GNU bug report logs - #16427
unexec doesn't work with GCC AddressSanitizer

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: emacs; Severity: important; Reported by: Paul Eggert <eggert@HIDDEN>; merged with #18885; dated Sun, 12 Jan 2014 23:27:01 UTC; Maintainer for emacs is bug-gnu-emacs@HIDDEN.
Forcibly Merged 16427 18885. Request was from Glenn Morris <rgm@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 16427 <at> debbugs.gnu.org:


Received: (at 16427) by debbugs.gnu.org; 13 Jan 2014 17:30:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 13 12:30:05 2014
Received: from localhost ([127.0.0.1]:49319 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1W2lKu-0003jB-Bl
	for submit <at> debbugs.gnu.org; Mon, 13 Jan 2014 12:30:04 -0500
Received: from fencepost.gnu.org ([208.118.235.10]:35437)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <rgm@HIDDEN>) id 1W2lKq-0003iJ-PL
 for 16427 <at> debbugs.gnu.org; Mon, 13 Jan 2014 12:30:01 -0500
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
 (envelope-from <rgm@HIDDEN>)
 id 1W2lKp-0000Z7-J1; Mon, 13 Jan 2014 12:29:59 -0500
From: Glenn Morris <rgm@HIDDEN>
To: 16427 <at> debbugs.gnu.org
Subject: Re: bug#16427: unexec doesn't work with GCC AddressSanitizer
References: <52D32489.5010702@HIDDEN>
X-Spook: gamma Perl-RSA IMF Zachawi Noriega AMW bootleg security
X-Ran: /lx<#N8S)~8bGAlKI=7\`dYSfy];{n"eSk[%T5"p;fI}^0)*wH>p6#n~_$hOo(SU'!J9vv
X-Hue: black
X-Attribution: GM
Date: Mon, 13 Jan 2014 12:29:59 -0500
In-Reply-To: <52D32489.5010702@HIDDEN> (Paul Eggert's message of "Sun, 12
 Jan 2014 15:26:01 -0800")
Message-ID: <yd4n5794dk.fsf@HIDDEN>
User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: -5.1 (-----)
X-Debbugs-Envelope-To: 16427
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.1 (-----)


I classed this as "important" because it seems to me to be something
that's, err, important, to fix at some point; but I don't know if it's
important enough for 24.4.




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#16427; Package emacs. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 12 Jan 2014 23:26:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Jan 12 18:26:30 2014
Received: from localhost ([127.0.0.1]:48158 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1W2UQH-0002yZ-J8
	for submit <at> debbugs.gnu.org; Sun, 12 Jan 2014 18:26:30 -0500
Received: from eggs.gnu.org ([208.118.235.92]:48330)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <eggert@HIDDEN>) id 1W2UQD-0002yP-FE
 for submit <at> debbugs.gnu.org; Sun, 12 Jan 2014 18:26:26 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <eggert@HIDDEN>) id 1W2UQ6-0004kc-G7
 for submit <at> debbugs.gnu.org; Sun, 12 Jan 2014 18:26:25 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled
 version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:37135)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <eggert@HIDDEN>) id 1W2UQ6-0004kM-Cf
 for submit <at> debbugs.gnu.org; Sun, 12 Jan 2014 18:26:18 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50047)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <eggert@HIDDEN>) id 1W2UQ0-0003Bn-FJ
 for bug-gnu-emacs@HIDDEN; Sun, 12 Jan 2014 18:26:18 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <eggert@HIDDEN>) id 1W2UPt-0004Yx-1t
 for bug-gnu-emacs@HIDDEN; Sun, 12 Jan 2014 18:26:12 -0500
Received: from smtp.cs.ucla.edu ([131.179.128.62]:56551)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <eggert@HIDDEN>) id 1W2UPs-0004Yp-OQ
 for bug-gnu-emacs@HIDDEN; Sun, 12 Jan 2014 18:26:04 -0500
Received: from localhost (localhost.localdomain [127.0.0.1])
 by smtp.cs.ucla.edu (Postfix) with ESMTP id 4871739E8011
 for <bug-gnu-emacs@HIDDEN>; Sun, 12 Jan 2014 15:26:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu
Received: from smtp.cs.ucla.edu ([127.0.0.1])
 by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id FiKq96Oy1zGn for <bug-gnu-emacs@HIDDEN>;
 Sun, 12 Jan 2014 15:26:02 -0800 (PST)
Received: from [192.168.1.9] (pool-108-0-233-62.lsanca.fios.verizon.net
 [108.0.233.62])
 by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 6792E39E8008
 for <bug-gnu-emacs@HIDDEN>; Sun, 12 Jan 2014 15:26:02 -0800 (PST)
Message-ID: <52D32489.5010702@HIDDEN>
Date: Sun, 12 Jan 2014 15:26:01 -0800
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Emacs bug reports <bug-gnu-emacs@HIDDEN>
Subject: unexec doesn't work with GCC AddressSanitizer
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
 (bad octet value).
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.0 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -4.0 (----)

It'd be better for debugging if Emacs worked with
the AddressSanitizer of recent GCC implementations,
but unfortunately there are problems.
On Fedora 20 x86-64, if I configure GNU Emacs using:

./configure CFLAGS='-g3 -O0 -fsanitize=address'

the resulting build fails during unexec, with
symptoms like those shone at the end of this message.
'unexec' is crashing here:

       memcpy (NEW_SECTION_H (nn).sh_offset + new_base, src,
               NEW_SECTION_H (nn).sh_size);

presumably because SRC contains holes that have been sanitized.

This problem has been noted on emacs-devel in the past:

http://lists.gnu.org/archive/html/emacs-devel/2012-06/msg00600.html
http://lists.gnu.org/archive/html/emacs-devel/2014-01/msg01046.html

but it's never gotten a formal bug report so I thought
I'd file one.

Here are the symptoms:

if test "no" = "yes"; then \
   rm -f bootstrap-emacs; \
   ln temacs bootstrap-emacs; \
else \
   ./temacs --batch --load loadup bootstrap || exit 1; \
   test "X" = X ||  -zex emacs; \
   mv -f emacs bootstrap-emacs; \
fi
Loading loadup.el (source)...
...
Finding pointers to doc strings...
Finding pointers to doc strings...done
Dumping under the name emacs
=================================================================
==30803== ERROR: AddressSanitizer: unknown-crash on address 0x000000c4c240 at pc 0x7ffff4e5bc2f bp 0x7fffffffc8a0 sp 0x7fffffffc048
READ of size 3342120 at 0x000000c4c240 thread T0
     #0 0x7ffff4e5bc2e (/usr/lib64/libasan.so.0.0.0+0xec2e)
     #1 0x886d9b (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x886d9b)
     #2 0x6e9b7b (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x6e9b7b)
     #3 0x8092c8 (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x8092c8)
     #4 0x802486 (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x802486)
     #5 0x808c65 (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x808c65)
     #6 0x8021fb (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x8021fb)
     #7 0x808c65 (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x808c65)
     #8 0x854caf (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x854caf)
     #9 0x852b0a (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x852b0a)
     #10 0x80957f (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x80957f)
     #11 0x808345 (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x808345)
     #12 0x6eca50 (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x6eca50)
     #13 0x805e18 (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x805e18)
     #14 0x6ecaac (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x6ecaac)
     #15 0x804aa9 (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x804aa9)
     #16 0x6ec97d (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x6ec97d)
     #17 0x6eba41 (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x6eba41)
     #18 0x6ebc24 (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x6ebc24)
     #19 0x6e819c (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x6e819c)
     #20 0x7fffed8e3d64 (/usr/lib64/libc-2.18.so+0x21d64)
     #21 0x417518 (/home/eggert/src/gnu/emacs/static-checking/src/temacs+0x417518)
0x000000c4c240 is located 32 bytes to the left of global variable 'Sredraw_frame (dispnew.c)' (0xc4c260) of size 48
Shadow bytes around the buggy address:
   0x0000801817f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x000080181800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x000080181810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x000080181820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x000080181830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x000080181840: 00 00 00 00 00 00 00 00[00]00 00 00 00 00 00 00
   0x000080181850: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9
   0x000080181860: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
   0x000080181870: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00
   0x000080181880: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9
   0x000080181890: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
   Addressable:           00
   Partially addressable: 01 02 03 04 05 06 07
   Heap left redzone:     fa
   Heap righ redzone:     fb
   Freed Heap region:     fd
   Stack left redzone:    f1
   Stack mid redzone:     f2
   Stack right redzone:   f3
   Stack partial redzone: f4
   Stack after return:    f5
   Stack use after scope: f8
   Global redzone:        f9
   Global init order:     f6
   Poisoned by user:      f7
   ASan internal:         fe
==30803== ABORTING
Makefile:814: recipe for target 'bootstrap-emacs' failed
make[1]: *** [bootstrap-emacs] Error 1
make[1]: Leaving directory '/home/eggert/src/gnu/emacs/static-checking/src'
Makefile:377: recipe for target 'src' failed
make: *** [src] Error 2

Compilation exited abnormally with code 2 at Sun Jan 12 15:01:53




Acknowledgement sent to Paul Eggert <eggert@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs@HIDDEN. Full text available.
Report forwarded to bug-gnu-emacs@HIDDEN:
bug#16427; Package emacs. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 31 Oct 2014 17:00:04 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.