illegal read of byte preceding an automatic (stack allocate) variable #73718
Comments
|
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
ghost
added
the
in-pr
|
Tagging subscribers to this area: @hoyosjs Issue DetailsDescriptionCompiling on/for x64 architecture on linux with clang-14. The function CMiniMdBase::InitColsForTable runtime/src/coreclr/md/runtime/metamodel.cpp Line 720 in 9bd2cb5 allocates an automatic array variable of CMiniColDef[9]. The base address of this array is passed down through UsesAllocatedMemory(). UsesAllocatedMemory apparently implements some kind of marking of the preceding byte to determine if the block was obtained from a memory allocator. But in this case, the block is an automatic in some nearby frame. In our case, the preceding bytes contain a pointer pTemplate. Uses AllocatedMemory reads a byte from that pointer, which one depends on endianness. You can't do thatt. Reproduction StepsCompile with -fsanitize=address and stop at first fail. Expected behaviorno errors detected by asan Actual behaviorRead an adjacent memory location. Regression?No response Known WorkaroundsProbably put a dummy slot in the frame before the [9] vector to emulate what's done when those CMiniColDefs are allocated dynamically. ConfigurationNo response Other informationNo response
|
AntonLapounov
added
area-Diagnostics-coreclr
and removed
untriaged
|
Tagging subscribers to this area: @tommcdon Issue DetailsDescriptionCompiling on/for x64 architecture on linux with clang-14. The function CMiniMdBase::InitColsForTable runtime/src/coreclr/md/runtime/metamodel.cpp Line 720 in 9bd2cb5 allocates an automatic array variable of CMiniColDef[9]. The base address of this array is passed down through UsesAllocatedMemory(). UsesAllocatedMemory apparently implements some kind of marking of the preceding byte to determine if the block was obtained from a memory allocator. But in this case, the block is an automatic in some nearby frame. In our case, the preceding bytes contain a pointer pTemplate. Uses AllocatedMemory reads a byte from that pointer, which one depends on endianness. You can't do thatt. Reproduction StepsCompile with -fsanitize=address and stop at first fail. Expected behaviorno errors detected by asan Actual behaviorRead an adjacent memory location. Regression?No response Known WorkaroundsProbably put a dummy slot in the frame before the [9] vector to emulate what's done when those CMiniColDefs are allocated dynamically. ConfigurationNo response Other informationNo response
|
|
Moving to future as this long term work to enable sanitizers is ongoing. This will be fixed as part of that. |
ghost
removed
the
in-pr
ghost
locked as resolved and limited conversation to collaborators
Description
Compiling on/for x64 architecture on linux with clang-14.
The function CMiniMdBase::InitColsForTable
runtime/src/coreclr/md/runtime/metamodel.cpp
Line 720 in 9bd2cb5
allocates an automatic array variable of CMiniColDef[9]. The base address of this array is passed down through UsesAllocatedMemory(). UsesAllocatedMemory apparently implements some kind of marking of the preceding byte to determine if the block was obtained from a memory allocator.
But in this case, the block is an automatic in some nearby frame. In our case, the preceding bytes contain a pointer pTemplate. Uses AllocatedMemory reads a byte from that pointer, which one depends on endianness.
You can't do thatt.
Reproduction Steps
Compile with -fsanitize=address and stop at first fail.
Expected behavior
no errors detected by asan
Actual behavior
Read an adjacent memory location.
Regression?
No response
Known Workarounds
Probably put a dummy slot in the frame before the [9] vector to emulate what's done when those CMiniColDefs are allocated dynamically.
Configuration
No response
Other information
No response
The text was updated successfully, but these errors were encountered: