How to read sanitizer errors correctly?

Question

I wrote a small client-server application in c++ (although there is a lot of C style). I have asan installed to build on macos, but it doesn't give any errors, however when I run the same test in the docker on ubuntu, I get a message from the sanitizer.

I would like to fix the errors, but I just don't understand what they could be caused by. I don't know how I can see where the error is via the byte address.

# ./single_client.sh
clang -shared -fPIC -ldl -O3 -o monkey.so monkey.c
clang++ single_client.cpp -std=c++17 -g -O3 -Werror -Wall -Wextra -pthread -pedantic -o single_client
clang++ multiple_client.cpp -std=c++17 -g -O3 -Werror -Wall -Wextra -pthread -pedantic -o multiple_client
clang++ random_clients.cpp -std=c++17 -g -O3 -Werror -Wall -Wextra -pthread -pedantic -o random_clients
clang++ simple_server.cpp -std=c++17 -g -O3 -Werror -Wall -Wextra -pthread -pedantic -o simple_server
clang++ server.cpp -std=c++17 -g -O3 -g -fsanitize=address -Werror -Wall -Wextra -pthread -pedantic -o server
clang++ client.cpp -std=c++17 -g -O3 -g -fsanitize=address -Werror -Wall -Wextra -pthread -pedantic -o client
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
[TEST] Send
[TEST] Human readeable: 4 alex
[TEST] Send binary hex: 
00000004 616c6578
[TEST] Send
[TEST] Human readeable: 11 hello world
[TEST] Send binary hex: 
0000000b 68656c6c 6f20776f 726c64
[TEST] Read
=================================================================
==61==ERROR: AddressSanitizer: unknown-crash on address 0xffffd05639c0 at pc 0x00000050a6a4 bp 0xffffabcfe8f0 sp 0xffffabcfe908
READ of size 8 at 0xffffd05639c0 thread T1
    #0 0x50a6a3  (/mess/my_data/artifacts/server+0x50a6a3)
    #1 0xffffaf87d087  (/lib/aarch64-linux-gnu/libpthread.so.0+0x7087)

Address 0xffffd05639c0 is located in stack of thread T0 at offset 192 in frame
    #0 0x50a07b  (/mess/my_data/artifacts/server+0x50a07b)

  This frame has 6 object(s):
    [32, 36) 'clilen' (line 24)
    [48, 64) 'serv_addr' (line 25)
    [80, 96) 'cli_addr' (line 25)
    [112, 160) 'm1' (line 27)
    [192, 200) 'newsockfd' (line 59) <== Memory access at offset 192 is inside this variable
    [224, 232) 'thread' (line 61)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: unknown-crash (/mess/my_data/artifacts/server+0x50a6a3) 
Shadow bytes around the buggy address:
  0x200ffa0ac6e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200ffa0ac6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200ffa0ac700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200ffa0ac710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200ffa0ac720: f1 f1 f1 f1 04 f2 00 00 f2 f2 00 00 f2 f2 00 00
=>0x200ffa0ac730: 00 00 00 00 f2 f2 f2 f2[00]f2 f2 f2 f8 f3 f3 f3
  0x200ffa0ac740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200ffa0ac750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200ffa0ac760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200ffa0ac770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200ffa0ac780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
Thread T1 created by T0 here:
    #0 0x4441ab  (/mess/my_data/artifacts/server+0x4441ab)
    #1 0x50a33f  (/mess/my_data/artifacts/server+0x50a33f)
    #2 0xffffaf6ed79f  (/lib/aarch64-linux-gnu/libc.so.6+0x2079f)
    #3 0x41f697  (/mess/my_data/artifacts/server+0x41f697)

==61==ABORTING
terminate called after throwing an instance of 'std::runtime_error'
  what():  could not read message from server: Connection reset by peer
single_client_impl.sh: line 23:    63 Aborted                 ./simple-messanger-tests/src/single_client 8081
single_client_impl.sh: line 1: kill: (61) - No such process

P.s I thought the sanitizer was pointing me to line 59 of the code, but I didn't find anything unusual:

size_t newsockfd = accept(sockfd, (struct sockaddr *)&cli_addr, &clilen);

How is `cli_addr` declared? Looks like it is too small and while trying to access a member it accesses `newsockfd`, which seems to come directly behind it on the stack. — mch, Oct 26 '22 at 21:35
Compile your code [with debug info](https://stackoverflow.com/questions/89603/how-does-the-debugging-option-g-change-the-binary-executable) for more readable errors. — Drew Dormann, Oct 26 '22 at 21:40
I often think that the Sanitizer output from compiling with `g++` is clearer, so if you try with `g++` (and replace `-O3` with `-Og`) you may get better hints. — Ted Lyngmo, Oct 26 '22 at 21:41
Can you include the output from when running it compiled like I suggested in the question too? — Ted Lyngmo, Oct 26 '22 at 21:52
This isn’t an asan issue. You’re throwing a runtime exception. — Taekahn, Oct 27 '22 at 02:09

How to read sanitizer errors correctly?

0 Answers0