Skip to content

-Zsanitizer=address failing to catch SIGSEGV #69524

New issue
New issue
Closed
#69685
Closed
-Zsanitizer=address failing to catch SIGSEGV#69524
#69685
Labels
A-sanitizersArea: Sanitizers for correctness and code qualityC-bugCategory: This is a bug.T-compilerRelevant to the compiler team, which will review and decide on the PR/issue.T-libs-apiRelevant to the library API team, which will review and decide on the PR/issue.requires-nightlyThis issue requires a nightly compiler in some way.
@jsgf

Description

@jsgf
jsgf
opened on Feb 27, 2020

I tried this code:

use std::ffi::c_void;

extern "C" {
    fn free(ptr: *mut c_void);
}

fn main() {
    unsafe {
        free(1 as *mut c_void);
    }
}

and compiled it with:

rustc +nightly -Zsanitizer=address --crate-type bin badfree.rs

I expected to see asan report a bad pointer use and give a backtrace.

Instead I just got a raw sigsegv:

$ ./badfree
Segmentation fault (core dumped)

Running with verbose output shows that AddressSanitizer is intercepting the signal.

$ ASAN_OPTIONS=verbosity=2 ./badfree
==1750324==AddressSanitizer: failed to intercept '__isoc99_printf'
'==1750324==AddressSanitizer: failed to intercept '__isoc99_sprintf'
'==1750324==AddressSanitizer: failed to intercept '__isoc99_snprintf'
'==1750324==AddressSanitizer: failed to intercept '__isoc99_fprintf'
'==1750324==AddressSanitizer: failed to intercept '__isoc99_vprintf'
'==1750324==AddressSanitizer: failed to intercept '__isoc99_vsprintf'
'==1750324==AddressSanitizer: failed to intercept '__isoc99_vsnprintf'
'==1750324==AddressSanitizer: failed to intercept '__isoc99_vfprintf'
'==1750324==AddressSanitizer: failed to intercept '__cxa_throw'
'==1750324==AddressSanitizer: failed to intercept '__cxa_rethrow_primary_exception'
'==1750324==AddressSanitizer: libc interceptors initialized
|| `[0x10007fff8000, 0x7fffffffffff]` || HighMem    ||
|| `[0x02008fff7000, 0x10007fff7fff]` || HighShadow ||
|| `[0x00008fff7000, 0x02008fff6fff]` || ShadowGap  ||
|| `[0x00007fff8000, 0x00008fff6fff]` || LowShadow  ||
|| `[0x000000000000, 0x00007fff7fff]` || LowMem     ||
MemToShadow(shadow): 0x00008fff7000 0x000091ff6dff 0x004091ff6e00 0x02008fff6fff
redzone=16
max_redzone=2048
quarantine_size_mb=256M
thread_local_quarantine_size_kb=1024K
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 0x7fff8000
==1750324==Installed the sigaction for signal 11
==1750324==Installed the sigaction for signal 7
==1750324==Installed the sigaction for signal 8
==1750324==SetCurrentThread: 0x7f3589309000 for thread 0x7f3589301840
==1750324==T0: stack [0x7ffe17920000,0x7ffe18120000) size 0x800000; local=0x7ffe1811e334
==1750324==AddressSanitizer Init done
Segmentation fault (core dumped)

It looks like src/libstd/sys/unix/stack_overflow.rs init() is also installing a signal handler, which is overriding the AddressSanitizer one.

Meta

rustc --version --verbose:

rustc 1.43.0-nightly (abc3073c9 2020-02-26)
binary: rustc
commit-hash: abc3073c92df034636a823c5382ece2186d22b9e
commit-date: 2020-02-26
host: x86_64-unknown-linux-gnu
release: 1.43.0-nightly
LLVM version: 9.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-sanitizersArea: Sanitizers for correctness and code qualityC-bugCategory: This is a bug.T-compilerRelevant to the compiler team, which will review and decide on the PR/issue.T-libs-apiRelevant to the library API team, which will review and decide on the PR/issue.requires-nightlyThis issue requires a nightly compiler in some way.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions