Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use memmove to prevent ASAN memcpy-param-overlap in release build #397

Merged
merged 1 commit into from
Sep 11, 2024
Merged

Use memmove to prevent ASAN memcpy-param-overlap in release build #397

merged 1 commit into from
Sep 11, 2024

Conversation

r888800009
Copy link
Contributor

When use ASAN to compile the release version, starting creator will cause ASAN to detect a memcpy-param-overlap. To ensure safety, memcpy should be replaced with memmove.

This may cause security issues please see
NVD - CVE-2018-7577
NVD - CVE-2020-21844
NVD - CVE-2018-13869

OS: macos
commit: ca5c4f021ed6b7c53540c05d6f4925737eeb7137

diff --git a/dub.sdl b/dub.sdl
index 35d8cbc..45805f6 100644
--- a/dub.sdl
+++ b/dub.sdl
@@ -84,7 +84,7 @@ configuration "osx-full" {
        targetType "executable"
        targetPath "out/Inochi Creator.app/Contents/MacOS"
        subConfiguration "i2d-imgui" "dynamic_dynamicCRT"
-       dflags "-force-dwarf-frame-section=false"
+      dflags "-force-dwarf-frame-section=false" "-fsanitize=address"
        lflags "-rpath" "@executable_path/../Frameworks" "-rpath" "@executable_path/."
        versions "InBranding"
 }```
build command
```bash
dub build --config=osx-full --build=release

ASAN

inochi-creator(62422,0x1eade8c00) malloc: nano zone abandoned due to inability to reserve vm space.
=================================================================
==62422==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x614000082c78,0x614000082ce8) and [0x614000082c40, 0x614000082cb0) overlap
    #0 0x102ad74cc in __asan_memcpy+0x1d0 (libclang_rt.asan_osx_dynamic.dylib:arm64+0x4f4cc)
    #1 0x10032ff58 in _D7creator7widgets6shadow7prependFPS6bindbc5imgui4bindQl10ImDrawListQBiZv+0x250 (inochi-creator:arm64+0x10005bf58)
    #2 0x100305764 in _D7creator7windows16incUpdateWindowsFZv+0x1b4 (inochi-creator:arm64+0x100031764)
    #3 0x10053b170 in _D3app9incUpdateFZv+0x20c (inochi-creator:arm64+0x100267170)
    #4 0x100618e34 in _D2rt6dmain212_d_run_main2UAAamPUQgZiZ6runAllMFZv+0x70 (inochi-creator:arm64+0x100344e34)
    #5 0x100618b58 in _d_run_main+0x8c (inochi-creator:arm64+0x100344b58)
    #6 0x182c260dc  (<unknown module>)
    #7 0x6d6f7ffffffffffc  (<unknown module>)

0x614000082c78 is located 56 bytes inside of 448-byte region [0x614000082c40,0x614000082e00)
allocated by thread T0 here:
    #0 0x102ada510 in malloc+0x70 (libclang_rt.asan_osx_dynamic.dylib:arm64+0x52510)
    #1 0x1052551a8 in MallocWrapper(unsigned long, void*) imgui.cpp:1048
    #2 0x10520ee8c in ImGui::MemAlloc(unsigned long) imgui.cpp:3679
    #3 0x105255bf0 in ImVector<ImDrawCmd>::reserve(int) imgui.h:1886
    #4 0x1052559b8 in ImVector<ImDrawCmd>::push_back(ImDrawCmd const&) imgui.h:1889
    #5 0x1052896d8 in ImDrawList::_ResetForNewFrame() imgui_draw.cpp:429
    #6 0x1052242b0 in ImGui::Begin(char const*, bool*, int) imgui.cpp:6508
    #7 0x1051ee364 in igBegin cimgui.cpp:139
    #8 0x1002d8bb8 in _D7creator7windows6Window13onBeginUpdateMFZv+0x1dc (inochi-creator:arm64+0x100004bb8)
    #9 0x1002d87dc in _D7creator7windows7welcome13WelcomeWindow13onBeginUpdateMFZv+0x254 (inochi-creator:arm64+0x1000047dc)
    #10 0x10053b170 in _D3app9incUpdateFZv+0x20c (inochi-creator:arm64+0x100267170)
    #11 0x100618e34 in _D2rt6dmain212_d_run_main2UAAamPUQgZiZ6runAllMFZv+0x70 (inochi-creator:arm64+0x100344e34)
    #12 0x100618b58 in _d_run_main+0x8c (inochi-creator:arm64+0x100344b58)
    #13 0x182c260dc  (<unknown module>)
    #14 0x6d6f7ffffffffffc  (<unknown module>)

0x614000082c40 is located 0 bytes inside of 448-byte region [0x614000082c40,0x614000082e00)
allocated by thread T0 here:
    #0 0x102ada510 in malloc+0x70 (libclang_rt.asan_osx_dynamic.dylib:arm64+0x52510)
    #1 0x1052551a8 in MallocWrapper(unsigned long, void*) imgui.cpp:1048
    #2 0x10520ee8c in ImGui::MemAlloc(unsigned long) imgui.cpp:3679
    #3 0x105255bf0 in ImVector<ImDrawCmd>::reserve(int) imgui.h:1886
    #4 0x1052559b8 in ImVector<ImDrawCmd>::push_back(ImDrawCmd const&) imgui.h:1889
    #5 0x1052896d8 in ImDrawList::_ResetForNewFrame() imgui_draw.cpp:429
    #6 0x1052242b0 in ImGui::Begin(char const*, bool*, int) imgui.cpp:6508
    #7 0x1051ee364 in igBegin cimgui.cpp:139
    #8 0x1002d8bb8 in _D7creator7windows6Window13onBeginUpdateMFZv+0x1dc (inochi-creator:arm64+0x100004bb8)
    #9 0x1002d87dc in _D7creator7windows7welcome13WelcomeWindow13onBeginUpdateMFZv+0x254 (inochi-creator:arm64+0x1000047dc)
    #10 0x10053b170 in _D3app9incUpdateFZv+0x20c (inochi-creator:arm64+0x100267170)
    #11 0x100618e34 in _D2rt6dmain212_d_run_main2UAAamPUQgZiZ6runAllMFZv+0x70 (inochi-creator:arm64+0x100344e34)
    #12 0x100618b58 in _d_run_main+0x8c (inochi-creator:arm64+0x100344b58)
    #13 0x182c260dc  (<unknown module>)
    #14 0x6d6f7ffffffffffc  (<unknown module>)

SUMMARY: AddressSanitizer: memcpy-param-overlap (inochi-creator:arm64+0x10005bf58) in _D7creator7widgets6shadow7prependFPS6bindbc5imgui4bindQl10ImDrawListQBiZv+0x250
==62422==ABORTING

@r888800009 r888800009 mentioned this pull request Sep 11, 2024
Merged
@LunaTheFoxgirl
Copy link
Member

LGTM

@LunaTheFoxgirl LunaTheFoxgirl merged commit ed52103 into Inochi2D:v0_8 Sep 11, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@r888800009 @LunaTheFoxgirl