| 2022-04-26 09:40:21 |
Jonas Hahnfeld |
description |
When using the shared libclang_rt.asan-x86_64.so, __asan_default_options aren't working. Consider the following example:
$ cat test_asan.c
const char *__asan_default_options() {
return "help=1";
}
int main() { return 0; }
$ clang -fsanitize=address -shared-libasan test_asan.c -o test_asan.clang.shared.x
$ LD_PRELOAD=/usr/lib/llvm-10/lib/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.so ./test_asan.clang.shared.x
[no output]
The expected behavior would be:
$ clang -fsanitize=address -static-libsan test_asan.c -o test_asan.clang.static.x
$ ./test_asan.clang.static.x |& head
Available flags for AddressSanitizer:
quarantine_size
- Deprecated, please use quarantine_size_mb. (Current Value: -1)
quarantine_size_mb
- Size (in Mb) of quarantine used to detect use-after-free errors. Lower value may reduce memory usage but increase the chance of false negatives. (Current Value: -1)
thread_local_quarantine_size_kb
- Size (in Kb) of thread local quarantine used to detect use-after-free errors. Lower value may reduce memory usage but increase the chance of false negatives. It is not advised to go lower than 64Kb, otherwise frequent transfers to global quarantine might affect performance. (Current Value: -1)
redzone
- Minimal size (in bytes) of redzones around heap objects. Requirement: redzone >= 16, is a power of two. (Current Value: 16)
max_redzone
With GCC everything works fine:
$ gcc -fsanitize=address test_asan.c -o test_asan.gcc.shared.x
$ ldd test_asan.gcc.shared.x
linux-vdso.so.1 (0x00007ffd4938e000)
libasan.so.5 => /usr/lib/x86_64-linux-gnu/libasan.so.5 (0x00007f704ffd6000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f704fde4000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f704fdde000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f704fdd4000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f704fdb1000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f704fc62000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f704fc45000)
/lib64/ld-linux-x86-64.so.2 (0x00007f7050a1a000)
$ ./test_asan.gcc.shared.x |& head
Available flags for AddressSanitizer:
quarantine_size
- Deprecated, please use quarantine_size_mb.
quarantine_size_mb
- Size (in Mb) of quarantine used to detect use-after-free errors. Lower value may reduce memory usage but increase the chance of false negatives.
thread_local_quarantine_size_kb
- Size (in Kb) of thread local quarantine used to detect use-after-free errors. Lower value may reduce memory usage but increase the chance of false negatives. It is not advised to go lower than 64Kb, otherwise frequent transfers to global quarantine might affect performance.
redzone
- Minimal size (in bytes) of redzones around heap objects. Requirement: redzone >= 16, is a power of two.
max_redzone
The reason seems to be that there is no relocation for the __asan_default_options symbol:
$ readelf --relocs /usr/lib/llvm-10/lib/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.so | grep __asan_default_options
[no output]
The shared libasan.so used by GCC is fine:
$ readelf --relocs /usr/lib/x86_64-linux-gnu/libasan.so.5.0.0 | grep __asan_default_options
000000188358 03fc00000007 R_X86_64_JUMP_SLO 00000000000365d0 __asan_default_options + 0
Note that some other symbols are not affected by this. For example, __lsan_default_options works fine even with Clang's shared libclang_rt.asan-x86_64.so. |
When using the shared libclang_rt.asan-x86_64.so, __asan_default_options aren't working. Consider the following example:
$ cat test_asan.c
const char *__asan_default_options() {
return "help=1";
}
int main() { return 0; }
$ clang -fsanitize=address -shared-libasan test_asan.c -o test_asan.clang.shared.x
$ LD_PRELOAD=/usr/lib/llvm-10/lib/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.so ./test_asan.clang.shared.x
[no output]
The expected behavior would be the same as you get with:
$ clang -fsanitize=address -static-libsan test_asan.c -o test_asan.clang.static.x
$ ./test_asan.clang.static.x |& head
Available flags for AddressSanitizer:
quarantine_size
- Deprecated, please use quarantine_size_mb. (Current Value: -1)
quarantine_size_mb
- Size (in Mb) of quarantine used to detect use-after-free errors. Lower value may reduce memory usage but increase the chance of false negatives. (Current Value: -1)
thread_local_quarantine_size_kb
- Size (in Kb) of thread local quarantine used to detect use-after-free errors. Lower value may reduce memory usage but increase the chance of false negatives. It is not advised to go lower than 64Kb, otherwise frequent transfers to global quarantine might affect performance. (Current Value: -1)
redzone
- Minimal size (in bytes) of redzones around heap objects. Requirement: redzone >= 16, is a power of two. (Current Value: 16)
max_redzone
With GCC everything works fine:
$ gcc -fsanitize=address test_asan.c -o test_asan.gcc.shared.x
$ ldd test_asan.gcc.shared.x
linux-vdso.so.1 (0x00007ffd4938e000)
libasan.so.5 => /usr/lib/x86_64-linux-gnu/libasan.so.5 (0x00007f704ffd6000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f704fde4000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f704fdde000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f704fdd4000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f704fdb1000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f704fc62000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f704fc45000)
/lib64/ld-linux-x86-64.so.2 (0x00007f7050a1a000)
$ ./test_asan.gcc.shared.x |& head
Available flags for AddressSanitizer:
quarantine_size
- Deprecated, please use quarantine_size_mb.
quarantine_size_mb
- Size (in Mb) of quarantine used to detect use-after-free errors. Lower value may reduce memory usage but increase the chance of false negatives.
thread_local_quarantine_size_kb
- Size (in Kb) of thread local quarantine used to detect use-after-free errors. Lower value may reduce memory usage but increase the chance of false negatives. It is not advised to go lower than 64Kb, otherwise frequent transfers to global quarantine might affect performance.
redzone
- Minimal size (in bytes) of redzones around heap objects. Requirement: redzone >= 16, is a power of two.
max_redzone
The reason seems to be that there is no relocation for the __asan_default_options symbol:
$ readelf --relocs /usr/lib/llvm-10/lib/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.so | grep __asan_default_options
[no output]
The shared libasan.so used by GCC is fine:
$ readelf --relocs /usr/lib/x86_64-linux-gnu/libasan.so.5.0.0 | grep __asan_default_options
000000188358 03fc00000007 R_X86_64_JUMP_SLO 00000000000365d0 __asan_default_options + 0
Note that some other symbols are not affected by this. For example, __lsan_default_options works fine even with Clang's shared libclang_rt.asan-x86_64.so. |
|
