Actions
Feature #18918
open
Can't compile ruby master with AFL ASAN
Status:
Open
Assignee:
-
Target version:
-
Description
On ubuntu 20.04, I want to compile ruby on master branch with AFL's afl-clang-fast but I got ASAN error
$ ruby -v
$ ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux]
$ git rev-parse --short HEAD
$ 7424ea184f
Here is error I got when using yjit in configure
...
...
linking miniruby
afl-clang-fast 2.56b by <lszekeres@google.com>
generating encdb.h
=================================================================
==101657==ERROR: AddressSanitizer: heap-use-after-free on address 0x6130000217d0 at pc 0x555555dde515 bp 0x7fffffffbff0 sp 0x7fffffffbfe8
WRITE of size 8 at 0x6130000217d0 thread T0
SCARINESS: 52 (8-byte-write-heap-use-after-free)
#0 0x555555dde514 (/home/aldo/ruby/miniruby+0x88a514)
#1 0x555555d3f411 (/home/aldo/ruby/miniruby+0x7eb411)
#2 0x555555dba231 (/home/aldo/ruby/miniruby+0x866231)
#3 0x555556279edb (/home/aldo/ruby/miniruby+0xd25edb)
#4 0x555555db32db (/home/aldo/ruby/miniruby+0x85f2db)
#5 0x555555fa7fef (/home/aldo/ruby/miniruby+0xa53fef)
#6 0x555555a486f4 (/home/aldo/ruby/miniruby+0x4f46f4)
#7 0x555555f9e628 (/home/aldo/ruby/miniruby+0xa4a628)
#8 0x555555c085ab (/home/aldo/ruby/miniruby+0x6b45ab)
#9 0x555555bff657 (/home/aldo/ruby/miniruby+0x6ab657)
#10 0x555555bfbad5 (/home/aldo/ruby/miniruby+0x6a7ad5)
#11 0x5555562378b8 (/home/aldo/ruby/miniruby+0xce38b8)
#12 0x55555621b80e (/home/aldo/ruby/miniruby+0xcc780e)
#13 0x55555621acde (/home/aldo/ruby/miniruby+0xcc6cde)
#14 0x555556242f38 (/home/aldo/ruby/miniruby+0xceef38)
#15 0x5555561c1378 (/home/aldo/ruby/miniruby+0xc6d378)
#16 0x5555562049e4 (/home/aldo/ruby/miniruby+0xcb09e4)
#17 0x555555a423e1 (/home/aldo/ruby/miniruby+0x4ee3e1)
#18 0x555555a41cb5 (/home/aldo/ruby/miniruby+0x4edcb5)
#19 0x5555557d9fa5 (/home/aldo/ruby/miniruby+0x285fa5)
#20 0x7ffff7b78082 (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#21 0x555555731f7d (/home/aldo/ruby/miniruby+0x1ddf7d)
0x6130000217d0 is located 16 bytes inside of 336-byte region [0x6130000217c0,0x613000021910)
freed by thread T0 here:
#0 0x5555557aa43d (/home/aldo/ruby/miniruby+0x25643d)
#1 0x555555abc166 (/home/aldo/ruby/miniruby+0x568166)
previously allocated by thread T0 here:
#0 0x5555557aa832 (/home/aldo/ruby/miniruby+0x256832)
#1 0x555555abb646 (/home/aldo/ruby/miniruby+0x567646)
#2 0x555555bff657 (/home/aldo/ruby/miniruby+0x6ab657)
#3 0x555555bfbad5 (/home/aldo/ruby/miniruby+0x6a7ad5)
#4 0x55555621b80e (/home/aldo/ruby/miniruby+0xcc780e)
#5 0x55555621acde (/home/aldo/ruby/miniruby+0xcc6cde)
#6 0x555556242f38 (/home/aldo/ruby/miniruby+0xceef38)
#7 0x5555561c1378 (/home/aldo/ruby/miniruby+0xc6d378)
#8 0x5555562049e4 (/home/aldo/ruby/miniruby+0xcb09e4)
#9 0x555555a423e1 (/home/aldo/ruby/miniruby+0x4ee3e1)
#10 0x555555a41cb5 (/home/aldo/ruby/miniruby+0x4edcb5)
#11 0x5555557d9fa5 (/home/aldo/ruby/miniruby+0x285fa5)
#12 0x7ffff7b78082 (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
SUMMARY: AddressSanitizer: heap-use-after-free (/home/aldo/ruby/miniruby+0x88a514)
Shadow bytes around the buggy address:
0x0c267fffc2a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c267fffc2b0: 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c267fffc2c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c267fffc2d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c267fffc2e0: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
=>0x0c267fffc2f0: fa fa fa fa fa fa fa fa fd fd[fd]fd fd fd fd fd
0x0c267fffc300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c267fffc310: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c267fffc320: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c267fffc330: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c267fffc340: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==101657==ABORTING
make: *** [uncommon.mk:1132: encdb.h] Aborted
make: *** Waiting for unfinished jobs....
/bin/sh ./tool/ifchange "--timestamp=.rbconfig.time" rbconfig.rb rbconfig.tmp
rbconfig.rb updated
And Here is error I got when not using yjit in configure
...
...
./revision.h unchanged
linking miniruby
afl-clang-fast 2.56b by <lszekeres@google.com>
generating encdb.h
=================================================================
==124261==ERROR: AddressSanitizer: use-after-poison on address 0x7ffff40a0068 at pc 0x555555ff7ab5 bp 0x7fffffffb5e0 sp 0x7fffffffb5d8
READ of size 8 at 0x7ffff40a0068 thread T0
SCARINESS: 33 (8-byte-read-use-after-poison)
#0 0x555555ff7ab4 (/home/aldo/ruby/miniruby+0xaa3ab4)
#1 0x555555e7bdce (/home/aldo/ruby/miniruby+0x927dce)
#2 0x555555e63436 (/home/aldo/ruby/miniruby+0x90f436)
#3 0x555555e65f3c (/home/aldo/ruby/miniruby+0x911f3c)
#4 0x555555d86fd4 (/home/aldo/ruby/miniruby+0x832fd4)
#5 0x555555ce6c8f (/home/aldo/ruby/miniruby+0x792c8f)
#6 0x555555d4b151 (/home/aldo/ruby/miniruby+0x7f7151)
#7 0x55555620a81b (/home/aldo/ruby/miniruby+0xcb681b)
#8 0x555555d441fb (/home/aldo/ruby/miniruby+0x7f01fb)
#9 0x555555f38b14 (/home/aldo/ruby/miniruby+0x9e4b14)
#10 0x5555559d9754 (/home/aldo/ruby/miniruby+0x485754)
#11 0x555555f2f568 (/home/aldo/ruby/miniruby+0x9db568)
#12 0x555555b995bb (/home/aldo/ruby/miniruby+0x6455bb)
#13 0x555555b9066a (/home/aldo/ruby/miniruby+0x63c66a)
#14 0x555555b8cae5 (/home/aldo/ruby/miniruby+0x638ae5)
#15 0x5555561c81f8 (/home/aldo/ruby/miniruby+0xc741f8)
#16 0x5555561d3878 (/home/aldo/ruby/miniruby+0xc7f878)
#17 0x555556151d28 (/home/aldo/ruby/miniruby+0xbfdd28)
#18 0x555556195404 (/home/aldo/ruby/miniruby+0xc41404)
#19 0x555555b9974d (/home/aldo/ruby/miniruby+0x64574d)
#20 0x555555b9066a (/home/aldo/ruby/miniruby+0x63c66a)
#21 0x555555b8cae5 (/home/aldo/ruby/miniruby+0x638ae5)
#22 0x5555561c81f8 (/home/aldo/ruby/miniruby+0xc741f8)
#23 0x5555561ac14e (/home/aldo/ruby/miniruby+0xc5814e)
#24 0x5555561ab61e (/home/aldo/ruby/miniruby+0xc5761e)
#25 0x5555561d3878 (/home/aldo/ruby/miniruby+0xc7f878)
#26 0x555556151d28 (/home/aldo/ruby/miniruby+0xbfdd28)
#27 0x555556195404 (/home/aldo/ruby/miniruby+0xc41404)
#28 0x5555559d3451 (/home/aldo/ruby/miniruby+0x47f451)
#29 0x5555559d2d25 (/home/aldo/ruby/miniruby+0x47ed25)
#30 0x55555576ae25 (/home/aldo/ruby/miniruby+0x216e25)
#31 0x7ffff7b78082 (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#32 0x5555556c2dfd (/home/aldo/ruby/miniruby+0x16edfd)
Address 0x7ffff40a0068 is a wild pointer.
SUMMARY: AddressSanitizer: use-after-poison (/home/aldo/ruby/miniruby+0xaa3ab4)
Shadow bytes around the buggy address:
0x10007e80bfb0: 00 00 00 f7 00 00 00 00 f7 00 00 00 00 f7 00 00
0x10007e80bfc0: 00 00 f7 00 00 00 00 f7 00 00 00 00 f7 00 00 00
0x10007e80bfd0: 00 f7 00 00 00 00 f7 00 00 00 00 f7 00 00 00 00
0x10007e80bfe0: f7 00 00 00 00 f7 00 00 00 00 f7 00 00 00 00 f7
0x10007e80bff0: 00 00 00 00 f7 00 00 00 00 f7 00 00 00 00 00 00
=>0x10007e80c000: 00 00 00 f7 00 00 00 00 f7 00 00 00 00[f7]00 00
0x10007e80c010: 00 00 f7 00 00 00 00 f7 00 00 00 00 f7 00 00 00
0x10007e80c020: 00 f7 00 00 00 00 f7 00 00 00 00 f7 00 00 00 00
0x10007e80c030: f7 00 00 00 00 f7 00 00 00 00 f7 00 00 00 00 f7
0x10007e80c040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 00
0x10007e80c050: 00 00 00 00 00 00 00 00 f7 00 00 00 00 f7 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==124261==ABORTING
make: *** [uncommon.mk:1132: encdb.h] Aborted
make: *** Waiting for unfinished jobs....
/bin/sh ./tool/ifchange "--timestamp=.rbconfig.time" rbconfig.rb rbconfig.tmp
rbconfig.rb updated
Updated by jeremyevans0 (Jeremy Evans) about 1 year ago
- Tracker changed from Bug to Feature
- ruby -v deleted (
ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux]) - Backport deleted (
2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN)
Actions
Like1
Like0