NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
install/54491: sysinst is not LLVM ASan clean
>Number: 54491
>Category: install
>Synopsis: sysinst is not LLVM ASan clean
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: install-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Aug 27 05:30:00 +0000 2019
>Originator: Kamil Rytarowski
>Release: NetBSD 9.99.10
>Organization:
TNF
>Environment:
NetBSD 9.99.10 NetBSD 9.99.10 (GENERIC) #0: Tue Aug 27 05:56:51 CEST 2019 kamill@chieftec:/public/netbsd.asan/sys/arch/amd64/compile/GENERIC amd64
>Description:
sysinst errors after unpacking sets
=================================================================
==18==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f7ff7a9b478
at pc 0x7f7ff786fb22 bp 0x7f7fffffd590 sp 0x7f7fffffd588
READ of size 8 at 0x7f7ff7a9b478 thread T0
#0 0x7f7ff786fb21 in doupdate (/usr/lib/libcurses.so.8+0x6fb21) // /usr/src/lib/libcurses/refresh.c:2013
#1 0x7f7ff7865c19 in wrefresh (/usr/lib/libcurses.so.8+0x65c19) // /usr/src/lib/libcurses/refresh.c:481
#2 0x38ff0c in do_configmenu (/usr/sbin/sysinst+0x18ff0c) // /usr/src/usr.sbin/sysinst/arch/amd64/../../configmenu.c:460
#3 0x364cce in do_install (/usr/sbin/sysinst+0x164cce) // /usr/src/usr.sbin/sysinst/arch/amd64/../../install.c:211
#4 0x35d76e in opt_act_2_0 (/usr/sbin/sysinst+0x15d76e) // /public/netbsd.asan/usr.sbin/sysinst/arch/amd64/menu_defs.c:254
#5 0x35ae43 in process_menu (/usr/sbin/sysinst+0x15ae43) // /public/netbsd.asan/usr.sbin/sysinst/arch/amd64/menu_defs.c:3208
#6 0x364281 in main (/usr/sbin/sysinst+0x164281) // /usr/src/usr.sbin/sysinst/arch/amd64/../../main.c:277
#7 0x262e1c in ___start (/usr/sbin/sysinst+0x62e1c)
0x7f7ff7a9b478 is located 40 bytes to the left of global variable 'buf' defined
in '/usr/src/lib/libcurses/refresh.c:1465:16' (0x7f7ff7a9b4a0) of size 2048
0x7f7ff7a9b478 is located 8 bytes to the right of global variable 'blank' define
d in '/usr/src/lib/libcurses/refresh.c:1119:17' (0x7f7ff7a9b460) of size 16
SUMMARY: AddressSanitizer: global-buffer-overflow (/usr/lib/libcurses.so.8+0x6fb
21) in doupdate
Shadow bytes around the buggy address:
0x4feffef53630: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
0x4feffef53640: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x4feffef53650: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
0x4feffef53660: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 04 f9 f9 f9
0x4feffef53670: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
=>0x4feffef53680: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 f9[f9]
0x4feffef53690: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x4feffef536a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x4feffef536b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x4feffef536c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x4feffef536d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==18==ABORTING
>How-To-Repeat:
1. ./build.sh -C /public/extras -j8 -N0 -U -u -V MAKECONF=/dev/null -V MKDEBUGLIB=yes -V MKDEBUG=yes -V MKSANITIZER=yes -V MKLLVM=yes -V MKGCC=no -V HAVE_LLVM=yes -O /public/netbsd.asan distribution
2. Build release
3. Build iso-image
4. Try to install in qemu.
>Fix:
N/A
Home |
Main Index |
Thread Index |
Old Index