[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: building/using address-sanitizer-enabled emacs?
From: |
Jim Meyering |
Subject: |
Re: building/using address-sanitizer-enabled emacs? |
Date: |
Mon, 8 May 2017 22:48:06 -0700 |
On Mon, May 8, 2017 at 9:04 AM, Eli Zaretskii <address@hidden> wrote:
>> Cc: address@hidden, address@hidden
>> From: Paul Eggert <address@hidden>
>> Date: Mon, 8 May 2017 07:46:43 -0700
>>
>> Still, it would make Emacs performance worse and as I understand it this
>> is the main reason this approach has not been incorporated thus far.
>
> No, the reason is that the decision has not yet been made.
>
>> > This limitation is exactly the reason why we will soon have to decide
>> > whether we merge the branch and start using it, improving what can be
>> > improved and living with that which cannot, or keep using unexec
>> Those are not the only two choices available to us.
>
> What are the alternatives?
Hoping to make some progress, I built src/temacs with the kludgey
patch mentioned above (to work around the gcc7/8 ICE)
san='-fsanitize-address-use-after-scope -fsanitize=address
-static-libasan'; ./configure --without-gpm --without-x
--with-x-toolkit=no --with-png=no --with-jpeg=no --with-sound=no
CFLAGS="-O0 -ggdb3 $san" LDFLAGS="$san" && make
[note, that the build failed due to the aforementioned global buffer
overrun while dumping, but it did succeed in building src/temacs]
and tried to use it on a foo.gpg file like this:
echo foo |gpg -c > foo.gpg
src/temacs -q foo.gpg 2> err
which reported this stack buffer overrun:
==24522==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffd5cc4d928 at pc 0x00000073fd76 bp 0x7ffd5cc4d910 sp
0x7ffd5cc4d908
READ of size 8 at 0x7ffd5cc4d928 thread T0
#0 0x73fd75 in PSEUDOVECTORP /home/j/w/co/emacs/src/lisp.h:1454
#1 0x7438c9 in BUFFERP /home/j/w/co/emacs/src/buffer.h:887
#2 0x9c64b6 in call_process /home/j/w/co/emacs/src/callproc.c:702
#3 0x9c41db in Fcall_process /home/j/w/co/emacs/src/callproc.c:270
#4 0x8e3122 in funcall_subr /home/j/w/co/emacs/src/eval.c:2799
#5 0x8e2aa1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2744
#6 0x8e072d in Fapply /home/j/w/co/emacs/src/eval.c:2375
#7 0x8e3122 in funcall_subr /home/j/w/co/emacs/src/eval.c:2799
#8 0x8e2aa1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2744
#9 0x98c89b in exec_byte_code /home/j/w/co/emacs/src/bytecode.c:641
#10 0x8e4b55 in funcall_lambda /home/j/w/co/emacs/src/eval.c:3022
#11 0x8e2ae1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2746
#12 0x98c89b in exec_byte_code /home/j/w/co/emacs/src/bytecode.c:641
#13 0x8e4b55 in funcall_lambda /home/j/w/co/emacs/src/eval.c:3022
#14 0x8e2ae1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2746
#15 0x98c89b in exec_byte_code /home/j/w/co/emacs/src/bytecode.c:641
#16 0x8e4604 in funcall_lambda /home/j/w/co/emacs/src/eval.c:2944
#17 0x8e2ae1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2746
#18 0x98c89b in exec_byte_code /home/j/w/co/emacs/src/bytecode.c:641
#19 0x8e4604 in funcall_lambda /home/j/w/co/emacs/src/eval.c:2944
#20 0x8e2ae1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2746
#21 0x98c89b in exec_byte_code /home/j/w/co/emacs/src/bytecode.c:641
#22 0x8e4604 in funcall_lambda /home/j/w/co/emacs/src/eval.c:2944
#23 0x8e2ae1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2746
#24 0x8e072d in Fapply /home/j/w/co/emacs/src/eval.c:2375
#25 0x8e3122 in funcall_subr /home/j/w/co/emacs/src/eval.c:2799
#26 0x8e2aa1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2744
#27 0x98c89b in exec_byte_code /home/j/w/co/emacs/src/bytecode.c:641
#28 0x8e4604 in funcall_lambda /home/j/w/co/emacs/src/eval.c:2944
#29 0x8e2ae1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2746
#30 0x8e1f8d in call6 /home/j/w/co/emacs/src/eval.c:2649
#31 0x8034eb in Finsert_file_contents /home/j/w/co/emacs/src/fileio.c:3602
#32 0x8e367f in funcall_subr /home/j/w/co/emacs/src/eval.c:2831
#33 0x8e2aa1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2744
#34 0x98c89b in exec_byte_code /home/j/w/co/emacs/src/bytecode.c:641
#35 0x8e4604 in funcall_lambda /home/j/w/co/emacs/src/eval.c:2944
#36 0x8e2ae1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2746
#37 0x98c89b in exec_byte_code /home/j/w/co/emacs/src/bytecode.c:641
#38 0x8e4604 in funcall_lambda /home/j/w/co/emacs/src/eval.c:2944
#39 0x8e2ae1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2746
#40 0x98c89b in exec_byte_code /home/j/w/co/emacs/src/bytecode.c:641
#41 0x8e4604 in funcall_lambda /home/j/w/co/emacs/src/eval.c:2944
#42 0x8e2ae1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2746
#43 0x98c89b in exec_byte_code /home/j/w/co/emacs/src/bytecode.c:641
#44 0x8e4604 in funcall_lambda /home/j/w/co/emacs/src/eval.c:2944
#45 0x8e2ae1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2746
#46 0x98c89b in exec_byte_code /home/j/w/co/emacs/src/bytecode.c:641
#47 0x8e4604 in funcall_lambda /home/j/w/co/emacs/src/eval.c:2944
#48 0x8e2ae1 in Ffuncall /home/j/w/co/emacs/src/eval.c:2746
#49 0x98c89b in exec_byte_code /home/j/w/co/emacs/src/bytecode.c:641
#50 0x8e4604 in funcall_lambda /home/j/w/co/emacs/src/eval.c:2944
#51 0x8e3f96 in apply_lambda /home/j/w/co/emacs/src/eval.c:2881
#52 0x8df8ab in eval_sub /home/j/w/co/emacs/src/eval.c:2265
#53 0x8dda2c in Feval /home/j/w/co/emacs/src/eval.c:2042
#54 0x8df175 in eval_sub /home/j/w/co/emacs/src/eval.c:2223
#55 0x945574 in readevalloop /home/j/w/co/emacs/src/lread.c:1947
#56 0x9425f5 in Fload /home/j/w/co/emacs/src/lread.c:1352
#57 0x8df41e in eval_sub /home/j/w/co/emacs/src/eval.c:2234
#58 0x8dda2c in Feval /home/j/w/co/emacs/src/eval.c:2042
#59 0x751a34 in top_level_2 /home/j/w/co/emacs/src/keyboard.c:1121
#60 0x8d9c05 in internal_condition_case /home/j/w/co/emacs/src/eval.c:1326
#61 0x751a97 in top_level_1 /home/j/w/co/emacs/src/keyboard.c:1129
#62 0x8d83e9 in internal_catch /home/j/w/co/emacs/src/eval.c:1091
#63 0x751899 in command_loop /home/j/w/co/emacs/src/keyboard.c:1090
#64 0x75033f in recursive_edit_1 /home/j/w/co/emacs/src/keyboard.c:697
#65 0x7506dd in Frecursive_edit /home/j/w/co/emacs/src/keyboard.c:768
#66 0x74bbb9 in main /home/j/w/co/emacs/src/emacs.c:1687
#67 0x7f40c7732400 in __libc_start_main (/lib64/libc.so.6+0x20400)
#68 0x40d369 in _start (/home/j/w/co/emacs/src/temacs+0x40d369)
Address 0x7ffd5cc4d928 is located in stack of thread T0 at offset 136 in frame
#0 0x9c8c15 in child_setup /home/j/w/co/emacs/src/callproc.c:1179
This frame has 2 object(s):
[32, 40) 'display'
[96, 104) 'tmp' <== Memory access at offset 136 overflows this variable
HINT: this may be a false positive if your program uses some custom
stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow
/home/j/w/co/emacs/src/lisp.h:1454 in PSEUDOVECTORP
Shadow bytes around the buggy address:
0x10002b981ad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002b981ae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002b981af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002b981b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002b981b10: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2
=>0x10002b981b20: 00 f2 f2 f2 f3[f3]f3 f3 00 00 00 00 00 00 00 00
0x10002b981b30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002b981b40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002b981b50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002b981b60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002b981b70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==24522==ABORTING
- building/using address-sanitizer-enabled emacs?, Jim Meyering, 2017/05/06
- Re: building/using address-sanitizer-enabled emacs?, Paul Eggert, 2017/05/07
- Re: building/using address-sanitizer-enabled emacs?, Jim Meyering, 2017/05/07
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/07
- Re: building/using address-sanitizer-enabled emacs?, Paul Eggert, 2017/05/08
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/08
- Re: building/using address-sanitizer-enabled emacs?, Paul Eggert, 2017/05/08
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/08
- Re: building/using address-sanitizer-enabled emacs?,
Jim Meyering <=
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/09
- Re: building/using address-sanitizer-enabled emacs?, Jim Meyering, 2017/05/09
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/09
- Re: building/using address-sanitizer-enabled emacs?, Paul Eggert, 2017/05/09
- Re: building/using address-sanitizer-enabled emacs?, Jim Meyering, 2017/05/09
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/09
- Re: building/using address-sanitizer-enabled emacs?, Paul Eggert, 2017/05/16
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/16
- Re: building/using address-sanitizer-enabled emacs?, Paul Eggert, 2017/05/17
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/17