从64位BSD系统编译的32位应用程序中的getifaddrs堆缓冲区溢出

时间:2017-01-13 01:06:54

标签: c++ clang freebsd address-sanitizer

我在使用Clang的AddressSanitizer调试我的程序时面临一个奇怪的问题。完全相同的代码在另一个64位系统上工作,但在另一个系统上产生堆缓冲区溢出错误。

两台机器使用相同的工具链运行相同的操作系统(BSD 10 64位),除了工作的那个被编译为64位(因此在64位系统上运行的64位应用程序),并且问题是在64位系统上编译为32位应用程序。

由于问题仅存在于这一个调用中,因此显示的代码不多:

struct ifaddrs * ifAddrStruct = NULL;
getifaddrs(&ifAddrStruct);

这是由ASan抛弃的堆栈跟踪:

==19706==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x2e603e78 at pc 0x0832bbb2 bp 0xffff3288 sp 0xffff2e60
READ of size 256 at 0x2e603e78 thread T0
    #0 0x832bbb1 in memcpy /home/dim/llvm-3.8.0/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:438:3
    #1 0x2bdbed49 in getifaddrs (/usr/lib32//libc.so.7+0xecd49)

0x2e603e78 is located 0 bytes to the right of 1528-byte region [0x2e603880,0x2e603e78)
allocated by thread T0 here:
    #0 0x8337df0 in __interceptor_malloc /home/dim/llvm-3.8.0/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:52:3
    #1 0x2bdbe87f in getifaddrs (/usr/lib32//libc.so.7+0xec87f)
    #2 0x8325799 in getifaddrs /home/dim/llvm-3.8.0/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:4368:13
    #3 0x8f1a443 in GetIPInfo(void) ...../src/config.cpp:243:2
    #4 0x8f22837 in config_init(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) ...../src/config.cpp:329:7
    #5 0xadf1cf9 in start(int, char**) (app+0xadf1cf9)
    #6 0xade5a6c in main (app+0xade5a6c)
    #7 0x82db629 in _start1 (app+0x82db629)
    #8 0x82db4e7 in _start (app+0x82db4e7)
    #9 0x0  (<unknown module>)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/dim/llvm-3.8.0/final/llvm.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:438:3 in memcpy
Shadow bytes around the buggy address:
  0x45cc0770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x45cc0780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x45cc0790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x45cc07a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x45cc07b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x45cc07c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]
  0x45cc07d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x45cc07e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x45cc07f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x45cc0800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x45cc0810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

我在两台机器上使用完全相同的CFLAGS,相同的编译器(Clang 3.8),相同的库版本。一直在Google和StackOverflow上查看,但这似乎是一个孤立的案例,因为我无法找到其他人遇到同样的问题。

希望有人对此事有更多了解。

提前感谢能帮助我的人。

Edit1:我刚才意识到我一直在系统上使用Clang 3.8.1,一切正常(64位应用程序在64位系统中),而另一个仍然有3.8.0。我不确定,但此时我怀疑它是编译器中的一个错误。现在升级到3.8.1,所有相关的32位库(ASan等)都会在我有新闻时报告。

0 个答案:

没有答案
相关问题
最新问题