• d-bugmail puremagic.com (113/113) Mar 05 2020 https://issues.dlang.org/show_bug.cgi?id=20640

d-bugmail puremagic.com writes:

https://issues.dlang.org/show_bug.cgi?id=20640

          Issue ID: 20640
           Summary: LDC: AddressSnitizer failing to catch SIGSEGV in
                    unittest
           Product: D
           Version: D2
          Hardware: x86_64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P1
         Component: druntime
          Assignee: nobody puremagic.com
          Reporter: kubo39 gmail.com

Try this one:

```
import core.stdc.stdlib : free;

unittest
{
    free(cast(void*) 1);
}

void main() {}
```

compiler version and compile options:

```
$ ldc2 -version| head -1
LDC - the LLVM D compiler (1.20.0):
$ ldc2 --fsanitize=address -unittest segv.d
```

I expected asan reports a bad pointer and shows backtrace, but just got
backtrace only.

```
$ ./segv
./segv(backtrace+0x3d)[0x5580d6c521fd]
./segv(+0xc4b57)[0x5580d6ccfb57]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12890)[0x7f9f2557f890]
./segv(+0x3b901)[0x5580d6c46901]
./segv(free+0x9a)[0x5580d6c1fc4a]
./segv(+0x14b0e)[0x5580d6c1fb0e]
./segv(+0xc4b99)[0x5580d6ccfb99]
./segv(+0xc02bb)[0x5580d6ccb2bb]
./segv(+0xc08aa)[0x5580d6ccb8aa]
./segv(+0xc024c)[0x5580d6ccb24c]
./segv(+0xc81ff)[0x5580d6cd31ff]
./segv(+0xc4a45)[0x5580d6ccfa45]
./segv(+0xbab1b)[0x5580d6cc5b1b]
./segv(+0xbaa3f)[0x5580d6cc5a3f]
./segv(+0xba89e)[0x5580d6cc589e]
./segv(+0x14b45)[0x5580d6c1fb45]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x7f9f24be7b97]
./segv(+0x14a1a)[0x5580d6c1fa1a]
zsh: segmentation fault (core dumped)  ./segv
```

ASAN_OPTIONS=verbosity=2 shows that AddressSanitizer do intercept SIGSEGV.

```
==26999==AddressSanitizer: failed to intercept '__isoc99_printf'
'==26999==AddressSanitizer: failed to intercept '__isoc99_sprintf'
'==26999==AddressSanitizer: failed to intercept '__isoc99_snprintf'
'==26999==AddressSanitizer: failed to intercept '__isoc99_fprintf'
'==26999==AddressSanitizer: failed to intercept '__isoc99_vprintf'
'==26999==AddressSanitizer: failed to intercept '__isoc99_vsprintf'    
'==26999==AddressSanitizer: failed to intercept '__isoc99_vsnprintf'
'==26999==AddressSanitizer: failed to intercept '__isoc99_vfprintf'   
'==26999==AddressSanitizer: failed to intercept '__cxa_throw'                   
'==26999==AddressSanitizer: failed to intercept
'__cxa_rethrow_primary_exception'
'==26999==AddressSanitizer: libc interceptors initialized
|| `[0x10007fff8000, 0x7fffffffffff]` || HighMem    ||
|| `[0x02008fff7000, 0x10007fff7fff]` || HighShadow ||
|| `[0x00008fff7000, 0x02008fff6fff]` || ShadowGap  ||
|| `[0x00007fff8000, 0x00008fff6fff]` || LowShadow  ||
|| `[0x000000000000, 0x00007fff7fff]` || LowMem     ||
MemToShadow(shadow): 0x00008fff7000 0x000091ff6dff 0x004091ff6e00
0x02008fff6fff
redzone=16
max_redzone=2048
quarantine_size_mb=256M
thread_local_quarantine_size_kb=1024K
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 0x7fff8000
==26999==Installed the sigaction for signal 11
==26999==Installed the sigaction for signal 7
==26999==Installed the sigaction for signal 8
==26999==SetCurrentThread: 0x7f05c0059000 for thread 0x7f05c0024880
==26999==T0: stack [0x7fff0d215000,0x7fff0da15000) size 0x800000;
local=0x7fff0da125c8
==26999==Using llvm-symbolizer found at: /usr/bin/llvm-symbolizer
==26999==AddressSanitizer Init done
./segv(backtrace+0x3d)[0x55e0a6b911fd]
./segv(+0xc4b57)[0x55e0a6c0eb57]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12890)[0x7f05bf825890]
./segv(+0x3b901)[0x55e0a6b85901]
./segv(free+0x9a)[0x55e0a6b5ec4a]
./segv(+0x14b0e)[0x55e0a6b5eb0e]
./segv(+0xc4b99)[0x55e0a6c0eb99]
./segv(+0xc02bb)[0x55e0a6c0a2bb]
./segv(+0xc08aa)[0x55e0a6c0a8aa]
./segv(+0xc024c)[0x55e0a6c0a24c]
./segv(+0xc81ff)[0x55e0a6c121ff]
./segv(+0xc4a45)[0x55e0a6c0ea45]
./segv(+0xbab1b)[0x55e0a6c04b1b]
./segv(+0xbaa3f)[0x55e0a6c04a3f]
./segv(+0xba89e)[0x55e0a6c0489e]
./segv(+0x14b45)[0x55e0a6b5eb45]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x7f05bee8db97]
./segv(+0x14a1a)[0x55e0a6b5ea1a]
zsh: segmentation fault (core dumped)  ASAN_OPTIONS=verbosity=2 ./segv
```

It seems core.runtime.runModuleUnitTests also installs the signal handler, and
override asan's one.

--