Not login

Revision history [back]

Address Sanitizer报告unknown-crash问题

我用asan扫描内存破坏的问题,asan却报告了很多unknown-crash的问题,请问什么情况下asan会报告unknown-crash呢?

环境: 编译器:gcc 8.2.0 Asan:libasan.so.5 操作系统:Linux euto-v9 4.14.137 CPU:ARM v8

1.asan也报出很多类型明确的错误,这些错误我们都能够查出原因

2.asan报出的unknown-crash问题,都无法查明原因

3.下面log中报出的问题,发生在一个构造函数中

4.构造函数所在的对象的内存,都是0xbe,应该是asan对未初始化的内存的默认设置

5.在Asan的Shadow Memory中,我们访问的内存是0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00,这一点让我们非常困惑,所有报出来unknown-crash的问题,内存都被填充为上述的值。

==4192==ERROR: AddressSanitizer: unknown-crash on address 0x007e810f00f0 at pc 0x005577ce1940 bp 0x007f581b81f0 sp 0x007f581b8210 WRITE of size 4 at 0x007e810f00f0 thread T92 (MxUgThread2) #0 0x5577ce193f in MGGuideUnitt::MGGuideUnitt() (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4fc593f) #1 0x5577d5d587 in ug::matchguide::SoundGuide::UpdateGuideUnit(UGNotifyMatchInf const*, bool) (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x5041587) #2 0x5577d5ddcb in ug::matchguide::SoundGuide::GuideExecute(UGNotifyMatchInf const*) (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x5041dcb) #3 0x5577cc3f23 in ug::matchguide::GuideUnitCtl::GuideExecute(UGNotifyMatchInf const*) (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4fa7f23) #4 0x5577c81577 in ug::matchguide::MatchGuide::OnGuideExecute() (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4f65577) #5 0x5577c81e0f in ug::matchguide::MatchGuide::PutMatchStatus(UGNotifyMatchInf const&) (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4f65e0f) #6 0x5577c8847b in boost::detail::function::voidfunctionobjinvoker0<boost::_bi::bind_t<int, boost::_mfi::mf1<int,="" ug::matchguide::matchguide,="" ug_notifymatchinf="" const&amp;&gt;,="" boost::<em="">bi::list2<boost::_bi::value<ug::matchguide::matchguide*>, boost::bi::value<ug_notifymatchinf> > >, void>::invoke(boost::detail::function::functionbuffer&) (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4f6c47b) #7 0x5577c8dc1f in AsyncClassObjet<ug::matchguide::matchguide>::doasync() (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4f71c1f) #8 0x5577a5b99b in CUGWorkThread::RunTask() (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4d3f99b) #9 0x5579acef37 in UPFOSThreadAdapter::invoke() (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x6db2f37) #10 0x5579aced33 in UPFTHREADADAPTERNAME (/lge/app_ro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x6db2d33) #11 0x7f9b63f6fb (/lib/libpthread.so.0+0x76fb) #12 0x7f9b0a3ffb (/lib/libc.so.6+0xcaffb)

0x007e810f00f0 is located 112 bytes inside of 1184-byte region [0x007e810f0080,0x007e810f0520) allocated by thread T92 (MxUgThread2) here: #0 0x7f9e8618a7 in _interceptormalloc (/lge/appro/navi/naviengine/navicore/MXNavi/libasan.so.5+0xd48a7) #1 0x5577d5d57f in ug::matchguide::SoundGuide::UpdateGuideUnit(UGNotifyMatchInf const*, bool) (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x504157f) #2 0x5577d5ddcb in ug::matchguide::SoundGuide::GuideExecute(UGNotifyMatchInf const*) (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x5041dcb) #3 0x5577cc3f23 in ug::matchguide::GuideUnitCtl::GuideExecute(UGNotifyMatchInf const*) (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4fa7f23) #4 0x5577c81577 in ug::matchguide::MatchGuide::OnGuideExecute() (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4f65577) #5 0x5577c81e0f in ug::matchguide::MatchGuide::PutMatchStatus(UGNotifyMatchInf const&) (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4f65e0f) #6 0x5577c8847b in boost::detail::function::voidfunctionobjinvoker0<boost::_bi::bind_t<int, boost::_mfi::mf1<int,="" ug::matchguide::matchguide,="" ug_notifymatchinf="" const&amp;&gt;,="" boost::<em="">bi::list2<boost::_bi::value<ug::matchguide::matchguide*>, boost::bi::value<ug_notifymatchinf> > >, void>::invoke(boost::detail::function::functionbuffer&) (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4f6c47b) #7 0x5577c8dc1f in AsyncClassObjet<ug::matchguide::matchguide>::doasync() (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4f71c1f) #8 0x5577a5b99b in CUGWorkThread::RunTask() (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4d3f99b) #9 0x5579acef37 in UPFOSThreadAdapter::invoke() (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x6db2f37) #10 0x5579aced33 in UPFTHREADADAPTERNAME (/lge/app_ro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x6db2d33) #11 0x7f9b63f6fb (/lib/libpthread.so.0+0x76fb) #12 0x7f9b0a3ffb (/lib/libc.so.6+0xcaffb)

SUMMARY: AddressSanitizer: unknown-crash (/lge/appro/navi/naviengine/package/vw/cn/MXNavi/MXNavi+0x4fc593f) in MGGuideUnitt::MGGuideUnit_t() Shadow bytes around the buggy address: 0x001fd021dfc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x001fd021dfd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x001fd021dfe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x001fd021dff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x001fd021e000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x001fd021e010: 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02[01]00 0x001fd021e020: 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00 0x001fd021e030: 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00 0x001fd021e040: 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00 0x001fd021e050: 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00 0x001fd021e060: 0f 0e 0d 0c 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==4192==ABORTING

关闭