Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

addressSanitier issue with coverage-pspmod-vxworks_sysmon-testrunner #432

Closed
avan989 opened this issue May 20, 2024 · 1 comment · Fixed by #439
Closed

addressSanitier issue with coverage-pspmod-vxworks_sysmon-testrunner #432

avan989 opened this issue May 20, 2024 · 1 comment · Fixed by #439
Assignees

Comments

@avan989
Copy link
Contributor

avan989 commented May 20, 2024

running addressSanitizer causes the following error:

==17384==ERROR: AddressSanitizer: global-buffer-overflow on address 0x556f8597a0c8 at pc 0x7f8af48bdf26 bp 0x7ffd76300bb0 sp 0x7ffd76300358
WRITE of size 32 at 0x556f8597a0c8 thread T0
    #0 0x7f8af48bdf25 in __interceptor_memset ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:795
    #1 0x556f8595bc20 in PCS_memset /home/vboxuser/Desktop/cFS/psp/unit-test-coverage/ut-stubs/src/libc-string-stubs.c:36
    #2 0x556f85959687 in vxworks_sysmon_update_stat /home/vboxuser/Desktop/cFS/psp/fsw/modules/vxworks_sysmon/vxworks_sysmon.c:66
    #3 0x556f85958ee2 in Test_UpdateStat_Nominal /home/vboxuser/Desktop/cFS/psp/unit-test-coverage/modules/vxworks_sysmon/src/coveragetest-vxworks_sysmon.c:302
    #4 0x556f85966190 in UtTest_Run /home/vboxuser/Desktop/cFS/osal/ut_assert/src/uttest.c:172
    #5 0x556f85966bdd in OS_Application_Run /home/vboxuser/Desktop/cFS/osal/ut_assert/src/utbsp.c:230
    #6 0x556f85967c4a in main /home/vboxuser/Desktop/cFS/osal/src/bsp/generic-linux/src/bsp_start.c:244
    #7 0x7f8af4683082 in __libc_start_main ../csu/libc-start.c:308
    #8 0x556f85956a5d in _start (/home/vboxuser/Desktop/cFS/build/native/default_cpu1/psp/unit-test-coverage/modules/vxworks_sysmon/coverage-pspmod-vxworks_sysmon-testrunner+0x8a5d)

0x556f8597a0c8 is located 8 bytes to the right of global variable 'vxworks_sysmon_global' defined in '/home/vboxuser/Desktop/cFS/psp/fsw/modules/vxworks_sysmon/vxworks_sysmon.c:45:24' (0x556f8597a080) of size 64
0x556f8597a0c8 is located 24 bytes to the left of global variable '__gcov0.vxworks_sysmon_DevCmd' defined in '<built-in>' (0x556f8597a0e0) of size 40
SUMMARY: AddressSanitizer: global-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:795 in __interceptor_memset
Shadow bytes around the buggy address:
  0x0aae70b273c0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0aae70b273d0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0aae70b273e0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0aae70b273f0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0aae70b27400: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
=>0x0aae70b27410: 00 00 00 00 00 00 00 00 f9[f9]f9 f9 00 00 00 00
  0x0aae70b27420: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9
  0x0aae70b27430: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x0aae70b27440: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
  0x0aae70b27450: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9
  0x0aae70b27460: 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==17384==ABORTING

To Reproduce
Steps to reproduce the behavior:

  1. Add in the following option:
    add_compile_options(-fsanitize=address -g)
    add_link_options(-fsanitize=address)

  2. Compile and run normally.

Expected behavior
A clear and concise description of what you expected to happen.

Code snips
If applicable, add references to the software.

System observed on:

  • Hardware
  • OS: [e.g. Linux 4.4]
  • Versions [e.g. cFE 6.6, OSAL 4.2, PSP 1.3 for mcp750, any related apps]

Additional context
Add any other context about the problem here.

Reporter Info
Full name and company/organization if applicable

Anh Van, GSFC

@jphickey jphickey self-assigned this Sep 12, 2024
@jphickey
Copy link
Contributor

I'm surprised this was noticed back in May and not fixed. I have a fix for it as it was discovered (again) when delivering to a customer.

jphickey added a commit to jphickey/PSP that referenced this issue Sep 12, 2024
The cpu number to poll was not range checked until _after_ the memset.
This is not the correct order of operations, it must range the element
number in the array before writing/clearing it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants