Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8335228

[windows] Stack memory corruption in windows\native\libjli\cmdtoargs.c detected by ASAN

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not an Issue
    • Icon: P4 P4
    • None
    • None
    • core-libs
    • None
    • x86_64
    • windows

      After adding -fsanitize-address-use-after-return on Windows (MS Visual Studio 22 (19.37.32824)) I get an ASAN crash. Not sure if it is real or not but I am not familiar with MS-Windows so posting just this bugreport.

      Tested on: 7e55ed3b106ed08956d2d38b7c99fb81704667c9 2024-06-21

      $ ASAN_OPTIONS=detect_stack_use_after_return=0 build/windows-x86_64-server-fastdebug/jdk/bin/java -version
      =================================================================
      AddressSanitizer: CHECK failed: asan_thread.cpp:375 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) (tid=3304)
          #0 0x7ff85d64e28f in _asan_wrap_GlobalSize+0x6abbb (C:\jdk-git\build\windows-x86_64-server-fastdebug\jdk\bin\clang_rt.asan_dynamic-x86_64.dll+0x18006e28f)
          #1 0x7ff85d5fff03 in _asan_wrap_GlobalSize+0x1c82f (C:\jdk-git\build\windows-x86_64-server-fastdebug\jdk\bin\clang_rt.asan_dynamic-x86_64.dll+0x18001ff03)
          #2 0x7ff85d652d06 in _asan_wrap_GlobalSize+0x6f632 (C:\jdk-git\build\windows-x86_64-server-fastdebug\jdk\bin\clang_rt.asan_dynamic-x86_64.dll+0x180072d06)
          #3 0x7ff85d6234c1 in _asan_wrap_GlobalSize+0x3fded (C:\jdk-git\build\windows-x86_64-server-fastdebug\jdk\bin\clang_rt.asan_dynamic-x86_64.dll+0x1800434c1)
          #4 0x7ff85d6225e4 in _asan_wrap_GlobalSize+0x3ef10 (C:\jdk-git\build\windows-x86_64-server-fastdebug\jdk\bin\clang_rt.asan_dynamic-x86_64.dll+0x1800425e4)
          #5 0x7ff85d624447 in _asan_wrap_GlobalSize+0x40d73 (C:\jdk-git\build\windows-x86_64-server-fastdebug\jdk\bin\clang_rt.asan_dynamic-x86_64.dll+0x180044447)
          #6 0x7ff85d64bda6 in _asan_wrap_GlobalSize+0x686d2 (C:\jdk-git\build\windows-x86_64-server-fastdebug\jdk\bin\clang_rt.asan_dynamic-x86_64.dll+0x18006bda6)
          #7 0x7ff85d650239 in _asan_wrap_GlobalSize+0x6cb65 (C:\jdk-git\build\windows-x86_64-server-fastdebug\jdk\bin\clang_rt.asan_dynamic-x86_64.dll+0x180070239)
          #8 0x7ff87114281c in next_arg c:\jdk-git\src\java.base\windows\native\libjli\cmdtoargs.c:85
          #9 0x7ff8711422de in JLI_CmdToArgs c:\jdk-git\src\java.base\windows\native\libjli\cmdtoargs.c:228
          #10 0x7ff7e32311e1 in main c:\jdk-git\src\java.base\share\native\launcher\main.c:113
          #11 0x7ff7e32320cb in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
          #12 0x7ff881db4ddf in BaseThreadInitThunk+0xf (C:\Windows\System32\KERNEL32.DLL+0x180014ddf)
          #13 0x7ff8829fec0a in RtlUserThreadStart+0x2a (C:\Windows\SYSTEM32\ntdll.dll+0x18007ec0a)

      $ ASAN_OPTIONS=detect_stack_use_after_return=1 build/windows-x86_64-server-fastdebug/jdk/bin/java -version
      =================================================================
      ==2948==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x12acbdf09000 at pc 0x7ff87114281d bp 0x00325d1af870 sp 0x00325d1af878
      WRITE of size 1 at 0x12acbdf09000 thread T0
          #0 0x7ff87114281c in next_arg c:\jdk-git\src\java.base\windows\native\libjli\cmdtoargs.c:85
          #1 0x7ff8711422de in JLI_CmdToArgs c:\jdk-git\src\java.base\windows\native\libjli\cmdtoargs.c:228
          #2 0x7ff7e32311e1 in main c:\jdk-git\src\java.base\share\native\launcher\main.c:113
          #3 0x7ff7e32320cb in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
          #4 0x7ff881db4ddf in BaseThreadInitThunk+0xf (C:\Windows\System32\KERNEL32.DLL+0x180014ddf)
          #5 0x7ff8829fec0a in RtlUserThreadStart+0x2a (C:\Windows\SYSTEM32\ntdll.dll+0x18007ec0a)

      Address 0x12acbdf09000 is located in stack of thread T0 at offset 0 in frame
          #0 0x7ff87114216b in JLI_CmdToArgs c:\jdk-git\src\java.base\windows\native\libjli\cmdtoargs.c:203

        This frame has 1 object(s):
          [32, 33) 'wildcard'
      HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
            (longjmp, SEH and C++ exceptions *are* supported)
      SUMMARY: AddressSanitizer: stack-buffer-underflow c:\jdk-git\src\java.base\windows\native\libjli\cmdtoargs.c:85 in next_arg
      Shadow bytes around the buggy address:
        0x0482550611b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0482550611c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0482550611d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0482550611e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0482550611f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      =>0x048255061200:[f1]f1 f1 f1 01 f3 f3 f3 f3 00 00 00 00 00 00 00
        0x048255061210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x048255061220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x048255061230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x048255061240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x048255061250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable: 00
        Partially addressable: 01 02 03 04 05 06 07
        Heap left redzone: fa
        Freed heap region: fd
        Stack left redzone: f1
        Stack mid redzone: f2
        Stack right redzone: f3
        Stack after return: f5
        Stack use after scope: f8
        Global redzone: f9
        Global init order: f6
        Poisoned by user: f7
        Container overflow: fc
        Array cookie: ac
        Intra object redzone: bb
        ASan internal: fe
        Left alloca redzone: ca
        Right alloca redzone: cb
      ==2948==ABORTING

            jkratochvil Jan Kratochvil
            jkratochvil Jan Kratochvil
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: