xb35b917f in
ih264d_decode_slice_thread
external/libavc/decoder/ih264d_thread_parse_decode.c:585
#2 #2 0xb35b9603 in
ih264d_decode_picture_thread
external/libavc/decoder/ih264d_thread_parse_decode.c:602
#3 #3 0xb4ff1adf in
__pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:200
#4 #4 0xb4fc44bb in
__start_thread bionic/libc/bionic/clone.cpp:41

0xaef03b32 is located 0 bytes to the right of 690-byte region
[0xaef03880,0xaef03b32)
allocated by thread T3 (le.h264.decoder) here:
#5 https://github.com//issues/5 0xb5d1f3d3 in
malloc_stats ??:?
#6 https://github.com//issues/6 0xb357fe3b in
ih264d_allocate_dynamic_bufs external/libavc/decoder/ih264d_utils.c:1869
#7 https://github.com//issues/7 0xb357ed13 in
ih264d_init_pic external/libavc/decoder/ih264d_utils.c:825
#8 https://github.com//issues/8 0xb3596c9f in \

am i something wrong?

and which binary(
https://developers.google.com/android/nexus/drivers#shamumob30o) do you
build with the master branch?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#698 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAZuShYBkaGCcCxZgXJGtDcDXwAWLskIks5qXLTFgaJpZM4JKHfz
.

[dragonltx]

yeah! You are right!stagefright wasn't built with asan!

I build with asan,and the crash logcat is right with asan!

Thanks a lot!

[morehouse]

Looks resolved. Please re-open if not.

[sxdxwb]

I meet same problems like dragonltx. i pull -b android-6.0.0_r1 from android srouce code and download the nexus5 's device driver,then i directly build my Android 6.0.1_r46 source code with below commands:
make -j16
make USE_CLANG_PLATFORM_BUILD:=true SANITIZE_TARGET=address -j16.
The build got success, but after I flash the both userdata and system images to my device, I can't find the '/data/lib' path, I also can't find the path '/system/lib/asan' from the device.
what's the means of master branch?
android source code branch or others?