Hi all,
I was trying to compile dfsan with wget. (Just enabling the dfsan feature, without actually making changes to the source code) Without dfsan, I am able to compile and run wget 1.19.5 (available at https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz). But when compiled with dfsan, it encountered a null pointer dereference error.
Following an old post:http://lists.llvm.org/pipermail/cfe-dev/2014-May/037160.html . I was trying to use a blacklist for openssl functions.
My commands are:
export CC=“clang -g -fsanitize=dataflow -fsanitize-blacklist=/tmp/openssl-list.txtexport LDFLAGS=” -fsanitize=dataflow -fsanitize-blacklist=/tmp/openssl-list.txt
./configure --with-ssl=openssl
make
I’ve tried with clang 9,10, and the nightly build of 11 today.
The error is:
when trying to run “src/wget www.google.com”
Program received signal SIGSEGV, Segmentation fault.
0x00005555556de113 in url_parse (url=0x555555c47550 “http://www.google.com”,
error=0x7fffffffdb30, iri=0x555555c442f0 <dummy_iri>, percent_encode=true)
at url.c:837
837 if (*p == ‘:’)
and p is a null pointer.
I am not sure if this is because I misused the dfsan or for some other reason, any ideas?
Attached is the fsanitize-blacklist I’ve used.
Thanks,
Tianyi
openssl-list.txt (689 Bytes)
Hi all,
I was trying to compile dfsan with wget. (Just enabling the dfsan feature, without actually making changes to the source code) Without dfsan, I am able to compile and run wget 1.19.5 (available at https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz). But when compiled with dfsan, it encountered a null pointer dereference error.
Following an old post:http://lists.llvm.org/pipermail/cfe-dev/2014-May/037160.html . I was trying to use a blacklist for openssl functions.
My commands are:
export CC="clang -g -fsanitize=dataflow -fsanitize-blacklist=/tmp/openssl-list.txt
export LDFLAGS=" -fsanitize=dataflow -fsanitize-blacklist=/tmp/openssl-list.txt
./configure --with-ssl=openssl
make
I've tried with clang 9,10, and the nightly build of 11 today.
The error is:
when trying to run "src/wget www.google.com"
Program received signal SIGSEGV, Segmentation fault.
0x00005555556de113 in url_parse (url=0x555555c47550 "http://www.google.com",
error=0x7fffffffdb30, iri=0x555555c442f0 <dummy_iri>, percent_encode=true)
at url.c:837
837 if (*p == ':')
and p is a null pointer.
If `p` is a null pointer, then reading *p should segfault. To debug
this, you need to discover why p is null.
I am not sure if this is because I misused the dfsan or for some other reason, any ideas?
Does this happen if you build without `-fsanitize=dataflow
-fsanitize-blacklist=/tmp/openssl-list.txt` in CC and LDFLAGS?
No. Without these sanitizer flags, running the built binary with "wget www.google.com " successfully downloaded the html file without any errors. My OS is Ubuntu 18.04.4 LTS (64 bit), in case this info may help.
Just to clarify, the command in the previous email should be "./wget www.google.com " or "src/wget www.google.com " depending on the folder so the wget run is indeed the built one instead of the one that comes from the system. Sorry for possible confusions.
I concluded my investigation and the reason looks like dfsan breaks the strchr function, as reported previously here https://bugs.llvm.org/show_bug.cgi?id=22392 .
The following is the gdb log, for the build without dfsan, strchr enters the implementation, for the build with dfsan, the function was just skipped.
I concluded my investigation and the reason looks like dfsan breaks the strchr function, as reported previously here https://bugs.llvm.org/show_bug.cgi?id=22392 .
Tianyi,
Thanks for reducing the problem to a specific issue. I created a
patch to fix it:
https://reviews.llvm.org/D77996
Sam