[issue44363] Address sanitizer (gcc version) is generating false positives

Pablo Galindo Salgado report at bugs.python.org
Wed Jun 9 12:37:38 EDT 2021


Pablo Galindo Salgado <pablogsal at gmail.com> added the comment:

This is not a false positive. I break into gdb at the moment the sanitizer makes the report and inspecting the values that apparently are wrong. I did that by breaking into __sanitizer::ColorizeReports which is called for making the report. THis is what I did:

$export CFLAGS='-g3 -O0'
$export ASAN_OPTIONS=detect_leaks=0:allocator_may_return_null=1:handle_segv=0
$./configure --with-address-sanitizer --without-pymalloc
$make -j -s
$gdb --args ./python -m test test_lib2to3 -v -m test_prefix_preservation
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
== CPython 3.11.0a0 (heads/specialize-load-attr-dirty:e858ea1571, Jun 9 2021, 17:34:14) [GCC 11.1.0]
[Detaching after vfork from child process 18105]
== Linux-5.12.9-arch1-1-x86_64-with-glibc2.33 little-endian
== cwd: /home/pablogsal/github/python/master/build/test_python_18103æ
== CPU count: 36
== encodings: locale=UTF-8, FS=utf-8
0:00:00 load avg: 1.64 Run tests sequentially
0:00:00 load avg: 1.64 [1/1] test_lib2to3
test_prefix_preservation (lib2to3.tests.test_fixers.Test_dict) ... ok
test_prefix_preservation (lib2to3.tests.test_fixers.Test_except) ... =================================================================

Breakpoint 1, __sanitizer::ColorizeReports ()
    at /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_symbolizer_report.cpp:62
62      /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_symbolizer_report.cpp: No such file or directory.
(gdb) up
#1  0x00007ffff75f6af1 in __sanitizer::SanitizerCommonDecorator::SanitizerCommonDecorator (this=<synthetic pointer>)
    at /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_report_decorator.h:26
26      /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_report_decorator.h: No such file or directory.
(gdb)
#2  __asan::Decorator::Decorator (this=<synthetic pointer>) at /build/gcc/src/gcc/libsanitizer/asan/asan_descriptions.h:45
45      /build/gcc/src/gcc/libsanitizer/asan/asan_descriptions.h: No such file or directory.
(gdb)
#3  __asan::ErrorGeneric::Print (this=this at entry=0x7ffff7710908 <__asan::ScopedInErrorReport::current_error_+8>)
    at /build/gcc/src/gcc/libsanitizer/asan/asan_errors.cpp:574
574     /build/gcc/src/gcc/libsanitizer/asan/asan_errors.cpp: No such file or directory.
(gdb)
#4  0x00007ffff768531e in __asan::ErrorDescription::Print (
    this=this at entry=0x7ffff7710900 <__asan::ScopedInErrorReport::current_error_>)
    at /build/gcc/src/gcc/libsanitizer/asan/asan_errors.h:440
440     /build/gcc/src/gcc/libsanitizer/asan/asan_errors.h: No such file or directory.
(gdb)
#5  0x00007ffff7685528 in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7ffffffd12e6,
    __in_chrg=<optimized out>) at /build/gcc/src/gcc/libsanitizer/asan/asan_report.cpp:141
141     /build/gcc/src/gcc/libsanitizer/asan/asan_report.cpp: No such file or directory.
(gdb)
#6  0x00007ffff7684d8d in __asan::ReportGenericError (pc=93824995352503, bp=bp at entry=140737488166752,
    sp=sp at entry=140737488166736, addr=106515189666344, is_write=is_write at entry=false, access_size=access_size at entry=8,
    exp=0, fatal=true) at /build/gcc/src/gcc/libsanitizer/asan/asan_report.cpp:478
478     in /build/gcc/src/gcc/libsanitizer/asan/asan_report.cpp
(gdb)
#7  0x00007ffff7685c1c in __asan::__asan_report_load8 (addr=<optimized out>)
    at /build/gcc/src/gcc/libsanitizer/asan/asan_rtl.cpp:121
121     /build/gcc/src/gcc/libsanitizer/asan/asan_rtl.cpp: No such file or directory.
(gdb)
#8  0x000055555584dfb7 in _PyEval_EvalFrameDefault (tstate=0x612000000040, f=0x6080000b08b0, throwflag=0)
    at Python/ceval.c:3549
3549                DEOPT_IF(ep->me_key != name, LOAD_ATTR);
(gdb) p ep->me_key
$3 = (PyObject *) 0x60e0000b1250
(gdb) p ep->me_key->ob_refcnt
$4 = 652835033347

That ep->me_key is obviously corrupted.

----------

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue44363>
_______________________________________


More information about the Python-bugs-list mailing list