[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ASAN crash
From: |
Po Lu |
Subject: |
ASAN crash |
Date: |
Sun, 30 Oct 2022 08:47:30 +0800 |
I got this hitting C-g. Anyone know what the problem is? I don't
understand what that code is doing with jmp_bufs.
==2667724==ERROR: AddressSanitizer: stack-buffer-underflow on address
0x7ffec5617e60 at pc 0x7f912ac49e0b bp 0x7ffec5617e00 sp 0x7ffec56175b0
READ of size 200 at 0x7ffec5617e60 thread T0
#0 0x7f912ac49e0a in __interceptor_memcpy (/lib64/libasan.so.8+0x49e0a)
#1 0x761d5c in restore_getcjmp (/path/to/emacs/src/emacs+0x761d5c)
#2 0x8b9837 in unbind_to (/path/to/emacs/src/emacs+0x8b9837)
#3 0x788345 in read_char (/path/to/emacs/src/emacs+0x788345)
#4 0x78c991 in read_key_sequence (/path/to/emacs/src/emacs+0x78c991)
#5 0x791b8b in command_loop_1 (/path/to/emacs/src/emacs+0x791b8b)
#6 0x8b5f89 in internal_condition_case (/path/to/emacs/src/emacs+0x8b5f89)
#7 0x7615f4 in command_loop_2 (/path/to/emacs/src/emacs+0x7615f4)
#8 0x8b5da4 in internal_catch (/path/to/emacs/src/emacs+0x8b5da4)
#9 0x7614c9 in command_loop (/path/to/emacs/src/emacs+0x7614c9)
#10 0x76ced6 in recursive_edit_1 (/path/to/emacs/src/emacs+0x76ced6)
#11 0x7f2fb6 in Fread_from_minibuffer (/path/to/emacs/src/emacs+0x7f2fb6)
#12 0x8c0857 in funcall_subr (/path/to/emacs/src/emacs+0x8c0857)
#13 0x96b38c in exec_byte_code (/path/to/emacs/src/emacs+0x96b38c)
#14 0x8c5b0a in funcall_lambda (/path/to/emacs/src/emacs+0x8c5b0a)
#15 0x8c6424 in funcall_general (/path/to/emacs/src/emacs+0x8c6424)
#16 0x8ba8e6 in Ffuncall (/path/to/emacs/src/emacs+0x8ba8e6)
#17 0x7e84b1 in Fcompleting_read (/path/to/emacs/src/emacs+0x7e84b1)
#18 0x8c09dc in funcall_subr (/path/to/emacs/src/emacs+0x8c09dc)
#19 0x96b38c in exec_byte_code (/path/to/emacs/src/emacs+0x96b38c)
#20 0x96b539 in Fbyte_code (/path/to/emacs/src/emacs+0x96b539)
#21 0x8c43eb in eval_sub (/path/to/emacs/src/emacs+0x8c43eb)
#22 0x8c9d56 in Feval (/path/to/emacs/src/emacs+0x8c9d56)
#23 0x8b084e in Fcall_interactively (/path/to/emacs/src/emacs+0x8b084e)
#24 0x8c0471 in funcall_subr (/path/to/emacs/src/emacs+0x8c0471)
#25 0x96b38c in exec_byte_code (/path/to/emacs/src/emacs+0x96b38c)
#26 0x8c5b0a in funcall_lambda (/path/to/emacs/src/emacs+0x8c5b0a)
#27 0x8c6424 in funcall_general (/path/to/emacs/src/emacs+0x8c6424)
#28 0x8ba8e6 in Ffuncall (/path/to/emacs/src/emacs+0x8ba8e6)
#29 0x8af978 in Ffuncall_interactively (/path/to/emacs/src/emacs+0x8af978)
#30 0x8c0a6f in funcall_subr (/path/to/emacs/src/emacs+0x8c0a6f)
#31 0x8c644f in funcall_general (/path/to/emacs/src/emacs+0x8c644f)
#32 0x8ba8e6 in Ffuncall (/path/to/emacs/src/emacs+0x8ba8e6)
#33 0x8bb428 in Fapply (/path/to/emacs/src/emacs+0x8bb428)
#34 0x8b0c60 in Fcall_interactively (/path/to/emacs/src/emacs+0x8b0c60)
#35 0x8c0471 in funcall_subr (/path/to/emacs/src/emacs+0x8c0471)
#36 0x96b38c in exec_byte_code (/path/to/emacs/src/emacs+0x96b38c)
#37 0x8c5b0a in funcall_lambda (/path/to/emacs/src/emacs+0x8c5b0a)
#38 0x8c6424 in funcall_general (/path/to/emacs/src/emacs+0x8c6424)
#39 0x8ba8e6 in Ffuncall (/path/to/emacs/src/emacs+0x8ba8e6)
#40 0x792236 in command_loop_1 (/path/to/emacs/src/emacs+0x792236)
#41 0x8b5f89 in internal_condition_case (/path/to/emacs/src/emacs+0x8b5f89)
#42 0x7615f4 in command_loop_2 (/path/to/emacs/src/emacs+0x7615f4)
#43 0x8b5da4 in internal_catch (/path/to/emacs/src/emacs+0x8b5da4)
#44 0x761599 in command_loop (/path/to/emacs/src/emacs+0x761599)
#45 0x76ced6 in recursive_edit_1 (/path/to/emacs/src/emacs+0x76ced6)
#46 0x76d6b1 in Frecursive_edit (/path/to/emacs/src/emacs+0x76d6b1)
#47 0x75fe0a in main (/path/to/emacs/src/emacs+0x75fe0a)
#48 0x7f9128a2954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f)
#49 0x7f9128a29608 in __libc_start_main@@GLIBC_2.34
(/lib64/libc.so.6+0x29608)
#50 0x419c54 in _start (/path/to/emacs/src/emacs+0x419c54)
Address 0x7ffec5617e60 is located in stack of thread T0 at offset 0 in frame
#0 0x8b9563 in unbind_to (/path/to/emacs/src/emacs+0x8b9563)
This frame has 2 object(s):
[32, 40) 'count' (line 3730) <== Memory access at offset 0 partially
underflows this variable
[64, 96) 'this_binding' (line 3744) <== Memory access at offset 0 partially
underflows this variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-underflow (/lib64/libasan.so.8+0x49e0a)
in __interceptor_memcpy
Shadow bytes around the buggy address:
0x100058abaf70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100058abaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100058abaf90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100058abafa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100058abafb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100058abafc0: 00 00 00 00 00 00 00 00 00 00 00 00[f1]f1 f1 f1
0x100058abafd0: 00 f2 f2 f2 00 00 00 00 f3 f3 f3 f3 00 00 00 00
0x100058abafe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100058abaff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100058abb000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100058abb010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2667724==ABORTING
[Prev in Thread] |
Current Thread |
[Next in Thread] |