Patchwork Extend tst-{atexit,at_quick_exit,cxa_atexit,onexit} to verify minimum number of supported handlers

login
register
mail settings
Submitter Paul Pluzhnikov
Date Sept. 1, 2017, 6:37 p.m.
Message ID <CALoOobM+oSrBfSiJvZY_NrSp0uw5cw0UzqJC9P80S78j6J0GHQ@mail.gmail.com>
Download mbox | patch
Permalink /patch/22565/
State New
Headers show

Comments

Paul Pluzhnikov - Sept. 1, 2017, 6:37 p.m.
On Fri, Sep 1, 2017 at 11:03 AM, H.J. Lu <hjl.tools@gmail.com> wrote:

> It failed on Linux/i686:

The "crumbs" buffer was not sized correctly, and I had global buffer overflow:

==71453==ERROR: AddressSanitizer: global-buffer-overflow on address
0x0000006023c0 at pc 0x000000400e84 bp 0x7ffe059dc370 sp
0x7ffe059dc368
WRITE of size 1 at 0x0000006023c0 thread T0
    #0 0x400e83 in fn1 ../stdlib/tst-atexit-common.c:53
    #1 0x7ff8af2da1a8  (/lib/x86_64-linux-gnu/libc.so.6+0x3c1a8)
    #2 0x7ff8af2da1f4 in exit (/lib/x86_64-linux-gnu/libc.so.6+0x3c1f4)
    #3 0x400bf5 in do_test ../stdlib/tst-atexit-common.c:140
    #4 0x400bf5 in main ../stdlib/tst-atexit-common.c:143
    #5 0x7ff8af2bff44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #6 0x400d39  (/glibc-git/stdlib/a.out+0x400d39)

0x0000006023c0 is located 0 bytes to the right of global variable
'crumbs' defined in '../stdlib/tst-atexit-common.c:33:13' (0x6023a0)
of size 32

Sorry about that. Committed attached fix.
H.J. Lu - Sept. 1, 2017, 6:51 p.m.
On Fri, Sep 1, 2017 at 11:37 AM, Paul Pluzhnikov <ppluzhnikov@google.com> wrote:
> On Fri, Sep 1, 2017 at 11:03 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
>
>> It failed on Linux/i686:
>
> The "crumbs" buffer was not sized correctly, and I had global buffer overflow:
>
> ==71453==ERROR: AddressSanitizer: global-buffer-overflow on address
> 0x0000006023c0 at pc 0x000000400e84 bp 0x7ffe059dc370 sp
> 0x7ffe059dc368
> WRITE of size 1 at 0x0000006023c0 thread T0
>     #0 0x400e83 in fn1 ../stdlib/tst-atexit-common.c:53
>     #1 0x7ff8af2da1a8  (/lib/x86_64-linux-gnu/libc.so.6+0x3c1a8)
>     #2 0x7ff8af2da1f4 in exit (/lib/x86_64-linux-gnu/libc.so.6+0x3c1f4)
>     #3 0x400bf5 in do_test ../stdlib/tst-atexit-common.c:140
>     #4 0x400bf5 in main ../stdlib/tst-atexit-common.c:143
>     #5 0x7ff8af2bff44 in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
>     #6 0x400d39  (/glibc-git/stdlib/a.out+0x400d39)
>
> 0x0000006023c0 is located 0 bytes to the right of global variable
> 'crumbs' defined in '../stdlib/tst-atexit-common.c:33:13' (0x6023a0)
> of size 32
>
> Sorry about that. Committed attached fix.
>

I still got

[hjl@gnu-6 build-i686-linux]$ ./stdlib/tst-tls-atexit
tst-tls-atexit: allocatestack.c:530: allocate_stack: Assertion `size
!= 0' failed.
Didn't expect signal from child: got `Aborted'
[hjl@gnu-6 build-i686-linux]$
Paul Pluzhnikov - Sept. 1, 2017, 7:09 p.m.
On Fri, Sep 1, 2017 at 11:51 AM, H.J. Lu <hjl.tools@gmail.com> wrote:

> I still got
>
> [hjl@gnu-6 build-i686-linux]$ ./stdlib/tst-tls-atexit
> tst-tls-atexit: allocatestack.c:530: allocate_stack: Assertion `size != 0' failed.
> Didn't expect signal from child: got `Aborted'

This doesn't look like something that would be caused by my patch. It
also doesn't reproduce for me.

Are you sure you don't have an inconsistent build or other local changes?

Thanks,
H.J. Lu - Sept. 1, 2017, 7:12 p.m.
On Fri, Sep 1, 2017 at 12:09 PM, Paul Pluzhnikov <ppluzhnikov@google.com> wrote:
> On Fri, Sep 1, 2017 at 11:51 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
>
>> I still got
>>
>> [hjl@gnu-6 build-i686-linux]$ ./stdlib/tst-tls-atexit
>> tst-tls-atexit: allocatestack.c:530: allocate_stack: Assertion `size != 0' failed.
>> Didn't expect signal from child: got `Aborted'
>
> This doesn't look like something that would be caused by my patch. It
> also doesn't reproduce for me.
>
> Are you sure you don't have an inconsistent build or other local changes?

False alarm.  They passed after I did a clean build.

Thanks.

Patch

diff --git a/stdlib/tst-atexit-common.c b/stdlib/tst-atexit-common.c
index d6dcf08cdd..9ab8c1aea5 100644
--- a/stdlib/tst-atexit-common.c
+++ b/stdlib/tst-atexit-common.c
@@ -30,7 +30,10 @@ 
    check that we support at least the minimum required.  */
 #define MAX_ATEXIT 32
 
-static char crumbs[MAX_ATEXIT];
+/* Arbitrary sequence matching current registrations.  */
+const char expected[] = "00000000000000000000000003021121130211";
+
+static char crumbs[sizeof (expected)];
 static int next_slot = 0;
 
 /* Helper: flush stdout and _exit.  */
@@ -71,9 +74,6 @@  fn3 (void)
 static void
 fn_final (void)
 {
-  /* Arbitrary sequence matching current registrations.  */
-  const char expected[] = "00000000000000000000000003021121130211";
-
   if (strcmp (crumbs, expected) == 0)
     _exit_with_flush (0);