test suite failures with expensive hardening. (#18934) · Issues · The Tor Project / Core / Tor

test suite failures with expensive hardening.

Building master [fb9c9e04f002fbbd9745911a17481b49ed66c9f4] with --enable-gcc-warnings --disable-silent-rules --enable-expensive-hardening, ``` 16:59:04 ============================================= 16:59:04 tor 0.2.9.0-alpha-dev: ./test-suite.log 16:59:04 ============================================= 16:59:04 16:59:04 # TOTAL: 9 16:59:04 # PASS: 6 16:59:04 # SKIP: 1 16:59:04 # XFAIL: 0 16:59:04 # FAIL: 2 16:59:04 # XPASS: 0 16:59:04 # ERROR: 0 16:59:04 16:59:04 .. contents:: :depth: 2 16:59:04 16:59:04 FAIL: src/test/test-memwipe 16:59:04 =========================== 16:59:04 16:59:04 ================================================================= 16:59:04 ==28523==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffec6e913d0 at pc 0x7fc25b0fdb29 bp 0x7ffec6e90f60 sp 0x7ffec6e90f58 16:59:04 READ of size 1 at 0x7ffec6e913d0 thread T0 16:59:04 #0 0x7fc25b0fdb28 in vmemeq ../src/test/test-memwipe.c:66 16:59:04 #1 0x7fc25b0fdb28 in check_a_buffer ../src/test/test-memwipe.c:88 16:59:04 #2 0x7fc25b0fc0c0 in main ../src/test/test-memwipe.c:180 16:59:04 #3 0x7fc257a66b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) 16:59:04 #4 0x7fc25b0fd5ea (/srv/jenkins-workspace/workspace/tor-ci-linux-master/ARCHITECTURE/amd64/SUITE/jessie/build-tree-tor/src/test/test-memwipe+0x1545ea) 16:59:04 16:59:04 Address 0x7ffec6e913d0 is located in stack of thread T0 at offset 1056 in frame 16:59:04 #0 0x7fc25b0fd8af in check_a_buffer ../src/test/test-memwipe.c:74 16:59:04 16:59:04 This frame has 1 object(s): 16:59:04 [32, 1056) 'buf' <== Memory access at offset 1056 overflows this variable 16:59:04 HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext 16:59:04 (longjmp and C++ exceptions *are* supported) 16:59:04 SUMMARY: AddressSanitizer: stack-buffer-overflow ../src/test/test-memwipe.c:66 vmemeq 16:59:04 Shadow bytes around the buggy address: 16:59:04 0x100058dca220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16:59:04 0x100058dca230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16:59:04 0x100058dca240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16:59:04 0x100058dca250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16:59:04 0x100058dca260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16:59:04 =>0x100058dca270: 00 00 00 00 00 00 00 00 00 00[f3]f3 f3 f3 00 00 16:59:04 0x100058dca280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 16:59:04 0x100058dca290: f1 f1 00 00 00 f4 00 00 00 00 00 00 00 00 00 00 16:59:04 0x100058dca2a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16:59:04 0x100058dca2b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16:59:04 0x100058dca2c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16:59:04 Shadow byte legend (one shadow byte represents 8 application bytes): 16:59:04 Addressable: 00 16:59:04 Partially addressable: 01 02 03 04 05 06 07 16:59:04 Heap left redzone: fa 16:59:04 Heap right redzone: fb 16:59:04 Freed heap region: fd 16:59:04 Stack left redzone: f1 16:59:04 Stack mid redzone: f2 16:59:04 Stack right redzone: f3 16:59:04 Stack partial redzone: f4 16:59:04 Stack after return: f5 16:59:04 Stack use after scope: f8 16:59:04 Global redzone: f9 16:59:04 Global init order: f6 16:59:04 Poisoned by user: f7 16:59:04 Contiguous container OOB:fc 16:59:04 ASan internal: fe 16:59:04 ==28523==ABORTING 16:59:04 16:59:04 SKIP: src/test/test_switch_id.sh 16:59:04 ================================ 16:59:04 16:59:04 This test only works when run as root. Skipping. 16:59:04 16:59:04 FAIL: src/test/test_bt.sh 16:59:04 ========================= 16:59:04 16:59:04 OK 16:59:04 ../src/test/test_bt_cl.c:39:24: runtime error: store to null pointer of type 'volatile int' 16:59:04 ASAN:SIGSEGV 16:59:04 ================================================================= 16:59:04 ==28713==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f9c360d73b4 sp 0x7fff3cd6cd20 bp 0x7fff3cd6cd40 T0) 16:59:04 #0 0x7f9c360d73b3 in crash ../src/test/test_bt_cl.c:39 16:59:04 #1 0x7f9c360d73f0 in oh_what ../src/test/test_bt_cl.c:58 16:59:04 #2 0x7f9c360d7441 in a_tangled_web ../src/test/test_bt_cl.c:64 16:59:04 #3 0x7f9c360d7490 in we_weave ../src/test/test_bt_cl.c:70 16:59:04 #4 0x7f9c360d6a74 in main ../src/test/test_bt_cl.c:119 16:59:04 #5 0x7f9c335d4b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) 16:59:04 #6 0x7f9c360d71ea (/srv/jenkins-workspace/workspace/tor-ci-linux-master/ARCHITECTURE/amd64/SUITE/jessie/build-tree-tor/src/test/test-bt-cl+0x7f1ea) 16:59:04 16:59:04 AddressSanitizer can not provide additional info. 16:59:04 SUMMARY: AddressSanitizer: SEGV ../src/test/test_bt_cl.c:39 crash 16:59:04 ==28713==ABORTING 16:59:04 BAD ```

issue