You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
=================================================================
==534898==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe820f6400 at pc 0x7fdc0905ca6a bp 0x7ffe820f63c0 sp 0x7ffe820f5b68
WRITE of size 128 at 0x7ffe820f6400 thread T0
#0 0x7fdc0905ca69 in __interceptor_sigemptyset ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:3959 #1 0x56475fb4299b in mask_signals /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/shared/platform/common/posix/posix_thread.c:580 #2 0x56475faf637d in call_wasm_with_hw_bound_check /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/iwasm/interpreter/wasm_runtime.c:3353 #3 0x56475faf8ba2 in wasm_call_function /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/iwasm/interpreter/wasm_runtime.c:3380 #4 0x56475fae9a50 in wasm_runtime_call_wasm /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/iwasm/common/wasm_runtime_common.c:2423 #5 0x56475fae0e53 in execute_main /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/iwasm/common/wasm_application.c:126 #6 0x56475fae0e53 in wasm_application_execute_main /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/iwasm/common/wasm_application.c:285 #7 0x56475fada8e6 in app_instance_main /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/product-mini/platforms/linux/../posix/main.c:119 #8 0x56475fada8e6 in main /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/product-mini/platforms/linux/../posix/main.c:995 #9 0x7fdc08cdc082 in __libc_start_main ../csu/libc-start.c:308 #10 0x56475fadbffd in _start (/home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/product-mini/platforms/linux/build/iwasm+0x22ffd)
Address 0x7ffe820f6400 is located in stack of thread T0 at offset 160 in frame
#0 0x56475fbbc94f in wasm_interp_call_wasm /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/iwasm/interpreter/wasm_interp_classic.c:7121
This frame has 1 object(s):
[32, 160) 'buf' (line 7129) <== Memory access at offset 160 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:3959 in __interceptor_sigemptyset
Shadow bytes around the buggy address:
0x100050416c30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100050416c40: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 f2
0x100050416c50: f2 f2 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
0x100050416c60: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x100050416c70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100050416c80:[f3]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x100050416c90: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1
0x100050416ca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100050416cb0: 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3
0x100050416cc0: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100050416cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==534898==ABORTING
@Messi-Q thanks for spotting the issue, from the call stack dumped, the stack-buffer-overflow occurs in function mask_signals in file posix_thread.c, L580:
But as you see, this function is set with __attribute__((no_sanitize_address)) which means address sanitizer should not be applied for it since it does some low-level magic (e.g. stack, signal related operations), but I am not sure why __attribute__((no_sanitize_address)) doesn't take effect in you environment. What is the compiler you used, is it clang or gcc? Could you modify the function to be like below:
Version
commit 0418041
Author: Peng Qian [email protected]
Date: Fri Jun 21:11:08 2024
Compile
Reproduce
ASAN Log
=================================================================
==534898==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe820f6400 at pc 0x7fdc0905ca6a bp 0x7ffe820f63c0 sp 0x7ffe820f5b68
WRITE of size 128 at 0x7ffe820f6400 thread T0
#0 0x7fdc0905ca69 in __interceptor_sigemptyset ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:3959
#1 0x56475fb4299b in mask_signals /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/shared/platform/common/posix/posix_thread.c:580
#2 0x56475faf637d in call_wasm_with_hw_bound_check /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/iwasm/interpreter/wasm_runtime.c:3353
#3 0x56475faf8ba2 in wasm_call_function /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/iwasm/interpreter/wasm_runtime.c:3380
#4 0x56475fae9a50 in wasm_runtime_call_wasm /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/iwasm/common/wasm_runtime_common.c:2423
#5 0x56475fae0e53 in execute_main /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/iwasm/common/wasm_application.c:126
#6 0x56475fae0e53 in wasm_application_execute_main /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/iwasm/common/wasm_application.c:285
#7 0x56475fada8e6 in app_instance_main /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/product-mini/platforms/linux/../posix/main.c:119
#8 0x56475fada8e6 in main /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/product-mini/platforms/linux/../posix/main.c:995
#9 0x7fdc08cdc082 in __libc_start_main ../csu/libc-start.c:308
#10 0x56475fadbffd in _start (/home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/product-mini/platforms/linux/build/iwasm+0x22ffd)
Address 0x7ffe820f6400 is located in stack of thread T0 at offset 160 in frame
#0 0x56475fbbc94f in wasm_interp_call_wasm /home/peng/Documents/all_wasm_vm/new_version_test/wasm-micro-runtime/core/iwasm/interpreter/wasm_interp_classic.c:7121
This frame has 1 object(s):
[32, 160) 'buf' (line 7129) <== Memory access at offset 160 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:3959 in __interceptor_sigemptyset
Shadow bytes around the buggy address:
0x100050416c30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100050416c40: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 f2
0x100050416c50: f2 f2 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
0x100050416c60: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x100050416c70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100050416c80:[f3]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x100050416c90: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1
0x100050416ca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100050416cb0: 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3
0x100050416cc0: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100050416cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==534898==ABORTING
PoC
PoC
The text was updated successfully, but these errors were encountered: