You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cmake -DCMAKE_C_COMPILER="gcc" -DCMAKE_C_FLAGS="-g -fsanitize=address -fno-omit-frame-pointer" -DCMAKE_EXE_LINKER_FLAGS="-g -fsanitize=address -fno-omit-frame-pointer".
make
ASAN Log
Error: [Fatal] repl_load: function signature mismatch
Error: function signature mismatch
=================================================================
==870880==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000000108 at pc 0x560f75ac370c bp 0x7ffc5e7508d0 sp 0x7ffc5e7508c0
READ of size 8 at 0x611000000108 thread T0
#0 0x560f75ac370b in ForEachModule /root/wasm3/source/m3_env.c:211
#1 0x560f75ac370b in Runtime_Release /root/wasm3/source/m3_env.c:232
#2 0x560f75ac3789 in m3_FreeRuntime /root/wasm3/source/m3_env.c:248
#3 0x560f75a8258d in main /root/wasm3/platforms/app/main.c:722
#4 0x7fd4e9b57082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#5 0x560f75a8408d in _start (/root/wasm3/wasm3+0x2408d)
0x611000000108 is located 200 bytes inside of 208-byte region [0x611000000040,0x611000000110)
freed by thread T0 here:
#0 0x7fd4e9fb440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
#1 0x560f75a85743 in repl_load /root/wasm3/platforms/app/main.c:165
previously allocated by thread T0 here:
#0 0x7fd4e9fb4a06 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
#1 0x560f75ad04e9 in m3_ParseModule /root/wasm3/source/m3_parse.c:609
SUMMARY: AddressSanitizer: heap-use-after-free /root/wasm3/source/m3_env.c:211 in ForEachModule
Shadow bytes around the buggy address:
0x0c227fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff8000: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c227fff8010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c227fff8020: fd[fd]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==870880==ABORTING
When an error module inputs, memory allocation is in m3_ParseModule(), and link to global runtime by m3_LoadModule() , however, when it fails in link_all(), goto happens, it goes to on_error and trigger m3_FreeModule. But there is still a reference kept in global runtime.
Version
commit 139076a (HEAD -> main, origin/main, origin/HEAD)
Compile
ASAN Log
Reproduce
PoC
PoC
The text was updated successfully, but these errors were encountered: