-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Address Sanitizer fails to intercept function in shared library opened with RTLD_DEEPBIND #611
Comments
Interesting. I think this has no chance of working with static-libasan, so we should either remove DEEPBIND or complain about it or both. It works with -shared-libasan with clang but not with gcc, because gcc does not add DT_NEEDED for libasan to shared libraries. |
On Mon, Oct 12, 2015 at 9:30 AM, Evgeniy Stepanov [email protected]
I'd say we need to complain and exit.
|
Due to a bug in gcc / libasan (google/sanitizers#611), you cannot mix RTLD_DEEPBIND and adderss sanitizing. The result, if you do, is allocating using ASAN and freeing using glibc, causing aborts. If ADDRESS_SANITIZER is on, disable RTLD_DEEPBIND. Change-Id: Ibaeaa33b7f653673f971ce3dd610d60252dbc220 Signed-off-by: Daniel Gryniewicz <[email protected]>
Does this boil down to detecting RTLD_DEEPBIND in dlopen interceptor? |
I'd guess so. |
… RTLD_DEEPBIND flag People keep hitting on spurious failures in malloc/free routines when using sanitizers with shared libraries dlopened with RTLD_DEEPBIND (see google/sanitizers#611 for details). Let's check for this flag and bail out with warning message instead of failing in random places. Differential Revision: https://reviews.llvm.org/D30504 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@297370 91177308-0d34-0410-b5e6-96231b3b80d8
… RTLD_DEEPBIND flag People keep hitting on spurious failures in malloc/free routines when using sanitizers with shared libraries dlopened with RTLD_DEEPBIND (see google/sanitizers#611 for details). Let's check for this flag and bail out with warning message instead of failing in random places. Differential Revision: https://reviews.llvm.org/D30504 llvm-svn=297370
Due to a bug in gcc / libasan (google/sanitizers#611), you cannot mix RTLD_DEEPBIND and adderss sanitizing. The result, if you do, is allocating using ASAN and freeing using glibc, causing aborts. If ADDRESS_SANITIZER is on, disable RTLD_DEEPBIND. Change-Id: Ibaeaa33b7f653673f971ce3dd610d60252dbc220 Signed-off-by: Daniel Gryniewicz <[email protected]> Signed-off-by: Madhu Thorat <[email protected]> Conflicts: src/include/config-h.in.cmake
Due to a bug in gcc / libasan (google/sanitizers#611), you cannot mix RTLD_DEEPBIND and adderss sanitizing. The result, if you do, is allocating using ASAN and freeing using glibc, causing aborts. If ADDRESS_SANITIZER is on, disable RTLD_DEEPBIND. Change-Id: Ibaeaa33b7f653673f971ce3dd610d60252dbc220 Signed-off-by: Daniel Gryniewicz <[email protected]> Signed-off-by: Madhu Thorat <[email protected]> Conflicts: src/include/config-h.in.cmake
Hi! How should I proceed? I'm confused about the different -shared-libasan/-static-libasan options. Using LD_LIBRARY_PATH to allow the SDK finding its libXXX.so I get the famous _int_free SEGV ASAN error. Seems like the SDK is redefining any alloc/free function, so there is a mismatch on symbol resolution (SDK vs Asan). Looks like linking with -fsanitize=address changes the order of symbols lookup/LD_PATH. I would need to isolate the SDK so it remains using libc or its own implementation (I don't know how internally works and I don't have access to source code neither). I want this behavior #871 (comment), but I'm not able to make the SDK run when my binary is using asan. I am open to use blacklist, suppression list, attribute((no_sanitize("address"))) or any other option, but I would like to understand the problem. Any hints? |
Frankly, your best choice is to contact the vendor for the SDK and request that they support asan If you can provide a small reproducer, where you replace the SDK with a tiny mock library, |
Due to a bug in gcc / libasan (google/sanitizers#611), you cannot mix RTLD_DEEPBIND and adderss sanitizing. The result, if you do, is allocating using ASAN and freeing using glibc, causing aborts. If ADDRESS_SANITIZER is on, disable RTLD_DEEPBIND. Change-Id: Ibaeaa33b7f653673f971ce3dd610d60252dbc220 Signed-off-by: Daniel Gryniewicz <[email protected]> Conflicts: src/include/config-h.in.cmake
Due to a bug in gcc / libasan (google/sanitizers#611), you cannot mix RTLD_DEEPBIND and adderss sanitizing. The result, if you do, is allocating using ASAN and freeing using glibc, causing aborts. If ADDRESS_SANITIZER is on, disable RTLD_DEEPBIND. Change-Id: Ibaeaa33b7f653673f971ce3dd610d60252dbc220 Signed-off-by: Daniel Gryniewicz <[email protected]> Signed-off-by: Madhu Thorat <[email protected]> Conflicts: src/include/config-h.in.cmake (cherry picked from commit 2ba269f)
Due to a bug in gcc / libasan (google/sanitizers#611), you cannot mix RTLD_DEEPBIND and adderss sanitizing. The result, if you do, is allocating using ASAN and freeing using glibc, causing aborts. If ADDRESS_SANITIZER is on, disable RTLD_DEEPBIND. Change-Id: Ibaeaa33b7f653673f971ce3dd610d60252dbc220 Signed-off-by: Daniel Gryniewicz <[email protected]> Signed-off-by: Madhu Thorat <[email protected]> Conflicts: src/include/config-h.in.cmake (cherry picked from commit 2ba269f)
Isn't it a good idea to add such flag? In code with a lot of modules this could help a lot as one wouldn't have to recompile some of them. |
Disable the RTLD_DEEPBIND option for dlopen in LDB and Socket Wrapper when running with AddressSanitizer. The RTLD_DEEPBIND option is not compatible with Address Sanitizer see google/sanitizers#611 Signed-off-by: Gary Lockyer <[email protected]> Reviewed-by: Andreas Schneider <[email protected]> Autobuild-User(master): Andreas Schneider <[email protected]> Autobuild-Date(master): Wed Oct 16 15:41:41 UTC 2019 on sn-devel-184
I am getting this error:
|
This breaks ASAN, see google/sanitizers#611 So, patch it out when installing. Upstream pycryptodome issue: Legrandin/pycryptodome#376
https://build.opensuse.org/request/show/925768 by user dirkmueller + dimstar_suse - update to 3.11.0: * GH#512: Especially for very small bit sizes, ``Crypto.Util.number.getPrime()`` was occasionally generating primes larger than given the bit size. * GH#552: Correct typing annotations for ``PKCS115_Cipher.decrypt()``. * GH#555: ``decrypt()`` method of a PKCS#1v1.5 cipher returned a ``bytearray`` instead of ``bytes``. * GH#557: External DSA domain parameters were accepted even when the modulus (``p``) was not prime. This affected ``Crypto.PublicKey.DSA.generate()`` and ``Crypto.PublicKey.DSA.construct()``. * Added cSHAKE128 and cSHAKE256 (of SHA-3 family). * GH#558: The flag RTLD_DEEPBIND passed to ``dlopen()`` is not well supported by `address sanitizers <https://github.com/google/sanitizers/issues/611>`_. It is now possible to set the enviro
https://build.opensuse.org/request/show/925769 by user dirkmueller + dimstar_suse - update to 3.11.0: * GH#512: Especially for very small bit sizes, ``Crypto.Util.number.getPrime()`` was occasionally generating primes larger than given the bit size. * GH#552: Correct typing annotations for ``PKCS115_Cipher.decrypt()``. * GH#555: ``decrypt()`` method of a PKCS#1v1.5 cipher returned a ``bytearray`` instead of ``bytes``. * GH#557: External DSA domain parameters were accepted even when the modulus (``p``) was not prime. This affected ``Crypto.PublicKey.DSA.generate()`` and ``Crypto.PublicKey.DSA.construct()``. * Added cSHAKE128 and cSHAKE256 (of SHA-3 family). * GH#558: The flag RTLD_DEEPBIND passed to ``dlopen()`` is not well supported by `address sanitizers <https://github.com/google/sanitizers/issues/611>`_. It is now possible to set the enviro
Which version of clang could make -shared-libasan and DEEPBIND together? Can I use Thanks ===== Maybe using blacklist is better than denied RTLD_DEEPBIND? The other solution is to allow the RTLD_DEEPBIND to .so dynamic library which build with ASAN, so we can implement some shims easily. (such as https://github.com/yugr/Implib.so, https://github.com/dezgeg/libcapsule and other libGL shims) |
dlopen(3) RTLD_DEEPBIND flag is incompatible with sanitizer runtime (see google/sanitizers#611 for details).
dlopen(3) RTLD_DEEPBIND flag is incompatible with sanitizer runtime (see google/sanitizers#611 for details).
Note: asan from gcc6 was ok with DEEPBIND, it started to fail from gcc8 (or 7?). |
tried, gcc-11.2.0 same problem, if a third-party library uses RTLD_DEEPBIND to load a shared library building with TSAN will now make the application report an error and refuse to start . |
would it be possible to accept the fact that the code in the shared library can't be checked? |
Same behavior with gcc11.3. |
I encountered an interesting false-positive. When |
ASan add this check in dlopen interceptor, if flags contain RTLD_DEEPBIND then ASan will report and die.
|
llvm/llvm-project@76630d4 |
Yes, if the shared library at |
The message was added because people we getting super weird false positives. |
In practice this is very hard, some vendors aren't even aware the are doing this themselves, they load libraries, that load libraries etc. We should have some way to allow the user to sanitize their own code at least... |
It's intercepting the To follow the error message's suggestion and remove the flag it seems one currently has to rebuild the code which uses the flag. In the case I've just hit the problematic
|
@ojwb RTLD_DEEPBIND is there for a reason, you cannot just remove it and expect it to work ok. Specifically RTLD_DEEPBIND causes symbol lookups to happen in the loaded library and if you remove it, the symbols will be looked up in one of its parents, which is functionally not the same. |
See this error message: You are trying to dlopen a this-file-does-not-exist.so shared library with RTLD_DEEPBIND flag which is incompatible with sanitizer runtime (see google/sanitizers#611 for details). If you want to run this-file-does-not-exist.so library under sanitizers please remove RTLD_DEEPBIND from dlopen flags.
See this error message: You are trying to dlopen a this-file-does-not-exist.so shared library with RTLD_DEEPBIND flag which is incompatible with sanitizer runtime (see google/sanitizers#611 for details). If you want to run this-file-does-not-exist.so library under sanitizers please remove RTLD_DEEPBIND from dlopen flags.
as a workaround solution:
Please keep in mind, that this patch could break calls to |
I just found out that if an application opens a shared library (both built with address sanitizer) using RTLD_DEEPBIND, address sanitizer will fail to intercept the functions called from the so opened shared library. In my particular case, this manifested itself as a strdup which, though originally skipping any interceptors and going into libc, would eventually call asan's allocator. However the same did not happen for free (since it went straight into glibc's free), so it failed to intercept free (or rather there was an allocator mismatch). I am not familiar enough with glibc to say whether this can be fixed or not, but perhaps we could drop the RTLD_DEEPBIND flag in our dlopen interceptor and issue a warning to the user.
The text was updated successfully, but these errors were encountered: