New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

regexec() interception broken on Ubuntu GLIBC 2.27 #1371

Closed

arichardson opened this issue Feb 9, 2021 · 2 comments

arichardson commented Feb 9, 2021

I was trying to use ASan to instrument a program that uses the REG_STARTSTOP flag for regexec.
This resulted in an inifite loop since this flag was being ignore. After lots of debugging I noticed that ASan instrumentation resulted in GLibc's __compat_regexec being called instead of __regexec.
The difference between those functions is that __compat_regexec strips the REG_STARTSTOP flag (https://code.woboq.org/userspace/glibc/posix/regexec.c.html#239).

I don't quite understand why dlsym gives the compat (the @GLIBC_2.2.5 version) symbol instead of the newer one (@GLIBC_2.3.4).
A small test program shows that resolving it using RTLD_DEFAULT finds the 2.3.4 version but RTLD_NEXT find 2.2.5:

#define _GNU_SOURCE

#include <regex.h>
#include <dlfcn.h>
#include <stdio.h>


__asm__(".symver __compat_regexec, regexec@GLIBC_2.2.5");
__asm__(".symver __regexec, regexec@GLIBC_2.3.4");
void __compat_regexec(void);
void __regexec(void);

int main() {
    printf("addrof regexec=%p\n", &regexec);
    printf("addrof __regexec=%p\n", &__regexec);
    printf("addrof __compat_regexec=%p\n", &__compat_regexec);
    printf("dlsym(RTLD_NEXT, regexec)=%p\n", dlsym(RTLD_NEXT, "regexec"));
    printf("dlsym(RTLD_DEFAULT, regexec)=%p\n", dlsym(RTLD_DEFAULT,"regexec"));
    printf("dlvsym(RTLD_NEXT, regexec@GLIBC_2.3.4)=%p\n", dlvsym(RTLD_NEXT, "regexec", "GLIBC_2.3.4"));
    printf("dlvsym(RTLD_DEFAULT, regexec@GLIBC_2.3.4)=%p\n", dlvsym(RTLD_DEFAULT, "regexec", "GLIBC_2.3.4"));
    printf("dlvsym(RTLD_NEXT, regexec@GLIBC_2.2.5)=%p\n", dlvsym(RTLD_NEXT, "regexec", "GLIBC_2.2.5"));
    printf("dlvsym(RTLD_DEFAULT, regexec@GLIBC_2.2.5)=%p\n", dlvsym(RTLD_DEFAULT, "regexec", "GLIBC_2.2.5"));
}

The output of this program on Ubuntu 18.04 is:

addrof regexec=0x7f3458cf8700
addrof __regexec=0x7f3458cf8700
addrof __compat_regexec=0x7f3458d5e540
dlsym(RTLD_NEXT, regexec)=0x7f3458d5e540
dlsym(RTLD_DEFAULT, regexec)=0x7f3458cf8700
dlvsym(RTLD_NEXT, regexec@GLIBC_2.3.4)=0x7f3458cf8700
dlvsym(RTLD_DEFAULT, regexec@GLIBC_2.3.4)=0x7f3458cf8700
dlvsym(RTLD_NEXT, regexec@GLIBC_2.2.5)=0x7f3458d5e540
dlvsym(RTLD_DEFAULT, regexec@GLIBC_2.2.5)=0x7f3458d5e540

I can see there is already a workaround fo realpath (llvm/llvm-project@77ef78a), maybe this needs a similar workaround (or we use dlvsym to resolve this symbol)?

Maybe it's sufficient to change
COMMON_INTERCEPT_FUNCTION(regexec);
to COMMON_INTERCEPT_FUNCTION_VER(regexec, "GLIBC_2.3.4"); if SANITIZER_GLIBC is defined?

The text was updated successfully, but these errors were encountered:

Author

arichardson commented Feb 9, 2021

https://reviews.llvm.org/D96348 fixes this.

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

57cf0b3

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

ff74ab0

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

805da6f

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

d386458

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

5e39432

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

e7d978c

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

a1fbdc4

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

70ec527

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

ce6996f

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

48ee6c8

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

bd3e922

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

2585d19

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

d8a23d4

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

ff34242

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

086400d

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

cf649db

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

0356e0c

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

4274c25

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

c738aaf

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

b72c325

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

bd4f8b8

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

390c4df

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

e596473

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

835b771

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

4c56046

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

0d6b575

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

87ff4ba

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

2f5c381

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

135b133

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

13f01a4

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

ad12c3e

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

1f153e9

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

8e07b74

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

5200fa7

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

822620e

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

hauke mentioned this issue

sem_* interception broken with mips glibc versioning #1380

Open

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

af56c93

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

10af111

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

f783650

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to arichardson/freebsd that referenced this issue


          usr.bin/sed: Speed up vector grow

46a0f49

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

arichardson added a commit to arichardson/freebsd that referenced this issue


          Minor sed cleanups

Summary:
sed: Fix a UBSan warning and clean up a pedantic few compiler warnings

This avoids adding a zero offset to a NULL pointer, but written in such
a way that the compiler can generate the same code as before. While
touching this file also clean up a few signed/unsigned warnings.

usr.bin/sed: Speed up vector grow

Double the size when we run out of space instead of using 1K at a time.
I noticed this while debugging an infinite loop due to
google/sanitizers#1371

usr.bin/sed: Add an assertion that REG_STARTEND

This was helpful while tracking down an ASan interceptor bug
(google/sanitizers#1371).

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D28557

arichardson added a commit to llvm/llvm-project that referenced this issue


          [sanitizers] Fix interception of GLibc regexec

ad294e5

Previously, on GLibc systems, the interceptor was calling __compat_regexec
(regexec@GLIBC_2.2.5) insead of the newer __regexec (regexec@GLIBC_2.3.4).
The __compat_regexec strips the REG_STARTEND flag but does not report an
error if other flags are present. This can result in infinite loops for
programs that use REG_STARTEND to find all matches inside a buffer (since
ignoring REG_STARTEND means that the search always starts from the first
character).

The underlying issue is that GLibc's dlsym(RTLD_NEXT, ...) appears to
always return the oldest versioned symbol instead of the default. This
means it does not match the behaviour of dlsym(RTLD_DEFAULT, ...) or the
behaviour documented in the manpage.

It appears a similar issue was encountered with realpath and worked around
in 77ef78a.

See also https://sourceware.org/bugzilla/show_bug.cgi?id=14932 and
https://sourceware.org/bugzilla/show_bug.cgi?id=1319.

Fixes google/sanitizers#1371

Reviewed By: #sanitizers, vitalybuka, marxin

Differential Revision: https://reviews.llvm.org/D96348

stefan-sf-ibm mentioned this issue

regexec versioned interception fails #1390

Open

Author

arichardson commented Mar 30, 2021

Fixed in llvm/llvm-project@ad294e5

arichardson closed this as completed

arichardson added a commit to CTSRD-CHERI/llvm-project that referenced this issue


          [sanitizers] Fix interception of GLibc regexec

cc053af

Previously, on GLibc systems, the interceptor was calling __compat_regexec
(regexec@GLIBC_2.2.5) insead of the newer __regexec (regexec@GLIBC_2.3.4).
The __compat_regexec strips the REG_STARTEND flag but does not report an
error if other flags are present. This can result in infinite loops for
programs that use REG_STARTEND to find all matches inside a buffer (since
ignoring REG_STARTEND means that the search always starts from the first
character).

The underlying issue is that GLibc's dlsym(RTLD_NEXT, ...) appears to
always return the oldest versioned symbol instead of the default. This
means it does not match the behaviour of dlsym(RTLD_DEFAULT, ...) or the
behaviour documented in the manpage.

It appears a similar issue was encountered with realpath and worked around
in 77ef78a.

See also https://sourceware.org/bugzilla/show_bug.cgi?id=14932 and
https://sourceware.org/bugzilla/show_bug.cgi?id=1319.

Fixes google/sanitizers#1371

Reviewed By: #sanitizers, vitalybuka, marxin

Differential Revision: https://reviews.llvm.org/D96348

jrtc27 pushed a commit to CTSRD-CHERI/compiler-rt that referenced this issue


          [sanitizers] Fix interception of GLibc regexec

eed8076

Previously, on GLibc systems, the interceptor was calling __compat_regexec
(regexec@GLIBC_2.2.5) insead of the newer __regexec (regexec@GLIBC_2.3.4).
The __compat_regexec strips the REG_STARTEND flag but does not report an
error if other flags are present. This can result in infinite loops for
programs that use REG_STARTEND to find all matches inside a buffer (since
ignoring REG_STARTEND means that the search always starts from the first
character).

The underlying issue is that GLibc's dlsym(RTLD_NEXT, ...) appears to
always return the oldest versioned symbol instead of the default. This
means it does not match the behaviour of dlsym(RTLD_DEFAULT, ...) or the
behaviour documented in the manpage.

It appears a similar issue was encountered with realpath and worked around
in 77ef78a0a5dbaa364529bd05ed7a7bd9a71dd8d4.

See also https://sourceware.org/bugzilla/show_bug.cgi?id=14932 and
https://sourceware.org/bugzilla/show_bug.cgi?id=1319.

Fixes google/sanitizers#1371

Reviewed By: #sanitizers, vitalybuka, marxin

Differential Revision: https://reviews.llvm.org/D96348

mem-frob pushed a commit to draperlaboratory/hope-llvm-project that referenced this issue


          [sanitizers] Fix interception of GLibc regexec

414a80a

Previously, on GLibc systems, the interceptor was calling __compat_regexec
(regexec@GLIBC_2.2.5) insead of the newer __regexec (regexec@GLIBC_2.3.4).
The __compat_regexec strips the REG_STARTEND flag but does not report an
error if other flags are present. This can result in infinite loops for
programs that use REG_STARTEND to find all matches inside a buffer (since
ignoring REG_STARTEND means that the search always starts from the first
character).

The underlying issue is that GLibc's dlsym(RTLD_NEXT, ...) appears to
always return the oldest versioned symbol instead of the default. This
means it does not match the behaviour of dlsym(RTLD_DEFAULT, ...) or the
behaviour documented in the manpage.

It appears a similar issue was encountered with realpath and worked around
in 77ef78a.

See also https://sourceware.org/bugzilla/show_bug.cgi?id=14932 and
https://sourceware.org/bugzilla/show_bug.cgi?id=1319.

Fixes google/sanitizers#1371

Reviewed By: #sanitizers, vitalybuka, marxin

Differential Revision: https://reviews.llvm.org/D96348

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment