Skip Navigation

Clang sanitizer failure with ASLR enabled

www.freebsd.org /security/advisories/FreeBSD-EN-23:15.sanitizer.asc

II. Problem Description

Some of the Sanitizers cannot work correctly when ASLR is enabled. Therefore, at the initialization of such Sanitizers, ASLR is detected via procctl(2). If ASLR is enabled, it is first disabled, and then the main executable containing the Sanitizer is re-executed, after printing an appropriate message.

However, the Sanitizers work by intercepting various function calls, and by mistake the already-intercepted procctl(2) function was used. This causes an internal error, which usually results in a segfault.

III. Impact

Binaries linked to AddressSanitizer (using -fsanitize=address), MemorySanitizer (using -fsanitize=memory) or ThreadSanitizer (using -fsanitize=thread) can crash at startup with a segfault, if ASLR is enabled. Other binaries are not affected.

IV. Workaround

If ASLR is enabled system-wide, the problem can be worked around by running the specific binary with proccontrol(1), to temporarily disable ASLR for only that program. For example:

proccontrol -m aslr -s disable /path/to/example_program

0
0 comments