Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lru_cache_test and hash_table_test fail AddressSanitizer #468

Closed
jkuszmaul opened this issue Jul 25, 2019 · 1 comment
Closed

lru_cache_test and hash_table_test fail AddressSanitizer #468

jkuszmaul opened this issue Jul 25, 2019 · 1 comment
Labels
bug This issue is a bug. needs-review This issue or pull request needs review from a core team member. p3 This is a minor priority issue

Comments

@jkuszmaul
Copy link

jkuszmaul commented Jul 25, 2019
edited
Loading

On v0.4.2 (018e74c), the following tests appear to fail with asan compiled with either gcc or clang:

test_hash_table_create_find
test_hash_table_string_create_find
test_hash_table_string_clean_up
test_hash_table_hash_overwrite
test_hash_table_hash_remove
test_hash_table_hash_clear_allows_cleanup
test_hash_table_byte_cursor_create_find
test_lru_cache_overflow_static_members
test_lru_cache_lru_ness_static_members
test_lru_cache_entries_cleanup
test_lru_cache_entries_cleanup
test_lru_cache_overwrite
test_lru_cache_element_access_members

Is this expected?

Sample failure:

=================================================================
==14==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55e94a5be484 at pc 0x7f040beac27f bp 0x7fff0828f690 sp 0x7fff0828f688
READ of size 4 at 0x55e94a5be484 thread T0
    #0 0x7f040beac27e in hashlittle2 /proc/self/cwd/third_party/aws_c_common/include/aws/common/private/lookup3.inl:551:17
    #1 0x7f040beaad8e in aws_hash_c_string /proc/self/cwd/third_party/aws_c_common/source/hash_table.c:958:5
    #2 0x7f040bea8402 in s_hash_for /proc/self/cwd/third_party/aws_c_common/source/hash_table.c:58:26
    #3 0x7f040bea8402 in aws_hash_table_create /proc/self/cwd/third_party/aws_c_common/source/hash_table.c:528
    #4 0x55e94a51df85 in s_test_hash_table_create_find_fn /proc/self/cwd/third_party/aws_c_common/tests/hash_table_test.c:67:16
    #5 0x55e94a51d5a4 in s_aws_run_test_case /proc/self/cwd/third_party/aws_c_common/include/aws/testing/aws_test_harness.h:390:19
    #6 0x55e94a4c8ed3 in main /proc/self/cwd/bazel-out/k8-opt-asan/genfiles/third_party/aws_c_common/test_runner.c:708:20
    #7 0x7f040ac3d2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
    #8 0x55e94a414465 in _start (/x2/home/james/.cache/bazel/_bazel_james/a4cb2cd708de4c2f2bdeacec8e67447d/execroot/com_peloton_tech/bazel-out/k8-opt-asan/bin/third_party/aws_c_common/all_tests+0xb3465)

0x55e94a5be484 is located 60 bytes to the left of global variable '<string literal>' defined in 'third_party/aws_c_common/tests/hash_table_test.c:26:37' (0x55e94a5be4c0) of size 8
  '<string literal>' is ascii string 'value 1'
0x55e94a5be487 is located 0 bytes to the right of global variable '<string literal>' defined in 'third_party/aws_c_common/tests/hash_table_test.c:23:33' (0x55e94a5be480) of size 7
  '<string literal>' is ascii string 'test 1'
SUMMARY: AddressSanitizer: global-buffer-overflow /proc/self/cwd/third_party/aws_c_common/include/aws/common/private/lookup3.inl:551:17 in hashlittle2
Shadow bytes around the buggy address:
  0x0abda94afc40: 00 07 f9 f9 f9 f9 f9 f9 00 00 00 03 f9 f9 f9 f9
  0x0abda94afc50: 00 00 00 06 f9 f9 f9 f9 00 00 00 00 00 01 f9 f9
  0x0abda94afc60: f9 f9 f9 f9 00 07 f9 f9 f9 f9 f9 f9 00 00 00 03
  0x0abda94afc70: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 02 f9
  0x0abda94afc80: f9 f9 f9 f9 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9
=>0x0abda94afc90:[07]f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0abda94afca0: 07 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0abda94afcb0: 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0abda94afcc0: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
  0x0abda94afcd0: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9
  0x0abda94afce0: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 01 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==14==ABORTING
================================================================================
@jmklix jmklix added bug This issue is a bug. p3 This is a minor priority issue needs-review This issue or pull request needs review from a core team member. labels Aug 28, 2023
@DmitriyMusatkin
Copy link
Contributor

Yes, this is expected. Implementation is safe, but sanitizers do not like how memory is accessed. A little bit more info on it here - https://github.com/awslabs/aws-c-common/blob/main/include/aws/common/private/lookup3.inl#L500.
We've added some annotations on this method since then, so it should no longer be flagged by sanitizers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. needs-review This issue or pull request needs review from a core team member. p3 This is a minor priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jkuszmaul @jmklix @DmitriyMusatkin