Address Sanitizer failure in dwarf_loader.c tag__record_dwarf_type #18
Description
Testing with version 1.20 I see the following address sanitizer failures for the commands:
pahole -J "${kernel}"
pahole -s "${kernel}" | sort -k2 -nr | head -5
==3813206==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000202ce0 at pc 0x559c910010ad bp 0x7ffc54f15ea0 sp 0x7ffc54f15e98
READ of size 8 at 0x621000202ce0 thread T0
#0 0x559c910010ac in dwarf_tag__spec pahole/dwarf_loader.c:97:9
#1 0x559c910003af in tag__recode_dwarf_type pahole/dwarf_loader.c:2123:33
#2 0x559c90fffef2 in cu__recode_dwarf_types_table pahole/dwarf_loader.c:2159:8
#3 0x559c90ff97fd in cu__recode_dwarf_types pahole/dwarf_loader.c:2168:6
#4 0x559c90ff9449 in die__process_and_recode pahole/dwarf_loader.c:2248:9
#5 0x559c90ff87d0 in cus__load_module pahole/dwarf_loader.c:2518:7
#6 0x559c90ff8033 in cus__process_dwflmod pahole/dwarf_loader.c:2566:9
#7 0x559c9102d4ee in dwfl_getmodules dwfl_getmodules.c:86:16
#8 0x559c90ff7e00 in cus__process_file pahole/dwarf_loader.c:2619:2
#9 0x559c90ff7640 in dwarf__load_file pahole/dwarf_loader.c:2636:8
#10 0x559c9100bc67 in cus__load_file pahole/dwarves.c:1969:7
#11 0x559c9100bf27 in cus__load_files pahole/dwarves.c:2330:7
#12 0x559c90fe46b2 in main pahole/pahole.c:2760:8
0x621000202ce0 is located 0 bytes to the right of 4064-byte region [0x621000201d00,0x621000202ce0)
allocated by thread T0 here:
#0 0x559c90fc7f5d in malloc
#1 0x7fdb696fef05 in _obstack_newchunk
#2 0x559c90ff7a47 in obstack_zalloc pahole/dwarf_loader.c:113:12
#3 0x559c90ffbb5f in __tag__alloc pahole/dwarf_loader.c:375:27
#4 0x559c90ffb6d6 in tag__alloc pahole/dwarf_loader.c:396:9
#5 0x559c90fff617 in variable__new pahole/dwarf_loader.c:621:9
#6 0x559c90ffb0c8 in die__create_new_variable pahole/dwarf_loader.c:1246:25
#7 0x559c90ffe178 in die__process_function pahole/dwarf_loader.c:1645:10
#8 0x559c90ffaa81 in die__create_new_function pahole/dwarf_loader.c:1704:6
#9 0x559c90ff9de4 in __die__process_tag pahole/dwarf_loader.c:1747:9
#10 0x559c90ff9be3 in die__process_unit pahole/dwarf_loader.c:1777:21
#11 0x559c90ff96d1 in die__process pahole/dwarf_loader.c:2230:13
#12 0x559c90ff943d in die__process_and_recode pahole/dwarf_loader.c:2245:12
#13 0x559c90ff87d0 in cus__load_module pahole/dwarf_loader.c:2518:7
#14 0x559c90ff8033 in cus__process_dwflmod pahole/dwarf_loader.c:2566:9
#15 0x559c9102d4ee in dwfl_getmodules dwfl_getmodules.c:86:16
#16 0x559c90ff7e00 in cus__process_file pahole/dwarf_loader.c:2619:2
#17 0x559c90ff7640 in dwarf__load_file pahole/dwarf_loader.c:2636:8
#18 0x559c9100bc67 in cus__load_file pahole/dwarves.c:1969:7
#19 0x559c9100bf27 in cus__load_files pahole/dwarves.c:2330:7
#20 0x559c90fe46b2 in main pahole/pahole.c:2760:8
SUMMARY: AddressSanitizer: heap-buffer-overflow pahole/dwarf_loader.c:97:9 in dwarf_tag__spec
Shadow bytes around the buggy address:
0x0c4280038540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4280038550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4280038560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4280038570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4280038580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c4280038590: 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa
0x0c42800385a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c42800385b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c42800385c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c42800385d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c42800385e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==3813206==ABORTING