0 Replies Latest reply on Oct 2, 2015 7:47 AM by chfast

    OpenCL shared library corrupts memory on linux

    chfast

      When my application starts and loads libamdocl64.so (the shared library with OpenCL implementation) that library corrupts memory around thread local storage. That causes a hang on any TLS access.

       

      The address sanitizer report:

      =================================================================

      ==2418==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000007240 at pc 0x0000008052f8 bp 0x7ffc260a9ff0 sp 0x7ffc260a97a0

      READ of size 1024 at 0x604000007240 thread T0

          #0 0x8052f7 in __interceptor_memcpy /home/chfast/Projects/llvm/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:436

          #1 0x7f87ba8a3319  (/usr/lib/libatiadlxx.so+0x1d319)

          #2 0x7f87ba8a3747  (/usr/lib/libatiadlxx.so+0x1d747)

          #3 0x7f87ba8be192 in ADL2_ApplicationProfiles_ProfileOfAnApplicationX2_Search (/usr/lib/libatiadlxx.so+0x38192)

          #4 0x7f87bb0ba35a  (/usr/lib/libamdocl64.so+0x67935a)

          #5 0x7f87bb0ba723  (/usr/lib/libamdocl64.so+0x679723)

          #6 0x7f87bb0bcd7a  (/usr/lib/libamdocl64.so+0x67bd7a)

          #7 0x7f87bb0d6e16  (/usr/lib/libamdocl64.so+0x695e16)

          #8 0x7f87bb0a7992 in clIcdGetPlatformIDsKHR (/usr/lib/libamdocl64.so+0x666992)

          #9 0x7f87ce547330 in getenv (/usr/lib/x86_64-linux-gnu/libOpenCL.so.1+0x4330)

          #10 0x7f87d059d5b9 in call_init /build/buildd/glibc-2.21/elf/dl-init.c:72

          #11 0x7f87d059d6ca in call_init /build/buildd/glibc-2.21/elf/dl-init.c:30

          #12 0x7f87d059d6ca in _dl_init /build/buildd/glibc-2.21/elf/dl-init.c:120

          #13 0x7f87d058dd09  (/lib64/ld-linux-x86-64.so.2+0xd09)

       

       

      0x604000007240 is located 0 bytes to the right of 48-byte region [0x604000007210,0x604000007240)

      allocated by thread T0 here:

          #0 0x864328 in __interceptor_malloc /home/chfast/Projects/llvm/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40

          #1 0x7f87bd1b39ac  (/usr/lib/libamdocl64.so+0x27729ac)

       

       

      SUMMARY: AddressSanitizer: heap-buffer-overflow /home/chfast/Projects/llvm/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:436 in __interceptor_memcpy

      Shadow bytes around the buggy address:

        0x0c087fff8df0: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 06 fa

        0x0c087fff8e00: fa fa 00 00 00 00 06 fa fa fa 00 00 00 00 06 fa

        0x0c087fff8e10: fa fa 00 00 00 00 06 fa fa fa 00 00 00 00 06 fa

        0x0c087fff8e20: fa fa 00 00 00 00 06 fa fa fa fd fd fd fd fd fa

        0x0c087fff8e30: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa

      =>0x0c087fff8e40: fa fa 00 00 00 00 00 00[fa]fa 00 00 00 00 00 00

        0x0c087fff8e50: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00

        0x0c087fff8e60: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd

        0x0c087fff8e70: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd

        0x0c087fff8e80: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd

        0x0c087fff8e90: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd

      Shadow byte legend (one shadow byte represents 8 application bytes):

        Addressable:           00

        Partially addressable: 01 02 03 04 05 06 07

        Heap left redzone:       fa

        Heap right redzone:      fb

        Freed heap region:       fd

        Stack left redzone:      f1

        Stack mid redzone:       f2

        Stack right redzone:     f3

        Stack partial redzone:   f4

        Stack after return:      f5

        Stack use after scope:   f8

        Global redzone:          f9

        Global init order:       f6

        Poisoned by user:        f7

        Container overflow:      fc

        Array cookie:            ac

        Intra object redzone:    bb

        ASan internal:           fe

        Left alloca redzone:     ca

        Right alloca redzone:    cb

      ==2418==ABORTING