Re: GNU poke 2.0.92 with ubsan

epsilon-devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU poke 2.0.92 with ubsan

From:	Bruno Haible
Subject:	Re: GNU poke 2.0.92 with ubsan
Date:	Mon, 07 Feb 2022 00:22:51 +0100
I wanted to look for more undefined behaviour, so (on x86_64)
I built poke-2.0.92 with
  CC="gcc -fsanitize=undefined"; export CC
  CFLAGS="-O1 -fno-omit-frame-pointer -g"; export CFLAGS

The compilation works fine. But all tests fail.

$ ./run poke/poke
FATAL ERROR: buffer overflow in writing executable code: crash now, in case we 
have not crashed already

$ ./run strace poke/poke
...
openat(AT_FDCWD, "/tmp/poke-2.0.92/libpoke/pkl-rt.pk", O_RDONLY) = 3
ioctl(3, TCGETS, 0x7ffc879ffca0)        = -1 ENOTTY (Inappropriate ioctl for 
device)
fstat(3, {st_mode=S_IFREG|0644, st_size=16728, ...}) = 0
read(3, "/* pkl-rt.pk - Run-time library "..., 8192) = 8192
brk(0x558cec66d000)                     = 0x558cec66d000
brk(0x558cec669000)                     = 0x558cec669000
brk(0x558cec665000)                     = 0x558cec665000
brk(0x558cec686000)                     = 0x558cec686000
read(3, " DEPTH, indentation step ISTEP a"..., 8192) = 8192
brk(0x558cec6a8000)                     = 0x558cec6a8000
brk(0x558cec6a4000)                     = 0x558cec6a4000
brk(0x558cec6c5000)                     = 0x558cec6c5000
read(3, "are/poke:\" + load_path;\n  catch "..., 8192) = 344
read(3, "", 4096)                       = 0
read(3, "", 8192)                       = 0
ioctl(3, TCGETS, 0x7ffc879ffca0)        = -1 ENOTTY (Inappropriate ioctl for 
device)
brk(0x558cec6e6000)                     = 0x558cec6e6000
mmap(0x7fd3eebf9000, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 
-1, 0) = 0x7fd3eebd9000
mmap(0x7fd3eebe9000, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 
-1, 0) = 0x7fd3eebc9000
brk(0x558cec707000)                     = 0x558cec707000
mmap(0x7fd3eebd9000, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 
-1, 0) = 0x7fd3eebb9000
mmap(NULL, 1044480, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, 
-1, 0) = 0x7fd3ee67b000
munmap(0x7fd3ee67b000, 20480)           = 0
munmap(0x7fd3ee700000, 499712)          = 0
brk(0x558cec729000)                     = 0x558cec729000
mmap(NULL, 1044480, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, 
-1, 0) = 0x7fd3ee581000
munmap(0x7fd3ee581000, 520192)          = 0
fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x88, 0x32), ...}) = 0
write(1, "FATAL ERROR: buffer overflow in "..., 104FATAL ERROR: buffer overflow 
in writing executable code: crash now, in case we have not crashed already
) = 104
exit_group(1)                           = ?
+++ exited with 1 +++

After recompiling with --disable-shared, I get this stack trace:
$ ./run gdb poke/poke
...
#4  _IO_new_do_write (fp=fp@entry=0x7ffff7f9f6a0 <_IO_2_1_stdout_>, 
    data=0x55555601cd10 "FATAL ERROR: buffer overflow in writing executable 
code: crash now, in case we have not crashed already\n", 'v' <repeats 96 
times>..., to_do=104) at fileops.c:423
#5  0x00007ffff7e47013 in _IO_new_file_overflow (f=0x7ffff7f9f6a0 
<_IO_2_1_stdout_>, ch=10) at fileops.c:784
#6  0x00007ffff7e3c482 in putchar (c=c@entry=10) at putchar.c:28
#7  0x0000555555c30cf8 in printf (__fmt=<synthetic pointer>) at 
/usr/include/x86_64-linux-gnu/bits/stdio2.h:107
#8  jitter_replicate_program (p=p@entry=0x5555560050b0) at 
jitter/jitter-replicate.c:545
#9  0x0000555555aefe19 in jitter_make_executable_routine 
(p=p@entry=0x5555560050b0) at jitter/jitter-specialize.c:356
#10 0x0000555555aeed09 in jitter_routine_make_executable_if_needed 
(r=r@entry=0x5555560050b0) at jitter/jitter-routine.c:94
#11 0x0000555555adc026 in pvm_program_make_executable (program=<optimized out>) 
at pvm-program.c:247
#12 0x0000555555a8653a in pkl_gen_pr_decl (_compiler=<optimized out>, 
_compiler@entry=0x555555f10b10, _toplevel=<optimized out>, 
    _toplevel@entry=0x7fffffffc810, _ast=<optimized out>, 
_ast@entry=0x555555f10a70, _node=<optimized out>, _node@entry=0x555555f53df0, 
    _payload=<optimized out>, _restart=<optimized out>, 
_restart@entry=0x7fffffffc594, _child_pos=88, _parent=0x555555f9a050, 
    _dobreak=0x7fffffffc590, _payloads=0x7fffffffc978, _phases=0x7fffffffc980, 
_flags=0, _level=0) at pkl-gen.c:350
#13 0x000055555591d238 in pkl_call_node_handlers 
(compiler=compiler@entry=0x555555f10b10, 
toplevel=toplevel@entry=0x7fffffffc810, 
    ast=ast@entry=0x555555f10a70, node=node@entry=0x555555f53df0, 
payloads=payloads@entry=0x7fffffffc978, phases=phases@entry=0x7fffffffc980, 
    handlers_used=0x7fffffffc68c, child_pos=88, parent=0x555555f9a050, 
_dobreak=0x7fffffffc690, order=0, flags=0, level=0) at pkl-pass.c:204
#14 0x000055555592650f in pkl_do_pass_1 
(compiler=compiler@entry=0x555555f10b10, 
toplevel=toplevel@entry=0x7fffffffc810, 
    ast=ast@entry=0x555555f10a70, node=node@entry=0x555555f53df0, 
child_pos=child_pos@entry=88, parent=parent@entry=0x555555f9a050, 
    payloads=0x7fffffffc978, phases=0x7fffffffc980, flags=0, level=0) at 
pkl-pass.c:315
#15 0x0000555555926a70 in pkl_do_pass_1 
(compiler=compiler@entry=0x555555f10b10, 
toplevel=toplevel@entry=0x7fffffffc810, 
    ast=ast@entry=0x555555f10a70, node=node@entry=0x555555f9a050, 
child_pos=child_pos@entry=0, parent=parent@entry=0x0, payloads=0x7fffffffc978, 
    phases=0x7fffffffc980, flags=0, level=0) at pkl-pass.c:344
#16 0x000055555592c5a2 in pkl_do_subpass 
(compiler=compiler@entry=0x555555f10b10, ast=ast@entry=0x555555f10a70, 
node=0x555555f9a050, 
    phases=phases@entry=0x7fffffffc980, payloads=payloads@entry=0x7fffffffc978, 
flags=flags@entry=0, level=0) at pkl-pass.c:639
#17 0x000055555592c661 in pkl_do_pass (compiler=compiler@entry=0x555555f10b10, 
ast=ast@entry=0x555555f10a70, phases=phases@entry=0x7fffffffc980, 
    payloads=payloads@entry=0x7fffffffc978, flags=flags@entry=0, 
level=level@entry=0) at pkl-pass.c:661
#18 0x00005555558d80c8 in rest_of_compilation 
(compiler=compiler@entry=0x555555f10b10, ast=0x555555f10a70, 
env=0x555555f22b10) at pkl.c:290
#19 0x00005555558d8b31 in pkl_execute_file 
(compiler=compiler@entry=0x555555f10b10, 
    fname=fname@entry=0x555555f10d60 "/tmp/poke-2.0.92/libpoke/pkl-rt.pk", 
exit_exception=exit_exception@entry=0x7fffffffd6f0) at pkl.c:513
#20 0x00005555558d8db1 in pkl_load_rt (poke_rt_pk=0x555555f10d60 
"/tmp/poke-2.0.92/libpoke/pkl-rt.pk", compiler=0x555555f10b10) at pkl.c:129
#21 pkl_new (vm=vm@entry=0x555555f07e70, rt_path=rt_path@entry=0x7fffffffe022 
"/tmp/poke-2.0.92/libpoke", flags=flags@entry=0) at pkl.c:129
#22 0x00005555558d030e in pk_compiler_new_with_flags (term_if=<optimized out>, 
flags=flags@entry=0) at libpoke.c:78
#23 0x00005555558d0645 in pk_compiler_new (term_if=<optimized out>) at 
libpoke.c:99
#24 0x000055555589e4f8 in initialize (argv=0x7fffffffd8c8, argc=1) at poke.c:587
#25 main (argc=1, argv=0x7fffffffd8c8) at poke.c:784

Hmm?
[Prev in Thread]
Current Thread
[Next in Thread]
Re: GNU poke 2.0.92 with ubsan, Bruno Haible <=
- Re: GNU poke 2.0.92 with ubsan, Mohammad-Reza Nabipoor, 2022/02/06
Prev by Date: Re: GNU poke 2.0.92 on alpha
Next by Date: Re: GNU poke 2.0.92 with ubsan
Previous by thread: Re: GNU poke 2.0.92 on alpha
Next by thread: Re: GNU poke 2.0.92 with ubsan
Index(es):
- Date
- Thread