Open
Description
I'm seeing ASan crashes on Windows that look like
$ ASAN_OPTIONS=detect_odr_violation=0 ./hello.exe
=================================================================
==16200==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7ff7f15f04e0 at pc 0x7ff7f15a7e68 bp 0x004ff18ff3c0 sp 0x004ff18ff408
READ of size 1 at 0x7ff7f15f04e0 thread T0
#0 0x7ff7f15a7e67 in __asan_wrap_strlen (C:\src\testing\asan\build\hello.exe+0x140027e67)
#1 0x7ffde5941699 (C:\Windows\SYSTEM32\ntdll.dll+0x180051699)
#2 0x7ff7f15ccfbe in __asan_update_allocation_context (C:\src\testing\asan\build\hello.exe+0x14004cfbe)
0x7ff7f15f04e0 is located 15 bytes after global variable '"FLAGS_hello_worl"' defined in 'hello.cc' (0x7ff7f15f04c0) of size 17
'"FLAGS_hello_worl"' is ascii string 'FLAGS_hello_worl'
0x7ff7f15f04e0 is located 0 bytes inside of global variable '""' defined in 'flag.cc' (0x7ff7f15f04e0) of size 1
'""' is ascii string ''
SUMMARY: AddressSanitizer: global-buffer-overflow (C:\src\testing\asan\build\hello.exe+0x140027e67) in __asan_wrap_strlen
Shadow bytes around the buggy address:
0x7ff7f15f0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff7f15f0280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff7f15f0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff7f15f0380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff7f15f0400: 00 00 00 00 00 00 f9 f9 00 00 05 f9 f9 f9 f9 f9
=>0x7ff7f15f0480: 00 00 02 f9 f9 f9 f9 f9 00 00 01 f9[f9]f9 f9 f9
0x7ff7f15f0500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff7f15f0580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff7f15f0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff7f15f0680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff7f15f0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==16200==ABORTINGI managed to reduce the code to this:
$ clang -cc1 -triple x86_64-pc-windows-msvc -emit-obj -O0 -fsanitize=address -fno-sanitize-address-use-odr-indicator -o flag.obj -x c++ flag.cc
$ clang -cc1 -triple x86_64-pc-windows-msvc -emit-obj -O0 -fms-extensions -fsanitize=address -fsanitize-address-globals-dead-stripping -fno-sanitize-address-use-odr-indicator -o hello.obj -x c++ hello.cc -isystem "C:/Program Files/Microsoft Visual Studio/2022/Professional/VC/Tools/MSVC/14.33.31629/include" -isystem "C:/Program Files (x86)/Windows Kits/10/Include/10.0.22621.0/ucrt" -D_DISABLE_STRING_ANNOTATION
$ llvm-lib hello.obj -OUT:libhello.lib
$ llvm-lib flag.obj -OUT:libflag.lib
$ lld-link -subsystem:console -OUT:hello.exe libhello.lib -wholearchive:libflag.lib -wholearchive:C:/src/llvm-project/build/lib/clang/17/lib/windows/clang_rt.asan-x86_64.lib
$ ASAN_OPTIONS=detect_odr_violation=0 ./hello.exewhere flag.cc is
const char* emptyflag = "";and hello.cc is
#include <string>
static const char* StringFromEnv(const char* flag) {
return "";
}
std::string FLAGS_hello = StringFromEnv("FLAGS_hello_worl");
int main() {
return 0;
}I also found google/sanitizers#1102 which looks similar.