This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Extend tst-{atexit,at_quick_exit,cxa_atexit,onexit} to verify minimum number of supported handlers


On Fri, Sep 1, 2017 at 11:37 AM, Paul Pluzhnikov <ppluzhnikov@google.com> wrote:
> On Fri, Sep 1, 2017 at 11:03 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
>
>> It failed on Linux/i686:
>
> The "crumbs" buffer was not sized correctly, and I had global buffer overflow:
>
> ==71453==ERROR: AddressSanitizer: global-buffer-overflow on address
> 0x0000006023c0 at pc 0x000000400e84 bp 0x7ffe059dc370 sp
> 0x7ffe059dc368
> WRITE of size 1 at 0x0000006023c0 thread T0
>     #0 0x400e83 in fn1 ../stdlib/tst-atexit-common.c:53
>     #1 0x7ff8af2da1a8  (/lib/x86_64-linux-gnu/libc.so.6+0x3c1a8)
>     #2 0x7ff8af2da1f4 in exit (/lib/x86_64-linux-gnu/libc.so.6+0x3c1f4)
>     #3 0x400bf5 in do_test ../stdlib/tst-atexit-common.c:140
>     #4 0x400bf5 in main ../stdlib/tst-atexit-common.c:143
>     #5 0x7ff8af2bff44 in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
>     #6 0x400d39  (/glibc-git/stdlib/a.out+0x400d39)
>
> 0x0000006023c0 is located 0 bytes to the right of global variable
> 'crumbs' defined in '../stdlib/tst-atexit-common.c:33:13' (0x6023a0)
> of size 32
>
> Sorry about that. Committed attached fix.
>

I still got

[hjl@gnu-6 build-i686-linux]$ ./stdlib/tst-tls-atexit
tst-tls-atexit: allocatestack.c:530: allocate_stack: Assertion `size
!= 0' failed.
Didn't expect signal from child: got `Aborted'
[hjl@gnu-6 build-i686-linux]$


-- 
H.J.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]