CRASH Segfault with DrMemory #6161
Comments
|
See this discussion: https://groups.google.com/g/dynamorio-users/c/IAFjO9gBPJ0 Ok,the nullptr in rdx seems to come via rbx from the rax register which is last written here: #0 0x00007ffff7611374 in __ctype_b_loc () at ../include/ctype.h:42 https://sourceforge.net/p/elftoolchain/code/3530/tree//trunk/libelftc/libelftc_dem_gnu3.c#l3109 I suspect that the lookup table inside the isdigit function is not initialized similar to isspace in this ticket: |
|
This doesn't have enough information for reproducing: no platform or OS or application information. There are bug templates that ask all these questions (https://github.com/DynamoRIO/dynamorio/issues/new?assignees=&labels=&template=bug_report.md&title= and If it is an issue with the private loader, it is becoming impractical to maintain it in the face of hidden dependencies in ld.so, libc, and pthreads. If you are not able to figure out what libc internal weirdness is going on here probably the thing to do is link everything the tool needs statically and bail on the private loader. |
|
Ok, some infos about the system I currently use: ii libc-bin 2.35-0ubuntu3.1 amd64 GNU C Library: Binaries No LSB modules are available. I cannot say a lot about the target application except that it is multithreaded (150+ threads) and proprietary. I tried to reproduce the problem by building elftools locally then put the string in addr2line but to no avail. I suspect that the tables where the locales are stored in disappear for some reason: |
|
Addendum:
|
|
Greetings, Regards Btw: |
|
I think you're looking for: https://github.com/DynamoRIO/dynamorio/blob/master/ext/drsyms/libelftc/rebuild_elftc.sh |
|
I'll try. Btw is there a simple method to build dynamorio with drmemory from dynamorio master? |
|
It is built in the automated packages so mirroring its steps should do it: https://github.com/DynamoRIO/dynamorio/blob/master/.github/workflows/ci-package.yml#L68 |
|
Okay, so the source directory has a drmemory folder now. Whats missing is the cmake / build command I tried calling |
|
Ok, I built drmemory with default cmake ../ and modified elftoolchain that replaces the libc isdigit call with a simple internal ascii definition: int isdigit_custom ( int c ) drmemory did not crash. |
|
Would this be an acceptable quickfix for you? |
Received SIGSEGV at client library pc 0x00007f36e6555fa9 in thread 15974
Base: 0x00007f36ff0c5000
Registers:eax=0x0000000000000033 ebx=0x00007f34e72ed298 ecx=0x0000000000000050 edx=0x0000000000000000
esi=0x0000000000000050 edi=0x00007f34e72e5e50 esp=0x00007f34e72e5d30 ebp=0x00007f34e72e5e50
r8 =0x00007f35beeaf5b0 r9 =0x0000000000000020 r10=0x00007f36ff2a3000 r11=0x000000000000008f
r12=0x0000000000000033 r13=0x00007f350d36f054 r14=0x0000000000000074 r15=0x0000000000000082
eflags=0x0000000000010203
2.5.19327-0-(Dec 1 2022 15:41:46)
-no_dynamic_options -logdir '/home/user/Downloads/DrMemory-Linux-2.5.19327/drmemory/logs/dynamorio' -client_lib '/home/user/Downloads/DrMemory-Linux-2.5.19327/bin64/debug/libdrmemorylib.so;0;
-light-no_check_uninitialized-logdir/home/user/Downloads/DrMemory-Linux-2.5.19327/drmemory/logs-symcache_dir `/home/user/0x00007f34e72e5e50 0x0000000000000008
/home/user/Downloads/DrMemory-Linux-2.5.19327/dynamorio/lib64/release/libdynamorio.so=0x00007f36ff0c5000
/home/user/Downloads/DrMemory-Linux-2.5.19327/bin64/debug/libdrmemorylib.so=0x00007f36e6302000
/usr/local/lib/libunwind.so.8=0x00007f36fec7e000
/lib/x86_64-linux-gnu/liblzma.so.5=0x00007f36fe438000
/lib/x86_64-linux-gnu/libpthread.so.0=0x00007f36fe013000
/lib/x86_64-linux-gnu/libdl.so.2=0x00007f36fe233000
/lib/x86_64-linux-gnu/libc.so.6=0x000>
~/Downloads/DrMemory-Linux-2.5.19327/bin64/drmemory -debug -light -no_check_uninitialized -- ./myapp
or
drrun -debug -t drmemory -light -no_check_uninitialized -- ./myapp
Only with
-leaks_only -no_count_leaks -no_track_allocs
program will start correctly, even one missing will trigger a fatal sigsegv.
The text was updated successfully, but these errors were encountered: