Asan errors detected in 32bit asan version.

[Zrzzzz]

Environment

Distributor ID: Ubuntu
Description: Ubuntu 18.04.6 LTS
Release: 18.04
Codename: bionic

Version

from releases: jpegoptim-1.5.2, commit hash: f20f0e8

Build command

CFLAGS="-g -fsanitize=address -fno-omit-frame-pointer -m32 -L/usr/local/lib" CXXFLAGS="-g -fsanitize=address -fno-omit-frame-pointer -m32" LDFLAGS="-m32" ./configure --prefix=$PWD/build

POC

https://drive.google.com/file/d/1utRF5dKBwsxMcllxeBb34FPKPkOlgjT1/view?usp=share_link

Crash example output

out/crashes/id:000000,sig:06,src:000000,op:flip32,pos:163 65087x65199 24bit N JFIF==14851==ERROR: AddressSanitizer failed to allocate 0x3b973000 (999763968) bytes of LargeMmapAllocator (error code: 12)
==14851==Process memory map follows:
0x1ffff000-0x24000000
0x24000000-0x28000000
0x28000000-0x40000000
0x56572000-0x56588000 /data/zzx/benchmark/jpegoptim-1.5.2/asanfuzzing/sys/toTest
0x56588000-0x56589000 /data/zzx/benchmark/jpegoptim-1.5.2/asanfuzzing/sys/toTest
0x56589000-0x5658c000 /data/zzx/benchmark/jpegoptim-1.5.2/asanfuzzing/sys/toTest
0x5658c000-0x5658d000
0x7d91a000-0xf4d00000
0xf4e00000-0xf4f00000
0xf5000000-0xf5100000
0xf5200000-0xf5300000
0xf5400000-0xf5500000
0xf5600000-0xf5700000
0xf5800000-0xf5900000
0xf5a00000-0xf5b00000
0xf5c00000-0xf5d00000
0xf5e00000-0xf5f00000
0xf6000000-0xf6100000
0xf6200000-0xf6300000
0xf63db000-0xf75f6000
0xf75f6000-0xf7612000 /lib/i386-linux-gnu/libgcc_s.so.1
0xf7612000-0xf7613000 /lib/i386-linux-gnu/libgcc_s.so.1
0xf7613000-0xf7614000 /lib/i386-linux-gnu/libgcc_s.so.1
0xf7614000-0xf762f000 /lib/i386-linux-gnu/libpthread-2.27.so
0xf762f000-0xf7630000 /lib/i386-linux-gnu/libpthread-2.27.so
0xf7630000-0xf7631000 /lib/i386-linux-gnu/libpthread-2.27.so
0xf7631000-0xf7632000 /lib/i386-linux-gnu/libpthread-2.27.so
0xf7632000-0xf7634000
0xf7634000-0xf763c000 /lib/i386-linux-gnu/librt-2.27.so
0xf763c000-0xf763d000 /lib/i386-linux-gnu/librt-2.27.so
0xf763d000-0xf763e000 /lib/i386-linux-gnu/librt-2.27.so
0xf763e000-0xf7641000 /lib/i386-linux-gnu/libdl-2.27.so
0xf7641000-0xf7642000 /lib/i386-linux-gnu/libdl-2.27.so
0xf7642000-0xf7643000 /lib/i386-linux-gnu/libdl-2.27.so
0xf7643000-0xf7818000 /lib/i386-linux-gnu/libc-2.27.so
0xf7818000-0xf7819000 /lib/i386-linux-gnu/libc-2.27.so
0xf7819000-0xf781b000 /lib/i386-linux-gnu/libc-2.27.so
0xf781b000-0xf781c000 /lib/i386-linux-gnu/libc-2.27.so
0xf781c000-0xf781f000
0xf781f000-0xf786a000 /usr/local/lib/libjpeg.so.9.5.0
0xf786a000-0xf786b000 /usr/local/lib/libjpeg.so.9.5.0
0xf786b000-0xf786c000 /usr/local/lib/libjpeg.so.9.5.0
0xf786c000-0xf786d000 /usr/local/lib/libjpeg.so.9.5.0
0xf786d000-0xf796d000 /lib/i386-linux-gnu/libm-2.27.so
0xf796d000-0xf796e000 /lib/i386-linux-gnu/libm-2.27.so
0xf796e000-0xf796f000 /lib/i386-linux-gnu/libm-2.27.so
0xf796f000-0xf7add000 /usr/lib32/libasan.so.4.0.0
0xf7add000-0xf7adf000 /usr/lib32/libasan.so.4.0.0
0xf7adf000-0xf7ae2000 /usr/lib32/libasan.so.4.0.0
0xf7ae2000-0xf7f39000
0xf7f3b000-0xf7f43000
0xf7f46000-0xf7f61000
0xf7f61000-0xf7f64000 [vvar]
0xf7f64000-0xf7f66000 [vdso]
0xf7f66000-0xf7f8c000 /lib/i386-linux-gnu/ld-2.27.so
0xf7f8c000-0xf7f8d000 /lib/i386-linux-gnu/ld-2.27.so
0xf7f8d000-0xf7f8e000 /lib/i386-linux-gnu/ld-2.27.so
0xff995000-0xff9b6000 [stack]
==14851==End of process memory map.
==14851==AddressSanitizer CHECK failed: ../../../../../src/libsanitizer/sanitizer_common/sanitizer_common.cc:118 "((0 && "unable to mmap")) != (0)" (0x0, 0x0)
#0 0xf7a60eb1 (/usr/lib32/libasan.so.4+0xf1eb1)
#1 0xf7a81f8b in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib32/libasan.so.4+0x112f8b)
#2 0xf7a6a8da (/usr/lib32/libasan.so.4+0xfb8da)
#3 0xf7a78c78 (/usr/lib32/libasan.so.4+0x109c78)
#4 0xf79919e2 (/usr/lib32/libasan.so.4+0x229e2)
#5 0xf798dec6 (/usr/lib32/libasan.so.4+0x1eec6)
#6 0xf7a54f1c in malloc (/usr/lib32/libasan.so.4+0xe5f1c)
#7 0xf7862594 in jpeg_get_large (/usr/local/lib/libjpeg.so.9+0x43594)
#8 0xf7861356 in alloc_large (/usr/local/lib/libjpeg.so.9+0x42356)
#9 0xf7861581 in alloc_barray (/usr/local/lib/libjpeg.so.9+0x42581)
#10 0xf78619d7 in realize_virt_arrays (/usr/local/lib/libjpeg.so.9+0x429d7)
#11 0xf7841c42 in transdecode_master_selection (/usr/local/lib/libjpeg.so.9+0x22c42)
#12 0xf7841a95 in jpeg_read_coefficients (/usr/local/lib/libjpeg.so.9+0x22a95)
#13 0x565795fd in optimize /data/zzx/benchmark/jpegoptim-1.5.2/jpegoptim.c:744
#14 0x5657d33d in main /data/zzx/benchmark/jpegoptim-1.5.2/jpegoptim.c:1369
#15 0xf765bfa0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18fa0)
#16 0x56575fe0 (/data/zzx/benchmark/jpegoptim-1.5.2/asanfuzzing/sys/toTest+0x3fe0)

[tjko]

What does this have to do with jpegoptim?

[Zrzzzz]

you mean it has to do with libjpeg?

[tjko]

All I see is an error from AddressSanitizer itself. How is this issue with jpegoptim?

[Zrzzzz]

yeah it seems like my mad.