AddressSanitizer Suppression

Asked 2/10, 2018 at 8:37 Answered 11/10, 2018 at 0:9

I am trying to suppress a warning from the address sanitizer in clang/gcc

My source file looks like this:

int foo(){
  double bar[] = {7,8};
  return bar[3];
}

int main(){
  return foo();
}

and obviously there is an overflow at line 3.

the suppression file (myasan.supp) contains:

interceptor_via_fun:foo

compiling (clang also creates a warning) and running:

clang -O0 -g -fsanitize=address -fno-omit-frame-pointer sanitizerTest.c
ASAN_SYMBOLIZER_PATH=/software/clang/7.0.0/bin/llvm-symbolizer  ASAN_OPTIONS=suppressions=myasan.supp ./a.out

but the address sanitizer still complains about the overflow.

==8119==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffeab4e75f8 at pc 0x0000004008bf bp 0x7ffeab4e75b0 sp 0x7ffeab4e75a8
READ of size 8 at 0x7ffeab4e75f8 thread T0
#0 0x4008be in foo() /tmp/asan/sanitizerTest.c:3
#1 0x400919 in main /tmp/asan/sanitizerTest.c:7
#2 0x7f549fbfb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#3 0x400718 in _start (/tmp/asan/a.out+0x400718)

Compiler is clang7. I tested clang6, gcc7 as well.

Any idea how to make this work?

Bullace answered 2/10, 2018 at 8:37 Comment(2)

Do you really compile with clang/gcc, or do you use clang++/g++? – Foam 2/10, 2018 at 9:38

yes i use clang. but it is not different with clang++ – Bullace 2/10, 2018 at 11:13

Quote from the ASan documentation:

This suppression mechanism should only be used for suppressing issues in external code; it does not work on code recompiled with AddressSanitizer.

Offhand, I think it only works across shared object boundaries.

To suppress: in your own code add __attribute__((no_sanitize("address"))) to the function declaration or use a compile-time blacklist:

$ cat myasan.blacklist
fun:foo
$ clang -fsanitize=address -fsanitize-blacklist=myasan.blacklist -w sanitizerTest.c
$ ./a.out
$

Demisemiquaver answered 11/10, 2018 at 0:9 Comment(1)

Note that according to the ASan docs the -fsanitize-blacklist flag is new and is only supported by clang now. – Eliaeliades 12/1, 2021 at 12:38

We’ve occasionally seen persistent Address Sanitizer false positives soon after startup, which seems to be what’s happening in your example. They always went away eventually after I did a sufficiently clean build with uniform sanitizer settings (including manually nuking a dependency directory outside the Xcode project), so I suspect the problem is with linking files with slightly different sanitizer settings, but I’ve never isolated the problem. (If the settings are different enough, linking fails completely.)

Do persist, by the way; it took a lot of work to get sanitizers working in Xcode with our existing CMake build, but they’re starting to find bugs at a usefully early stage of development.

Parachronism answered 2/10, 2018 at 11:34 Comment(0)

Recommended topics

Hot tags