Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--encoding=[any but ASCII] --list=[format-tests, format-all-details, format-details] with ASan #1239

Closed
loverszhaokai opened this issue Apr 28, 2015 · 5 comments
Closed

--encoding=[any but ASCII] --list=[format-tests, format-all-details, format-details] with ASan #1239

loverszhaokai opened this issue Apr 28, 2015 · 5 comments
Assignees
@loverszhaokai
Labels
notes/external issues

Comments

@loverszhaokai
Copy link
Contributor

The GDB info likes #1231, maybe they are the same problem.
#1. Prepare

$ export ASAN_OPTIONS='abort_on_error=1'
$ CC=clang AFL_USE_ASAN=1 AFL_HARDEN=1 ./configure --enable-asan --enable-memdbg && make -sj8
#2. Reproduce

$ ./john --encoding=[any but ASCII] --list=[format-tests, format-all-details, format-details]
...
...
Segmentation fault
#3. Gdb

$ gdb ./john
$ set args --encoding=UTF-8 --list=format-details
$ r
...
...
Program received signal SIGSEGV, Segmentation fault.
__interceptor_free (ptr=0x6060000e9720) at /home/kai/workspace/llvm-3.6.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:29
29 INTERCEPTOR(void, free, void *ptr) {
(gdb) bt
#0 __interceptor_free (ptr=0x6060000e9720) at /home/kai/workspace/llvm-3.6.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:29
#1 0x00007fffea824637 in ?? () from /usr/lib64/libnvidia-opencl.so.1
#2 0x00007fffea846070 in ?? () from /usr/lib64/libnvidia-opencl.so.1
#3 0x00007fffea8194e2 in ?? () from /usr/lib64/libnvidia-opencl.so.1
#4 0x00007fffea8c4388 in ?? () from /usr/lib64/libnvidia-opencl.so.1
#5 0x00007fffea8c4026 in ?? () from /usr/lib64/libnvidia-opencl.so.1
#6 0x00007ffff70e6172 in khrIcdVendorAdd () from /usr/lib64/libOpenCL.so.1
#7 0x00007ffff70e8106 in khrIcdOsVendorsEnumerate () from /usr/lib64/libOpenCL.so.1
#8 0x00007ffff70e77e0 in clGetPlatformIDs () from /usr/lib64/libOpenCL.so.1
#9 0x00000000009673ce in start_opencl_environment ()
#10 0x000000000095a14b in opencl_preinit ()
#11 0x00000000009620c1 in opencl_prepare_dev ()
#12 0x0000000000962ceb in opencl_init ()
#13 0x00000000007aacf8 in init ()
#14 0x00000000008bb058 in fmt_init ()
#15 0x0000000000926386 in listconf_parse_late ()
#16 0x00000000008c7fed in john_init ()
#17 0x00000000008c6a58 in main ()
@frank-dittrich
Copy link
Collaborator

Given all the trouble ASan seems to have with OpenCL and CUDA, may be it is indeed better to first fuzz a --disable-opencl --disable-cuda build.

A second step could then be to test a build with OpenCL and CUDA and with memdbg, but without ASan, and check the memdbg output for errors.
Since only GPU related problems should remain for this second step, you might limit fuzzing to GPU specific options (--device, --list=cuda-devices, --list=opencl-devices) or options that behave differently when OpenCL or CUDA are supported (--list=build-info, which shows OpenCL specific or CUDA specific information)
For everything related to formats (--test, --list?formats, --list=format-*`), you might alway add --format=gpu, to avoid repeating tests of CPU formats.

@loverszhaokai
Copy link
Contributor Author

@frank-dittrich

Thanks for your advice.

@frank-dittrich
Copy link
Collaborator

Probably asan cannot rewrite malloc() etc. for libraries which get loaded prior to libasan.

gcc 4.9 and newer do have

      -static-libasan
           When the -fsanitize=address option is used to link a program, the
           GCC driver automatically links against libasan.  If libasan is
           available as a shared library, and the -static option is not used,
           then this links against the shared version of libasan.  The
           -static-libasan option directs the GCC driver to link libasan
           statically, without necessarily linking other libraries statically.

       -static-libtsan
           When the -fsanitize=thread option is used to link a program, the
           GCC driver automatically links against libtsan.  If libtsan is
           available as a shared library, and the -static option is not used,
           then this links against the shared version of libtsan.  The
           -static-libtsan option directs the GCC driver to link libtsan
           statically, without necessarily linking other libraries statically.

This can be be a workaround.

Another could be using LD_PRELOAD, see https://code.google.com/p/address-sanitizer/wiki/AsanAsDso

But I really suggest you fuzz non-gpu builds first (should also be much faster).

@magnumripper
Copy link
Member

Given all the trouble ASan seems to have with OpenCL and CUDA, may be it is indeed better to first fuzz a --disable-opencl --disable-cuda build.

Absolutely. Please do not add any more issues with Asan in combination of OpenCL or CUDA unless you can verify there is still a problem when ASan is not involved. I regard this an invalid issue.

@loverszhaokai
Copy link
Contributor Author

Absolutely. Please do not add any more issues with Asan in combination of OpenCL or CUDA unless you can verify there is still a problem when ASan is not involved. I regard this an invalid issue.

OK. Get it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@loverszhaokai loverszhaokai

Labels
notes/external issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@magnumripper @frank-dittrich @loverszhaokai