=====Sanitizers=====
Pour que les sanitizers fonctionnent bien, il est très fortement recommandé (imposé par Visual Studio) de compiler le projet et toutes ces dépendances.
Il existe ''-fsanitize=address,thread,undefined'' mais ''address'' et ''thread'' ne sont pas compatible simultanément.
====memory====
Détecte l'utilise de mémoire non initialisée.
int main(int argc, char **argv) {
int x[10];
x[0] = 1;
return x[argc];
}
clang -fsanitize=memory -fno-omit-frame-pointer -fsanitize-memory-track-origins=2 -g main.c -o main
$ clang -fsanitize=memory -fno-omit-frame-pointer -fsanitize-memory-track-origins=2 -g main5.c -o main5 && ./main5==3981==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x492d5e in main /tmp/main5.c:4:3
#1 0x7f592c432461 in __libc_start_main .../sys-libs/glibc-2.25-r9/work/glibc-2.25/csu/../csu/libc-start.c:295
#2 0x41a129 in _start (/tmp/main5+0x41a129)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /tmp/main5.c:4:3 in main
[[prog:valgrind|valgrind]] détecte l'erreur.
==4011== Syscall param exit_group(status) contains uninitialised byte(s)
==4011== at 0x4F002B8: _Exit (_exit.c:31)
==4011== by 0x4E70423: __run_exit_handlers (exit.c:98)
==4011== by 0x4E704DC: exit (exit.c:105)
==4011== by 0x4E58468: (below main) (libc-start.c:329)
==4011== Uninitialised value was created by a stack allocation
==4011== at 0x400470: main (main5.c:1)
Instrumentation de la stdlib :
L'utilisation de la libraire standard crée de nombreux faux positifs si la stdlib n'est pas instrumentée.
Pour l'instrumenter, il faut suivre les instructions de [[https://github.com/google/sanitizers/wiki/MemorySanitizerLibcxxHowTo|MemorySanitizerLibcxxHowTo]] {{ :prog:clang:memorysanitizerlibcxxhowto_google_sanitizers_wiki_2020-02-13_22_56_51_.html |Archive du 29/01/2016 le 13/02/2020}}
====Control Flow Integrity====
[[https://www.usenix.org/sites/default/files/conference/protected-files/enigma_slides_serebryany.pdf|Sanitize, Fuzz, and Harden Your C++ Code]], {{ :prog:clang:enigma_slides_serebryany.pdf |Archive}}
Nécessite l'option ''Gold'' de ''llvm''.
Il est possible d'activer tous les cfi-* (''cfi-vcall'', ''cfi-ncall'', ''cfi-icall'', ''cfi-derived-cast'', ''cfi-unrelated-cast'') en une seule fois : ''-fsanitize=cfi''.
===Exemple 1===
#include
void Bad() { puts("BOOO"); }
struct Expr {
long a[2];
long (*Op)(long *);
};
int main(int argc, char **argv) {
struct Expr e;
// On écrit indirectement sur la variable Op.
e.a[2 * argc] = (long)&Bad;
e.Op(e.a);
}
* Sans le sanitizer
clang a.c && ./a.out
BOOO
* Avec le sanitizer
clang -flto -fsanitize=cfi -fvisibility=hidden -fno-sanitize-trap=cfi -g a.c && ./a.out
file.cpp:11:3: runtime error: control flow integrity check for type 'long (long *)' failed during indirect function call
file.cpp:2: note: Bad() defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior cfi_cast_strict.cpp:11:3 in
[[prog:valgrind|valgrind]] ne détecte pas l'erreur.
===Exemple 2===
void Bad() { puts("BOOO"); exit(0); }
int main(int argc, char **argv) {
long array[10];
array[argc * 13] = (long)&Bad;
}
Nécessite l'option ''Gold'' de ''llvm''. L'exemple ne marche que pour du 64 bits.
* Sans protection
clang a.c && ./a.out
BOOO
Segmentation fault
* Avec protection ''safe-stack''
clang -fsanitize=safe-stack a.c && ./a.out
Pas de message d'erreur...
* Avec protection ''cfi''
clang++ cfi_cast_strict.cpp -O0 -fsanitize=cfi -flto=thin -fvisibility=hidden -fno-sanitize-trap=cfi
BOOO
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==12856==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x7f6e125389a0 (pc 0x7f6e125389a0 bp 0x7ffcbb5f9370 sp 0x7ffcbb5f92a8 T12856)
==12856==The signal is caused by a READ memory access.
==12856==Hint: PC is at a non-executable region. Maybe a wild jump?
#0 0x7f6e125389a0 (/usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/libstdc++.so.6+0x2209a0)
UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV (/usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/libstdc++.so.6+0x2209a0)
==12856==ABORTING
[[prog:valgrind|valgrind]] détecte l'erreur.
====address====
Il détecte des erreurs de type global-buffer-overflow, heap-use-after-free.
[[https://www.youtube.com/watch?v=qTkYDA0En6U|CppCon 2015: Kostya Serebryany “Beyond Sanitizers, Fuzzing and Hardening your C++ apps for Security and Reliability”]]
* global-buffer-overflow
int global_array[100] = {-1};
int main(int argc, char **argv) {
return global_array[argc+100];
}
gcc main.c -g -fsanitize=address -fno-omit-frame-pointer -o main && ./main
=================================================================
==2500==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000740cf4 at pc 0x00000050d9bf bp 0x7ffeabb89b70 sp 0x7ffeabb89b68
READ of size 4 at 0x000000740cf4 thread T0
#0 0x50d9be in main /tmp/main.c:4:10
#1 0x7f1208faa461 in __libc_start_main .../sys-libs/glibc-2.25-r9/work/glibc-2.25/csu/../csu/libc-start.c:295
#2 0x419709 in _start (/tmp/main+0x419709)
0x000000740cf4 is located 4 bytes to the right of global variable 'global_array' defined in 'main.c:1:5' (0x740b60) of size 400
SUMMARY: AddressSanitizer: global-buffer-overflow /tmp/main.c:4:10 in main
Shadow bytes around the buggy address:
0x0000800e0140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800e0150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800e0160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800e0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800e0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0000800e0190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[f9]f9
0x0000800e01a0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x0000800e01b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800e01c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800e01d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800e01e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2500==ABORTING
[[prog:valgrind|valgrind]] ne détecte pas l'erreur.
* heap-use-after-free
int main(int argc, char **argv) {
int *array = new int[100];
delete [] array;
return array[argc];
}
g++ main2.c -g -fsanitize=address -fno-omit-frame-pointer -o main2 && ./main2
=================================================================
==2765==ERROR: AddressSanitizer: heap-use-after-free on address 0x614000000044 at pc 0x000000512445 bp 0x7ffd51684f60 sp 0x7ffd51684f58
READ of size 4 at 0x614000000044 thread T0
#0 0x512444 in main /tmp/main2.c:4:10
#1 0x7fd8d0086461 in __libc_start_main .../sys-libs/glibc-2.25-r9/work/glibc-2.25/csu/../csu/libc-start.c:295
#2 0x419d29 in _start (/tmp/main2+0x419d29)
0x614000000044 is located 4 bytes inside of 400-byte region [0x614000000040,0x6140000001d0)
freed by thread T0 here:
#0 0x50ef30 in operator delete[](void*) .../sys-libs/compiler-rt-sanitizers-5.0.0/work/compiler-rt-5.0.0.src/lib/asan/asan_new_delete.cc:141
#1 0x5123f6 in main /tmp/main2.c:3:3
#2 0x7fd8d0086461 in __libc_start_main .../sys-libs/glibc-2.25-r9/work/glibc-2.25/csu/../csu/libc-start.c:295
#3 0x419d29 in _start (/tmp/main2+0x419d29)
previously allocated by thread T0 here:
#0 0x50e1c8 in operator new[](unsigned long) .../sys-libs/compiler-rt- sanitizers-5.0.0/work/compiler-rt-5.0.0.src/lib/asan/asan_new_delete.cc:95
#1 0x5123d4 in main /tmp/main2.c:2:16
#2 0x7fd8d0086461 in __libc_start_main .../sys-libs/glibc-2.25-r9/work/glibc-2.25/csu/../csu/libc-start.c:295
#3 0x419d29 in _start (/tmp/main2+0x419d29)
SUMMARY: AddressSanitizer: heap-use-after-free /tmp/main2.c:4:10 in main
Shadow bytes around the buggy address:
0x0c287fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c287fff8000: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd
0x0c287fff8010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fff8020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fff8030: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x0c287fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c287fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[[prog:valgrind|valgrind]] détecte l'erreur.
==2787== Command: ./main2
==2787==
==2787== Invalid read of size 4
==2787== at 0x4005AF: main (main2.c:4)
==2787== Address 0x5b25c84 is 4 bytes inside a block of size 400 free'd
==2787== at 0x4C2CAA5: operator delete[](void*) (vg_replace_malloc.c:621)
==2787== by 0x4005A6: main (main2.c:3)
==2787== Block was alloc'd at
==2787== at 0x4C2BAC8: operator new[](unsigned long) (vg_replace_malloc.c:423)
==2787== by 0x400584: main (main2.c:2)
* stack-use-after-return
int *g;
void LeakLocal() {
int local;
g = &local;
}
int main(){
LeakLocal();
return *g;
}
gcc main3.c -g -o main3 -fsanitize=address -fno-omit-frame-pointer
ASAN_OPTIONS=detect_stack_use_after_return=1 ./main3
L'utilisation de ''ASAN_OPTIONS=detect_stack_use_after_return=1'' est nécessaire car cette option peut créer des faux positifs.
=================================================================
==2907==ERROR: AddressSanitizer: stack-use-after-return on address 0x7f57b2a00020 at pc 0x00000050db25 bp 0x7ffe8dfc7330 sp 0x7ffe8dfc7328
READ of size 4 at 0x7f57b2a00020 thread T0
#0 0x50db24 in main /tmp/main3.c:10:10
#1 0x7f57b604d461 in __libc_start_main .../sys-libs/glibc-2.25-r9/work/glibc-2.25/csu/../csu/libc-start.c:295
#2 0x419709 in _start (/tmp/main3+0x419709)
Address 0x7f57b2a00020 is located in stack of thread T0 at offset 32 in frame
#0 0x50d95f in LeakLocal /tmp/main3.c:3
This frame has 1 object(s):
[32, 36) 'local' (line 4) <== Memory access at offset 32 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return /tmp/main3.c:10:10 in main
Shadow bytes around the buggy address:
0x0feb76537fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0feb76537fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0feb76537fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0feb76537fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0feb76537ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0feb76538000: f5 f5 f5 f5[f5]f5 f5 f5 00 00 00 00 00 00 00 00
0x0feb76538010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0feb76538020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0feb76538030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0feb76538040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0feb76538050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[[prog:valgrind|valgrind]] détecte l'erreur.
valgrind --track-origins=yes ./main3
==2961== Syscall param exit_group(status) contains uninitialised byte(s)
==2961== at 0x4F002B8: _Exit (_exit.c:31)
==2961== by 0x4E70423: __run_exit_handlers (exit.c:98)
==2961== by 0x4E704DC: exit (exit.c:105)
==2961== by 0x4E58468: (below main) (libc-start.c:329)
==2961== Uninitialised value was created by a stack allocation
==2961== at 0x4004A4: main (main3.c:10)
====thread====
#include
int main() {
int x;
std::thread t([&]{x=42;});
x = 43;
t.join();
return 0;
}
g++ -std=c++11 main4.c -g -o main4 -fsanitize=thread -fno-omit-frame-pointer
Le plantage reste aléatoire et il est nécessaire de lancer l'application plusieurs fois.
==================
WARNING: ThreadSanitizer: data race (pid=3226)
Write of size 4 at 0x7ffd04d5b144 by thread T1:
#0 operator() /tmp/main4.c:5 (main4+0x000000400d0b)
#1 __invoke_impl > /usr/lib/gcc/x86_64-pc-linux-gnu/7.2.0/include/g++-v7/bits/invoke.h:60 (main4+0x000000401171)
#2 __invoke > /usr/lib/gcc/x86_64-pc-linux-gnu/7.2.0/include/g++-v7/bits/invoke.h:95 (main4+0x000000400e30)
#3 _M_invoke<0> /usr/lib/gcc/x86_64-pc-linux-gnu/7.2.0/include/g++-v7/thread:234 (main4+0x0000004014b5)
#4 operator() /usr/lib/gcc/x86_64-pc-linux-gnu/7.2.0/include/g++-v7/thread:243 (main4+0x000000401448)
#5 _M_run /usr/lib/gcc/x86_64-pc-linux-gnu/7.2.0/include/g++-v7/thread:186 (main4+0x0000004013ee)
#6 (libstdc++.so.6+0x0000000e251e)
Previous write of size 4 at 0x7ffd04d5b144 by main thread:
#0 main /tmp/main4.c:6 (main4+0x000000400d75)
Location is stack of main thread.
Thread T1 (tid=3228, running) created by main thread at:
#0 pthread_create (libtsan.so.0+0x00000002917a)
#1 std::thread::_M_start_thread(std::unique_ptr >, void (*)()) (libstdc++.so.6+0x0000000e288c)
#2 main /tmp/main4.c:5 (main4+0x000000400d69)
SUMMARY: ThreadSanitizer: data race /tmp/main4.c:5 in operator()
==================
ThreadSanitizer: reported 1 warnings
[[prog:valgrind|valgrind]] ne détecte pas l'erreur.
===undefined===
int main(int argc, char **argv) {
int t = argc << 16;
return t*t;
}
gcc -fsanitize=undefined -fno-sanitize-recover=all -fno-omit-frame-pointer main5.c -g -o main5
main6.c:3:11: runtime error: signed integer overflow: 65536 * 65536 cannot be represented in type 'int'
[[prog:valgrind|valgrind]] ne détecte pas l'erreur.
=====Erreurs=====
====runtime error: control flow integrity check for type '...' failed during cast to unrelated type (vtable address 0x000000000000)====
Le fait que l'adresse de la ''vtable'' soit nulle indique que la classe n'en a pas. Si une ou plusieurs méthodes sont déclarés virtuelles, elles ont été optimisées par le compilateur.
La solution est donc de supprimer (après vérification) la déclaration ''virtual''.
[[https://bugs.chromium.org/p/chromium/issues/detail?id=515973|Issue 515973: Invalid cast in SkTArray.h]] {{ :prog:clang:515973_-_invalid_cast_in_sktarray.h_-_chromium_2021-06-20_12_00_33_.html |Archive du 31/07/2015 le 20/06/2021}}
[[https://codereview.chromium.org/1259143006/patch/1/10001|Unified Diff: include/core/SkTArray.h]] {{ :prog:clang:include_core_sktarray.h_-_issue_1259143006_remove_unnecessary_virtual_destructor_on_sktarray_-_code_review_2021-06-20_12_02_40_.html |Archive du 31/07/2015 le 20/06/2021}}
====cast to unrelated type aligned_buffer.h====
/usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/include/g++-v11/ext/aligned_buffer.h:115:16: runtime error: control flow integrity check for type '...' failed during cast to unrelated type (vtable address 0x747365742f617461)
0x747365742f617461: note: invalid vtable
/usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/include/g++-v11/ext/aligned_buffer.h:115:16: note: check failed in ..., vtable located in (unknown)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/include/g++-v11/ext/aligned_buffer.h:115:16 in
L'utilisation de ''std::make_shared'' couplé avec le ''-fsanitize=cfi'' peu poser problème. Le constructeur de ''shared_ptr'' va vouloir caster la zone mémoire avant d'appeler le constructeur. La zone mémoire étant non initialisée, le sanitizer ne va pas reconnaitre le pointeur ''vtable''.
Ce problème existe dans l'implémentation sous clang et gcc.
''clang'' a résolu le problème en ajoutant '' _LIBCPP_NO_CFI'' à la fonction ''%%_Storage::__get_elem%%'' dans le fichier ''memory''.
Pour ''gcc'', il faut faire la même chose avec ''%%__attribute__((__no_sanitize__("cfi")))%%'' pour les fonctions ''%%__aligned_buffer::%%_M_ptr'' dans le fichier ''aligned_buffer.h''.
[[https://www.mail-archive.com/llvm-bugs@lists.llvm.org/msg48282.html|New: Recent shared_ptr storage change causes CFI cast failures during make_shared]] {{ :prog:clang:llvm-bugs_bug_48993_new_recent_shared_ptr_storage_change_https_reviews.llvm.org_d91201_causes_cfi_cast_failures_during_make_shared_2021-06-23_21_13_22_.html |Archive du 01/02/2021 le 23/06/2021}}
[[https://reviews.llvm.org/D95827|Avoid cast before T is constructed to pacify CFI checks]] {{ :prog:clang:⚙_d95827_avoid_cast_t_before_t_is_constructed_to_pacify_cfi_checks_2021-06-23_21_13_34_.html |Archive du 01/02/2021 le 23/06/2021}}
[[https://reviews.llvm.org/D96063|Disable CFI in __get_elem to allow casting a pointer to uninitialized memory]] {{ :prog:clang:⚙_d96063_🍒_disable_cfi_in_get_elem_to_allow_casting_a_pointer_to_uninitialized_memory_2021-06-23_21_14_00_.html |Archive du 04/02/2021 le 23/06/2021}}
====RTTI symbol not found for class====
Pour diagnostiquer une erreur de sanitizer, il est possible de mettre un point d'arrêt avec [[prog:clang#gdb|gdb]].
Il est possible d'avoir des warnings de la part de gdb à propos de RTTI (''warning: RTTI symbol not found for class''). Dans ce cas, le plantage du sanitizer cfi est probablement un faux positif car il travaille sur les informations RTTI.
Exemple de message d'erreur généré par le sanitizer à l'exécution.
/usr/lib/gcc/x86_64-pc-linux-gnu/11.2.1/include/g++-v11/bits/std_function.h:590:9: runtime error: control flow integrity check for type 'std::unique_ptr (const std::_Any_data &)' failed during indirect function call
/usr/lib/gcc/x86_64-pc-linux-gnu/11.2.1/include/g++-v11/bits/std_function.h:289: note: std::_Function_handler (), std::__future_base::_State_baseV2::_Setter, std::shared_ptr const&> >::_M_invoke(std::_Any_data const&) defined here
/usr/lib/gcc/x86_64-pc-linux-gnu/11.2.1/include/g++-v11/bits/std_function.h:590:9: note: check failed in /mnt/c/j/build/clang_cfi/test/backend/data/test_load_vertical_eccentric, destination function located in /mnt/c/j/build/clang_cfi/_deps/restbed-build/librestbed.so.4
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/lib/gcc/x86_64-pc-linux-gnu/11.2.1/include/g++-v11/bits/std_function.h:590:9 in
Dans cet exemple, la classe ''restbed::Response'' a bien été compilée avec l'option ''%%__attribute__((visibility ("default")))%%''.
Ces erreurs peuvent apparaître quand le sanitizer travaille avec une librairie dynamique. Pour que le sanitizer cfi réussisse son travail, il faut que les librairies compilées avec le sanitizer cfi soient liées statiquement.
====ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD.====
Comme le titre l'indique, il faut définir ''LD_PRELOAD''. Cela peut être le cas si un module python utilise une extension en C++ qui a été compilé via un sanitizer.
export LD_PRELOAD=$(g++ -print-file-name=libasan.so)
[[https://stackoverflow.com/questions/75847374/using-memory-sanitizer-asan-on-c-c-library-loaded-to-python-with-ctypes|Using memory sanitizer (asan) on C/C++ library loaded to python with ctypes]] {{ :prog:clang:gcc_-_using_memory_sanitizer_asan_on_c_c_library_loaded_to_python_with_ctypes_-_stack_overflow_15_11_2023_10_00_17_.html |Archive du 26/03/2023 le 15/11/2023}}
====AddressSanitizer: container-overflow on address avec std::vector====
Il faut compiler le projet et toutes ses dépendances avec les sanitizers. Sinon, on se retrouve avec le message d'erreur suivant:
==42==ERROR: AddressSanitizer: container-overflow on address 0x14a00f3f at pc 0x0067b070 bp 0x12affe70 sp 0x12affe7c
READ of size 1 at 0x14a00f3f thread T0
#0 0x67b070 in std::__2::basic_string, std::__2::allocator>::__is_long[abi:ne180100]() const ../emsdk/upstream/emscripten/cache/sysroot/include/c++/v1/string:1773:29
#1 0x6bc47b in std::__2::basic_string, std::__2::allocator>::basic_string[abi:ne180100](std::__2::basic_string, std::__2::allocator>&&)::'lambda'(std::__2::basic_string, std::__2::allocator>&)::operator()(std::__2::basic_string, std::__2::allocator>&) const ../emsdk/upstream/emscripten/cache/sysroot/include/c++/v1/string:925:70
#2 0x6bc341 in std::__2::basic_string, std::__2::allocator>::basic_string[abi:ne180100](std::__2::basic_string, std::__2::allocator>&&) ../emsdk/upstream/emscripten/cache/sysroot/include/c++/v1/string:925:14
#3 0x6bbf82 in void std::__2::allocator, std::__2::allocator>>::construct[abi:ne180100], std::__2::allocator>, std::__2::basic_string, std::__2::allocator>>(std::__2::basic_string, std::__2::allocator>*, std::__2::basic_string, std::__2::allocator>&&) ../emsdk/upstream/emscripten/cache/sysroot/include/c++/v1/__memory/allocator.h:173:24
#4 0x6bba85 in void std::__2::allocator_traits, std::__2::allocator>>>::construct[abi:ne180100], std::__2::allocator>, std::__2::basic_string, std::__2::allocator>, void>(std::__2::allocator, std::__2::allocator>>&, std::__2::basic_string, std::__2::allocator>*, std::__2::basic_string, std::__2::allocator>&&) ../emsdk/upstream/emscripten/cache/sysroot/include/c++/v1/__memory/allocator_traits.h:296:9
#5 0x6ba234 in std::__2::reverse_iterator, std::__2::allocator>*> std::__2::__uninitialized_allocator_move_if_noexcept[abi:ne180100], std::__2::allocator>>, std::__2::reverse_iterator, std::__2::allocator>*>, std::__2::reverse_iterator, std::__2::allocator>*>, std::__2::reverse_iterator, std::__2::allocator>*>>(std::__2::allocator, std::__2::allocator>>&, std::__2::reverse_iterator, std::__2::allocator>*>, std::__2::reverse_iterator, std::__2::allocator>*>, std::__2::reverse_iterator, std::__2::allocator>*>) ../emsdk/upstream/emscripten/cache/sysroot/include/c++/v1/__memory/uninitialized_algorithms.h:612:5
#6 0x6b8bfa in std::__2::vector, std::__2::allocator>, std::__2::allocator, std::__2::allocator>>>::__swap_out_circular_buffer(std::__2::__split_buffer, std::__2::allocator>, std::__2::allocator, std::__2::allocator>>&>&) ../emsdk/upstream/emscripten/cache/sysroot/include/c++/v1/vector:990:20
#7 0x4e7a1 in std::__2::basic_string, std::__2::allocator>* std::__2::vector, std::__2::allocator>, std::__2::allocator, std::__2::allocator>>>::__push_back_slow_path, std::__2::allocator>>(std::__2::basic_string, std::__2::allocator>&&) ../emsdk/upstream/emscripten/cache/sysroot/include/c++/v1/vector:1455:3
#8 0x4e241 in std::__2::vector, std::__2::allocator>, std::__2::allocator, std::__2::allocator>>>::push_back[abi:nn180100](std::__2::basic_string, std::__2::allocator>&&) ../emsdk/upstream/emscripten/cache/sysroot/include/c++
[[https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow|AddressSanitizerContainerOverflow]] {{ :prog:llvm-sanitizer:addresssanitizercontaineroverflow_google_sanitizers_wiki_12_11_2024_00_36_41_.html |Archive du 31/03/2017 le 12/11/2024}}
=====gdb=====
Pour arrêter le debug lors d'une erreur, on peut utiliser les symboles :
__ubsan::ScopedReport::~ScopedReport
__tsan::ReportRace
[[https://stackoverflow.com/questions/30809022/how-can-i-break-on-ubsan-reports-in-gdb-and-continue|How can I break on UBSan reports in gdb and continue?]] {{ :prog:gcc:c_-_how_can_i_break_on_ubsan_reports_in_gdb_and_continue_-_stack_overflow_2021-04-18_19_24_58_.html |Archive du 12/06/2015 le 18/04/2021}}