代码1.c:
#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>
#include <malloc.h>
void* thread_function(void* arg) {
char* ptr = (char *)malloc(10);
printf("%p\n", ptr);
free(ptr);
malloc_trim(0);
pthread_exit(NULL);
}
int main() {
pthread_t threads[2];
for (long i = 0; i < 2; ++i) {
pthread_create(&threads[i], NULL, thread_function, (void*)i);
}
for (int i = 0; i < 2; ++i) {
pthread_join(threads[i], NULL);
}
return 0;
}
编译使用-fsanitize=地址 gcc -pthread -o ASANtest -fsanitize=地址 -O1 1.c 然后运行ASANtest多次。发生错误。
错误信息:
bash-4.4$ ./ASANtest
ASAN:DEADLYSIGNAL
=================================================================
==7076==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7f95439d87d9 bp 0x000000000fff sp 0x7f953f8fde00 T2)
==7076==The signal is caused by a READ memory access.
==7076==Hint: address points to the zero page.
#0 0x7f95439d87d8 in malloc_trim (/lib64/libc.so.6+0x9e7d8)
#1 0x400a8f in thread_function (/workspace/git/ehaauwn/PCPB-22713/2024/eric-pc-routing-engine/raas/product/docker/build/ASANtest+0x400a8f)
#2 0x7f9543d396e9 in start_thread (/lib64/libpthread.so.0+0xa6e9)
#3 0x7f9543a51a8e in clone (/lib64/libc.so.6+0x117a8e)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib64/libc.so.6+0x9e7d8) in malloc_trim
Thread T2 created by T0 here:
#0 0x7f9543f8bc80 in pthread_create (/usr/lib64/libasan.so.4+0x39c80)
#1 0x400b32 in main (/workspace/git/ehaauwn/PCPB-22713/2024/eric-pc-routing-engine/raas/product/docker/build/ASANtest+0x400b32)
#2 0x400d13 in _IO_stdin_used (/workspace/git/ehaauwn/PCPB-22713/2024/eric-pc-routing-engine/raas/product/docker/build/ASANtest+0x400d13)
==7076==ABORTING
如果我在没有 -fsanitize=address 的情况下编译,程序会正常运行。
我想知道malloc_trim函数是否有安全风险,或者ASAN是否有bug
正如之前的评论者所说,
malloc_trim