How to unpoison a C++ std::string?
242 views
Skip to first unread message
nolo...@gmail.com
Feb 27, 2016, 7:20:16 PM2/27/16
to memory-sanitizer
I'm catching a Msan finding on some STL code. I'm fairly certain I have it narrowed down to the key used in a map, and the key is a string.
I'm fairly sure about the key because of frame 0 and stl_tree.h:1260. Its calling Rb_tree<>::lower_bound using the key. I also unpoisoned the mp and it did not help.
I've tried to instrument the code as follows (from factory.h:114 below), but its not working as expected. Its still catching the finding on the key.
void RegisterFactory(const std::string &name, ObjectFactory<AbstractClass> *factory)
{
#ifdef CRYPTOPP_MSAN
__msan_unpoison(&name, sizeof(std::string));
__msan_unpoison(&name[0], name.size());
#endif
m_map[name] = factory;
}
How do I unpoison a C++ string?
Or is there a way to say "ignore stuff from the C++ Runtime and associated files"?
==========
$ ./cryptest.exe v 2>&1 | /usr/bin/asan_symbolize
==26988== WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7f51903b2ca8 in _ZNSt8_Rb_treeISsSt4pairIKSsPvESt10_Select1stIS3_ESt4lessISsESaIS3_EE14_M_lower_boundEPSt13_Rb_tree_nodeIS3_ESC_RS1_ /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/bits/stl_tree.h:1260 (discriminator 1)
#1 0x7f51903b0fce in _ZNSt3mapISsPvSt4lessISsESaISt4pairIKSsS0_EEEixERS4_ /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/bits/stl_map.h:496
#2 0x7f51903ef9da in _ZN8CryptoPP21ObjectFactoryRegistryINS_18HashTransformationELi0EE15RegisterFactoryERKSsPNS_13ObjectFactoryIS1_EE /home/jwalton/cryptopp/./factory.h:65
#3 0x7f51903ab51e in RegisterDefaultFactoryFor /home/jwalton/cryptopp/./factory.h:114 (discriminator 6)
#4 0x7f51903aa93e in _Z17RegisterFactoriesv /home/jwalton/cryptopp/regtest.cpp:70
#5 0x7f51902ffbf3 in main /home/jwalton/cryptopp/test.cpp:136
#6 0x7f518e8cab44 in __libc_start_main /build/glibc-h_iKOs/glibc-2.19/csu/libc-start.c:287
#7 0x7f519027d69c in _start ??:?
SUMMARY: MemorySanitizer: use-of-uninitialized-value ??:0 ??
And:
$ echo " _ZNSt8_Rb_treeISsSt4pairIKSsPvESt10_Select1stIS3_ESt4lessISsESaIS3_EE14_M_lower_boundEPSt13_Rb_tree_nodeIS3_ESC_RS1_" | c++filt
std::_Rb_tree<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::basic_string<char, std::char_traits<char>, std::allocator<char> > const, void*>, std::_Select1st<std::pair<std::basic_string<char, std::char_traits<char>, std::allocator<char> > const, void*> >, std::less<std::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::basic_string<char, std::char_traits<char>, std::allocator<char> > const, void*> > >::_M_lower_bound(std::_Rb_tree_node<std::pair<std::basic_string<char, std::char_traits<char>, std::allocator<char> > const, void*> >*, std::_Rb_tree_node<std::pair<std::basic_string<char, std::char_traits<char>, std::allocator<char> > const, void*> >*, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
I'm fairly sure about the key because of frame 0 and stl_tree.h:1260. Its calling Rb_tree<>::lower_bound using the key. I also unpoisoned the mp and it did not help.
I've tried to instrument the code as follows (from factory.h:114 below), but its not working as expected. Its still catching the finding on the key.
void RegisterFactory(const std::string &name, ObjectFactory<AbstractClass> *factory)
{
#ifdef CRYPTOPP_MSAN
__msan_unpoison(&name, sizeof(std::string));
__msan_unpoison(&name[0], name.size());
#endif
m_map[name] = factory;
}
How do I unpoison a C++ string?
Or is there a way to say "ignore stuff from the C++ Runtime and associated files"?
==========
$ ./cryptest.exe v 2>&1 | /usr/bin/asan_symbolize
==26988== WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7f51903b2ca8 in _ZNSt8_Rb_treeISsSt4pairIKSsPvESt10_Select1stIS3_ESt4lessISsESaIS3_EE14_M_lower_boundEPSt13_Rb_tree_nodeIS3_ESC_RS1_ /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/bits/stl_tree.h:1260 (discriminator 1)
#1 0x7f51903b0fce in _ZNSt3mapISsPvSt4lessISsESaISt4pairIKSsS0_EEEixERS4_ /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/bits/stl_map.h:496
#2 0x7f51903ef9da in _ZN8CryptoPP21ObjectFactoryRegistryINS_18HashTransformationELi0EE15RegisterFactoryERKSsPNS_13ObjectFactoryIS1_EE /home/jwalton/cryptopp/./factory.h:65
#3 0x7f51903ab51e in RegisterDefaultFactoryFor /home/jwalton/cryptopp/./factory.h:114 (discriminator 6)
#4 0x7f51903aa93e in _Z17RegisterFactoriesv /home/jwalton/cryptopp/regtest.cpp:70
#5 0x7f51902ffbf3 in main /home/jwalton/cryptopp/test.cpp:136
#6 0x7f518e8cab44 in __libc_start_main /build/glibc-h_iKOs/glibc-2.19/csu/libc-start.c:287
#7 0x7f519027d69c in _start ??:?
SUMMARY: MemorySanitizer: use-of-uninitialized-value ??:0 ??
And:
$ echo " _ZNSt8_Rb_treeISsSt4pairIKSsPvESt10_Select1stIS3_ESt4lessISsESaIS3_EE14_M_lower_boundEPSt13_Rb_tree_nodeIS3_ESC_RS1_" | c++filt
std::_Rb_tree<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::basic_string<char, std::char_traits<char>, std::allocator<char> > const, void*>, std::_Select1st<std::pair<std::basic_string<char, std::char_traits<char>, std::allocator<char> > const, void*> >, std::less<std::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::basic_string<char, std::char_traits<char>, std::allocator<char> > const, void*> > >::_M_lower_bound(std::_Rb_tree_node<std::pair<std::basic_string<char, std::char_traits<char>, std::allocator<char> > const, void*> >*, std::_Rb_tree_node<std::pair<std::basic_string<char, std::char_traits<char>, std::allocator<char> > const, void*> >*, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
Konstantin Serebryany
Feb 28, 2016, 1:08:56 AM2/28/16
to memory-s...@googlegroups.com
please read here: https://github.com/google/sanitizers/wiki/MemorySanitizerLibcxxHowTo
--
You received this message because you are subscribed to the Google Groups "memory-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to memory-sanitiz...@googlegroups.com.
To post to this group, send email to memory-s...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/memory-sanitizer/cbe9218d-dc18-43ae-9b71-0a24706705ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
nolo...@gmail.com
Feb 28, 2016, 5:52:20 AM2/28/16
to memory-sanitizer
On Sunday, February 28, 2016 at 1:08:56 AM UTC-5, Konstantin Serebryany wrote:
please read here: https://github.com/google/sanitizers/wiki/MemorySanitizerLibcxxHowTo
Oh, ouch. But thanks for the help.
Jeff
Evgenii Stepanov
Feb 29, 2016, 4:14:06 PM2/29/16
to memory-s...@googlegroups.com
Also, use -fsanitize-memory-track-origins, it adds lots of useful info
to the reports.
to the reports.
> --
> You received this message because you are subscribed to the Google Groups
> "memory-sanitizer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to memory-sanitiz...@googlegroups.com.
> To post to this group, send email to memory-s...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/memory-sanitizer/81521b74-74e5-435c-b69c-86f0c13a0147%40googlegroups.com.
> You received this message because you are subscribed to the Google Groups
> "memory-sanitizer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to memory-sanitiz...@googlegroups.com.
> To post to this group, send email to memory-s...@googlegroups.com.
> To view this discussion on the web visit
Reply all
Reply to author
Forward
0 new messages