Closed
Description
References:#38699
foo/src/main.rs
fn main() {
let xs = [0, 1, 2, 3];
let y = unsafe { *xs.as_ptr().offset(4) };
println!("{:#?}", y);
}
I run RUSTFLAGS="-Z sanitizer=address" cargo run --target x86_64-unknown-linux-gnu
Results:
Finished dev [unoptimized + debuginfo] target(s) in 0.00s
Running `target/x86_64-unknown-linux-gnu/debug/foo`
=================================================================
==114338==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc05e39530 at pc 0x5580a4da22a4 bp 0x7ffc05e39470 sp 0x7ffc05e39468
READ of size 4 at 0x7ffc05e39530 thread T0
#0 0x5580a4da22a3 (/home/temp/foo/target/x86_64-unknown-linux-gnu/debug/foo+0x9b2a3)
#1 0x5580a4da1e5a (/home/temp/foo/target/x86_64-unknown-linux-gnu/debug/foo+0x9ae5a)
#2 0x5580a4da2944 (/home/temp/foo/target/x86_64-unknown-linux-gnu/debug/foo+0x9b944)
#3 0x5580a4da1603 (/home/temp/foo/target/x86_64-unknown-linux-gnu/debug/foo+0x9a603)
#4 0x5580a4db71a0 (/home/temp/foo/target/x86_64-unknown-linux-gnu/debug/foo+0xb01a0)
#5 0x5580a4da1565 (/home/temp/foo/target/x86_64-unknown-linux-gnu/debug/foo+0x9a565)
#6 0x5580a4da24bb (/home/temp/foo/target/x86_64-unknown-linux-gnu/debug/foo+0x9b4bb)
#7 0x7fc4bfbe5bf6 (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
#8 0x5580a4d145c9 (/home/temp/foo/target/x86_64-unknown-linux-gnu/debug/foo+0xd5c9)
Address 0x7ffc05e39530 is located in stack of thread T0 at offset 176 in frame
#0 0x5580a4da1fdf (/home/temp/foo/target/x86_64-unknown-linux-gnu/debug/foo+0x9afdf) // There should be a number of lines here.
This frame has 4 object(s):
[32, 48) '_15' (line 4)
[64, 112) '_8' (line 4)
[144, 148) 'y' (line 3)
[160, 176) 'xs' (line 2) <== Memory access at offset 176 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow (/home/temp/foo/target/x86_64-unknown-linux-gnu/debug/foo+0x9b2a3)
Shadow bytes around the buggy address:
0x100000bbf250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100000bbf260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100000bbf270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100000bbf280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100000bbf290: f1 f1 f1 f1 f8 f8 f2 f2 f8 f8 f8 f8 f8 f8 f2 f2
=>0x100000bbf2a0: f2 f2 04 f2 00 00[f3]f3 00 00 00 00 00 00 00 00
0x100000bbf2b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100000bbf2c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100000bbf2d0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f8 f3 f3
0x100000bbf2e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100000bbf2f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==114338==ABORTING
It doesn't show the exact number of lines, I don't know what I did wrong.
my message:
Linux szxphisprd06047 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
rustc 1.58.0-nightly (29b124802 2021-10-25)
I've tried:
sudo ln -s /usr/bin/llvm-symbolizer-8 /usr/bin/llvm-symbolizer
But it didn't work.
Metadata
Metadata
Assignees
Labels
No labels