Open
Description
Hello,
For instance, this:
#include <string.h>
#include <glob.h>
int main(void) {
glob_t g;
memset(&g, 0, sizeof(g));
g.gl_offs = 1;
glob("*", GLOB_DOOFFS, NULL, &g);
return 0;
}
crashes with
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2734336==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f9f1b93aec6 bp 0x7ffe664ee1a0 sp 0x7ffe664ed938 T0)
==2734336==The signal is caused by a READ memory access.
==2734336==Hint: address points to the zero page.
#0 0x7f9f1b93aec6 in __sanitizer::internal_strlen(char const*) ../../../../src/libsanitizer/sanitizer_common/sanitizer_libc.cpp:176
#1 0x7f9f1b89920f in unpoison_glob_t ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:2346
#2 0x7f9f1b8ed26f in glob ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:2422
#3 0x55e1afb552a0 in main (/home/samy/test+0x12a0) (BuildId: 6a2b7870466624765046114b28178ff268479b85)
#4 0x7f9f1b633d67 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#5 0x7f9f1b633e24 in __libc_start_main_impl ../csu/libc-start.c:360
#6 0x55e1afb550e0 in _start (/home/samy/test+0x10e0) (BuildId: 6a2b7870466624765046114b28178ff268479b85)
because libasan does not take care of GLOB_DOOFFS.
Something like the attached patch would be needed, I however don't know how libasan would cope with the OS-specific value of GLOB_DOOFFS