Skip to content

Asan doesn't report invalid write #14

New issue
New issue
Open
Open
Asan doesn't report invalid write#14
@jeremysalwen

Description

@jeremysalwen
jeremysalwen
opened on Dec 28, 2018

I have a test that perform an invalid write inside unsafe code. However, this program just crashes with a segfault when asan is enabled. No backtrace, or error message besides "Segmentation Fault" is output, and GDB crashes instead of breaking on the error. The only way I was able to get a valid backtrace was with valgrind.

In my experience with asan for C++, this error would definitely have been caught. Is this a bug in the Rust asan integration? I am happy to help gather more debug information about what is happening here.

Valgrind trace:

jeremysalwen@jeremysalwen-glaptop:~/fun/extended-collections-rs$ valgrind /home/jeremysalwen/fun/extended-collections-rs/target/debug/deps/extended_collections-4040d7db4dc997da --test skiplist::tsplist --test-threads=1
==169673== Memcheck, a memory error detector
==169673== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==169673== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==169673== Command: /home/jeremysalwen/fun/extended-collections-rs/target/debug/deps/extended_collections-4040d7db4dc997da --test skiplist::tsplist --test-threads=1
==169673== 

running 13 tests
test skiplist::tsplist::tests::test_add ... ==169673== Invalid write of size 8
==169673==    at 0x1F0C05: extended_collections::skiplist::tsplist::link (tsplist.rs:76)
==169673==    by 0x1F1D1E: <extended_collections::skiplist::tsplist::TspList<T, A>>::insert (tsplist.rs:199)
==169673==    by 0x274CD2: extended_collections::skiplist::tsplist::tests::test_add (tsplist.rs:853)
==169673==    by 0x225649: extended_collections::skiplist::tsplist::tests::test_add::{{closure}} (tsplist.rs:851)
==169673==    by 0x1635CD: core::ops::function::FnOnce::call_once (function.rs:231)
==169673==    by 0x3347BE: {{closure}} (lib.rs:1473)
==169673==    by 0x3347BE: call_once<closure,()> (function.rs:231)
==169673==    by 0x3347BE: <F as alloc::boxed::FnBox<A>>::call_box (boxed.rs:724)
==169673==    by 0x390AD9: __rust_maybe_catch_panic (lib.rs:92)
==169673==    by 0x351E37: try<(),std::panic::AssertUnwindSafe<alloc::boxed::Box<FnBox<()>>>> (panicking.rs:276)
==169673==    by 0x351E37: catch_unwind<std::panic::AssertUnwindSafe<alloc::boxed::Box<FnBox<()>>>,()> (panic.rs:388)
==169673==    by 0x351E37: test::run_test::run_test_inner::{{closure}} (lib.rs:1428)
==169673==    by 0x35175C: test::run_test::run_test_inner (lib.rs:1450)
==169673==    by 0x34FEDB: test::run_test (lib.rs:1469)
==169673==    by 0x3489CC: run_tests<closure> (lib.rs:1149)
==169673==    by 0x3489CC: test::run_tests_console (lib.rs:956)
==169673==    by 0x3404A3: test::test_main (lib.rs:289)
==169673==  Address 0x20 is not stack'd, malloc'd or (recently) free'd
==169673== 
==169673== 
==169673== Process terminating with default action of signal 11 (SIGSEGV)
==169673==  Access not within mapped region at address 0x20
==169673==    at 0x1F0C05: extended_collections::skiplist::tsplist::link (tsplist.rs:76)
==169673==    by 0x1F1D1E: <extended_collections::skiplist::tsplist::TspList<T, A>>::insert (tsplist.rs:199)
==169673==    by 0x274CD2: extended_collections::skiplist::tsplist::tests::test_add (tsplist.rs:853)
==169673==    by 0x225649: extended_collections::skiplist::tsplist::tests::test_add::{{closure}} (tsplist.rs:851)
==169673==    by 0x1635CD: core::ops::function::FnOnce::call_once (function.rs:231)
==169673==    by 0x3347BE: {{closure}} (lib.rs:1473)
==169673==    by 0x3347BE: call_once<closure,()> (function.rs:231)
==169673==    by 0x3347BE: <F as alloc::boxed::FnBox<A>>::call_box (boxed.rs:724)
==169673==    by 0x390AD9: __rust_maybe_catch_panic (lib.rs:92)
==169673==    by 0x351E37: try<(),std::panic::AssertUnwindSafe<alloc::boxed::Box<FnBox<()>>>> (panicking.rs:276)
==169673==    by 0x351E37: catch_unwind<std::panic::AssertUnwindSafe<alloc::boxed::Box<FnBox<()>>>,()> (panic.rs:388)
==169673==    by 0x351E37: test::run_test::run_test_inner::{{closure}} (lib.rs:1428)
==169673==    by 0x35175C: test::run_test::run_test_inner (lib.rs:1450)
==169673==    by 0x34FEDB: test::run_test (lib.rs:1469)
==169673==    by 0x3489CC: run_tests<closure> (lib.rs:1149)
==169673==    by 0x3489CC: test::run_tests_console (lib.rs:956)
==169673==    by 0x3404A3: test::test_main (lib.rs:289)
==169673==  If you believe this happened as a result of a stack
==169673==  overflow in your program's main thread (unlikely but
==169673==  possible), you can try to increase the size of the
==169673==  main thread stack using the --main-stacksize= flag.
==169673==  The main thread stack size used in this run was 8388608.
==169673== 
==169673== HEAP SUMMARY:
==169673==     in use at exit: 25,083 bytes in 395 blocks
==169673==   total heap usage: 594 allocs, 199 frees, 90,729 bytes allocated
==169673== 
==169673== LEAK SUMMARY:
==169673==    definitely lost: 0 bytes in 0 blocks
==169673==    indirectly lost: 0 bytes in 0 blocks
==169673==      possibly lost: 0 bytes in 0 blocks
==169673==    still reachable: 25,083 bytes in 395 blocks
==169673==         suppressed: 0 bytes in 0 blocks
==169673== Rerun with --leak-check=full to see details of leaked memory
==169673== 
==169673== For counts of detected and suppressed errors, rerun with: -v
==169673== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions