Is -fsanitize=address working?

To: tech-toolchain%netbsd.org@localhost
Subject: Is -fsanitize=address working?
From: Thomas Klausner <wiz%netbsd.org@localhost>
Date: Tue, 30 Sep 2025 09:28:58 +0200

Hi!

I wanted to try out -fsanitize=address on 11.99.2/x86_64 (gcc 12).

    git clone git%github.com@localhost:nih-at/libzip.git
    cd libzip
    mkdir build
    cd build
    CFLAGS=-fsanitize=address cmake ..

First thing I noticed, it warns during linking:

    [264/284] Linking C executable ossfuzz/zip_read_file_fuzzer
    ld: /usr/lib/libm.so.0: warning: warning: reference to compatibility cabs()
    ld: /usr/lib/libm.so.0: warning: warning: reference to compatibility cabsf()

(and many more times) which a non-sanitized build doesn't. The code
doesn't use cabs, so it looks like the sanitizer adds it.

(I then had to disable ASLR:

    # ./src/ziptool ../regress/test.zip set_password a set_password b
    This sanitizer is not compatible with enabled ASLR.
    To disable ASLR, please run "paxctl +a ./src/ziptool" and try again.

Then I did the actual test:

    # ./src/ziptool ../regress/test.zip cat 0
    test
    ==16438==LeakSanitizer has encountered a fatal error.
    ==16438==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
    ==16438==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)
    # export LSAN_OPTIONS=verbosity=1:log_threads=1
    # ./src/ziptool ../regress/test.zip cat 0
    ==7321==AddressSanitizer: failed to intercept 'backtrace'
    ==7321==AddressSanitizer: failed to intercept 'backtrace_symbols'
    ==7321==AddressSanitizer: libc interceptors initialized
    || `[0x4ff000000000, 0x7f7fffffffff]` || HighMem    ||
    || `[0x49fe00000000, 0x4fefffffffff]` || HighShadow ||
    || `[0x480000000000, 0x49fdffffffff]` || ShadowGap  ||
    || `[0x400000000000, 0x47ffffffffff]` || LowShadow  ||
    || `[0x000000000000, 0x3fffffffffff]` || LowMem     ||
    MemToShadow(shadow): 0x480000000000 0x48ffffffffff 0x493fc0000000 0x49fdffffffff
    redzone=16
    max_redzone=2048
    quarantine_size_mb=256M
    thread_local_quarantine_size_kb=1024K
    malloc_context_size=30
    SHADOW_SCALE: 3
    SHADOW_GRANULARITY: 8
    SHADOW_OFFSET: 0x400000000000
    ==7321==Installed the sigaction for signal 11
    ==7321==Installed the sigaction for signal 10
    ==7321==Installed the sigaction for signal 8
    ==7321==T0: stack [0x7f7fffff0000,0x7f7ffffff000) size 0xf000; local=0x7f7fffffe13c
    ==7321==AddressSanitizer Init done
    test
    ==7321==Failed spawning a tracer thread (errno 22).
    ==7321==LeakSanitizer has encountered a fatal error.
    ==7321==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
    ==7321==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)

Running it as root fails the same way.

Does anyone know what the problem here is?

Thanks,
 Thomas

Follow-Ups:
- Re: Is -fsanitize=address working?
  - From: Robert Elz
- Re: Is -fsanitize=address working?
  - From: RVP

Prev by Date: Re: Cross compiling Kernel with all options enabled and compiler wrapper
Next by Date: Re: Is -fsanitize=address working?
Previous by Thread: Cross compiling Kernel with all options enabled and compiler wrapper
Next by Thread: Re: Is -fsanitize=address working?
Indexes:

Home | Main Index | Thread Index | Old Index