Better workaround for ASan use-after-poison

Desktop / LibreOffice - Stephan Bergmann [redhat.com] - 6 December 2021 18:22 UTC

...than ae36ee4f3aa544e53e2edad93d6d79160b27bc9d "Work around use-after-poison" for

> ==1922539==ERROR: AddressSanitizer: use-after-poison on address > 0x61d00190fab0 at pc 0x00000026aaa9 bp 0x7f422ee84b80 sp > 0x7f422ee84348 WRITE of size 192 at 0x61d00190fab0 thread T44 #0 in > memset at > ~/github.com/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:800:3 > (instdir/program/soffice.bin +0x26aaa8) #1 at > (/lib64/libnsspem.so +0x15f3d) #2 at (/lib64/libnsspem.so > +0x16185) #3 at (/lib64/libnsspem.so +0x8a9b) #4 at > (/lib64/libnsspem.so +0xe13b) #5 in secmod_ModuleInit at > workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11load.c:244:11 > (instdir/program/libnss3.so +0x4ad372) #6 in secmod_LoadPKCS11Module > at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11load.c:544:10 > (instdir/program/libnss3.so +0x4b1fca) #7 in SECMOD_LoadModule at > workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pars.c:1946:10 > (instdir/program/libnss3.so +0x50de92) #8 in SECMOD_LoadUserModule > at workdir/UnpackedTarball/nss/nss/lib/pk11wrap/pk11pars.c:2042:28 > (instdir/program/libnss3.so +0x50e9a9) #9 in nss_load_module at > workdir/UnpackedTarball/curl/lib/vtls/nss.c:1310:12 > (instdir/program/libcurl.so.4 +0x4fdd25) #10 in nss_setup_connect at > workdir/UnpackedTarball/curl/lib/vtls/nss.c:1894:12 > (instdir/program/libcurl.so.4 +0x4eeffb) #11 in nss_connect_common > at workdir/UnpackedTarball/curl/lib/vtls/nss.c:2235:14 > (instdir/program/libcurl.so.4 +0x4ee237) #12 in > nss_connect_nonblocking at > workdir/UnpackedTarball/curl/lib/vtls/nss.c:2291:10 > (instdir/program/libcurl.so.4 +0x4ebe4a) #13 in > Curl_ssl_connect_nonblocking at > workdir/UnpackedTarball/curl/lib/vtls/vtls.c:361:12 > (instdir/program/libcurl.so.4 +0x514039) #14 in https_connecting at > workdir/UnpackedTarball/curl/lib/http.c:1591:12 > (instdir/program/libcurl.so.4 +0x2f29ce) #15 in Curl_http_connect at > workdir/UnpackedTarball/curl/lib/http.c:1517:14 > (instdir/program/libcurl.so.4 +0x2f23d5) #16 in protocol_connect at > workdir/UnpackedTarball/curl/lib/multi.c:1696:16 > (instdir/program/libcurl.so.4 +0x3b8620) #17 in multi_runsingle at > workdir/UnpackedTarball/curl/lib/multi.c:1997:16 > (instdir/program/libcurl.so.4 +0x3a2232) #18 in curl_multi_perform > at workdir/UnpackedTarball/curl/lib/multi.c:2568:14 > (instdir/program/libcurl.so.4 +0x39dc5c) #19 in > http_dav_ucp::CurlProcessor::ProcessRequestImpl(http_dav_ucp::CurlSession&, > http_dav_ucp::CurlUri const&, curl_slist*, > com::sun::star::uno::Reference > const*, com::sun::star::uno::Sequence const*, > std::pair std::allocator > const&, http_dav_ucp::DAVResource&> > const*, (anonymous namespace)::ResponseHeaders&) at > ucb/source/ucp/webdav-curl/CurlSession.cxx:880:14 > (instdir/program/../program/libucpdav1.so +0x5aad30) 0x61d00190fab0 > is located 48 bytes inside of 2048-byte region > [0x61d00190fa80,0x61d001910280) allocated by thread T44 here: #0 in > malloc at > ~/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 > (instdir/program/soffice.bin +0x2d3c7e) #1 in PR_Malloc at > workdir/UnpackedTarball/nss/nspr/out/pr/src/malloc/../../../../pr/src/malloc/prmem.c:448:55 > (instdir/program/libnspr4.so +0x123629) #2 in PL_ArenaAllocate at > workdir/UnpackedTarball/nss/nspr/out/lib/ds/../../../lib/ds/plarena.c:134:27 > (instdir/program/libplds4.so +0x9a32) #3 at > (/lib64/libnsspem.so +0x15f77)

during UITest_sw_options:

That --with-system-nss workaround for had caused CppunitTest_desktop_lib to start to fail there, presumably "caused by--with-system-nss on the CentOS7 baseline", see the mail thread starting at "Re: [global-libreoffice-ci] UBSAN Linux Build - Build # 2217 - Still Failing!"

And while I had initially not been able to reproduce the use-after-poison during UITest_sw_options with my local ASan+UBSan build (on Fedora 35), I now found out that that was just because my machine happened to not have an nsspem library installed in the system (the nss-pem RPM on Fedora). With that system library installed, my local build failed UITest_sw_options in the same way as the Jenkins tinderbox.

Which lead me to the idea of avoiding the whole mess by avoiding that CUrl loads the (apparently optional) nsspem library in ASan builds altogether. (Another approach might have been to disable the __asan_poison_memory_region functionality in workdir/UnpackedTarball/nss/nspr/lib/ds/plarena.h, but the chosen approach nicely makes us less dependent on accidental differences in build-time execution environments, at least for ASan builds.)

Change-Id: I8fd2ff255771622f26ad666ca78a6d9ded0af2d7 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126451

ba8b3751fa18 Better workaround for ASan use-after-poison
distro-configs/Jenkins/Linux_ubsan_master.conf | 1 -
external/curl/UnpackedTarball_curl.mk | 6 ++++++
external/curl/asan-poison-nsspem.patch.0 | 11 +++++++++++
3 files changed, 17 insertions(+), 1 deletion(-)

Upstream: cgit.freedesktop.org


  • Share