cmd/cgo: memory sanitizer error due to uninitialized memory in C.CString when using cgo with sanitizers enabled #60912

bc-lee · 2023-06-21T08:45:59Z

What version of Go are you using (`go version`)?

$ go version
go version go1.20.5 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (`go env`)?

go env Output

$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/builder/.cache/go-build"
GOENV="/home/builder/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/builder/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/builder/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/home/builder/.local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/home/builder/.local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.5"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="/home/builder/src/test-golang-cgo-sanitizers/third_party/llvm-build/Release+Asserts/bin/clang"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/builder/src/test-golang-cgo-sanitizers/go.mod"
GOWORK=""
CGO_CFLAGS="--target=x86_64-linux-gnu -nostdinc -isysroot /home/builder/src/test-golang-cgo-sanitizers/build/linux/debian_bullseye_amd64-sysroot -isystem /home/builder/src/test-golang-cgo-sanitizers/third_party/llvm-build/Release+Asserts/lib/clang/17/include -isystem /home/builder/src/test-golang-cgo-sanitizers/third_party/build/linux/debian_bullseye_amd64-sysroot/usr/include -isystem /home/builder/src/test-golang-cgo-sanitizers/third_party/build/linux/debian_bullseye_amd64-sysroot/usr/include/x86_64-linux-gnu -fsanitize=memory"
CGO_CPPFLAGS="-fsanitize=memory"
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-fuse-ld=lld --target=x86_64-linux-gnu --sysroot /home/builder/src/test-golang-cgo-sanitizers/third_party/build/linux/debian_bullseye_amd64-sysroot -L /home/builder/src/test-golang-cgo-sanitizers/third_party/build/linux/debian_bullseye_amd64-sysroot/usr/lib/x86_64-linux-gnu -rdynamic -L /home/builder/src/test-golang-cgo-sanitizers/native -fsanitize=memory /home/builder/src/test-golang-cgo-sanitizers/third_party/llvm-build/Release+Asserts/lib/clang/17/lib/x86_64-unknown-linux-gnu/libclang_rt.msan.a /home/builder/src/test-golang-cgo-sanitizers/third_party/llvm-build/Release+Asserts/lib/clang/17/lib/x86_64-unknown-linux-gnu/libclang_rt.msan_cxx.a"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3455317176=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Sample repo: https://github.com/bc-lee/test-golang-cgo-sanitizers
To reproduce, run the following commands on linux x86_64:

$ ./prepare.sh
$ ./build.sh --sanitizer=msan

Basically, I'm making a executable with cgo, with address/memory sanitizers enabled C libraries.
I checked out Chromium's LLVM build and sysroot to build the executable.

The main code is as follows:

package main

/*
#include <stdlib.h>

extern int foo(const char*);
*/
// #cgo CPPFLAGS: -I${SRCDIR}/native
// #cgo CFLAGS: -std=c11 -Wall
// #cgo LDFLAGS: -Lnative -lfoo
import "C"
import (
	"time"
	"fmt"
	"unsafe"
)

func main() {
	defer doLeakSanitizerCheck()
	currentTime := time.Now()
	currentTimeStr := currentTime.Format("2006-01-02 15:04:05")
	cStr := C.CString(currentTimeStr)
	defer C.free(unsafe.Pointer(cStr))
	result := C.foo(cStr)
	fmt.Printf("Result: %d\n", result)
}

From my understanding, C.Cstring allocates a memory(using malloc) and returns a pointer to it. So I'm calling C.free to free the memory.
However when I run the executable, I get the following error:

$ ./build.sh --sanitizer=msan
Build a native library for msan on linux/x86_64
~/src/test-golang-cgo-sanitizers/native ~/src/test-golang-cgo-sanitizers
~/src/test-golang-cgo-sanitizers
Build a Go library for msan on linux/x86_64
Run the Go binary
Uninitialized bytes in __interceptor_strlen at offset 0 inside [0x702000000080, 20)
==3993935==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x4059d4 in foo (/home/builder/src/test-golang-cgo-sanitizers/main+0x4059d4)
    #1 0x3ffccf in _cgo_26aadca938df_Cfunc_foo (/home/builder/src/test-golang-cgo-sanitizers/main+0x3ffccf)
    #2 0x3cf843 in runtime.asmcgocall.abi0 /home/builder/.local/go/src/runtime/asm_amd64.s:848

SUMMARY: MemorySanitizer: use-of-uninitialized-value (/home/builder/src/test-golang-cgo-sanitizers/main+0x4059d4) in foo
Exiting

It seems that msan treats the memory allocated by C.CString as uninitialized.
I'm not sure if this is a bug, or golang currently does not support this kind of use case, or I'm doing something wrong.

What did you expect to see?

No error.

What did you see instead?

Memory sanitizer error.

The text was updated successfully, but these errors were encountered:

dmitshur · 2023-06-22T15:06:36Z

CC @golang/compiler.

bc-lee · 2023-06-23T23:30:50Z

I'm trying to understand why MSAN reports an uninitialized value in the above code.

I put a gdb script to understand what's going on:

Click to expand

break malloc
commands
silent
printf "malloc(%d)\n", $rdi
continue
end
break foo
commands
silent
printf "foo(%p)\n", $rdi
continue
end
break __msan_unpoison
commands
silent
printf "__msan_unpoison(%p, %d)\n", $rdi, $rsi
continue
end

And I get the following output:

...

malloc(20)
__msan_unpoison(0x2fffffffdc88, 255)
__msan_unpoison(0x7ffff7ca0748, 0)
__msan_unpoison(0x7ffff7fbb680, 0)
__msan_unpoison(0x2fffffffdc88, 255)
__msan_unpoison(0x7ffff7ca0748, 0)
__msan_unpoison(0x7ffff7fbb680, 0)
__msan_unpoison(0x2fffffffdc88, 255)
__msan_unpoison(0x7ffff7ca0748, 0)
__msan_unpoison(0x7ffff7fbb680, 0)
__msan_unpoison(0x2fffffffdc80, 255)
__msan_unpoison(0x7ffff7ca0748, 0)
__msan_unpoison(0x7ffff7fbb680, 0)
__msan_unpoison(0xc000108230, 16)
__msan_unpoison(0x7ffff7ca0748, 0)
__msan_unpoison(0x7ffff7fbb680, 0)
__msan_unpoison(0xc000108230, 16)
__msan_unpoison(0x2fffffffdc48, 255)
__msan_unpoison(0x2fffffffdc40, 255)
__msan_unpoison(0x2fffffffdc38, 255)
__msan_unpoison(0x2fffffffdc34, 255)
__msan_unpoison(0x2fffffffdbd8, 255)
foo(0x702000000080)
__msan_unpoison(0x702000000080, 255)
Uninitialized bytes in strlen at offset 0 inside [0x702000000080, 20)
__msan_unpoison(0x7ffff7ea3331, 195)
__msan_unpoison(0x7ffff7ea3331, 3)
__msan_unpoison(0x2cdd99, 712)
__msan_unpoison(0x2cdd99, 3)
__msan_unpoison(0x2cdd99, 602)
__msan_unpoison(0x2cdd99, 3)
__msan_unpoison(0x2cdd99, 825)
__msan_unpoison(0x2cdd99, 3)
__msan_unpoison(0x2cdd99, 819)
__msan_unpoison(0x2cdd99, 3)
__msan_unpoison(0x2cdd99, 1694)
__msan_unpoison(0x2cdd99, 3)
__msan_unpoison(0x2cdd99, 2952)
__msan_unpoison(0x2cdd99, 3)
__msan_unpoison(0x2cdd99, 2900)
__msan_unpoison(0x2cdd99, 3)
__msan_unpoison(0x2cdd99, 2900)
==414583==WARNING: MemorySanitizer: use-of-uninitialized-value

...

It seems that the memory allocated by malloc isn't unpoisoned by __msan_unpoison. (__msan_unpoison for 0x702000000080 is called after the call to foo)

I thought the copy held in https://github.com/golang/go/blob/go1.20.5/src/cmd/cgo/out.go#L1670 will let MSAN know that the memory is initialized, but apparently it doesn't.

Any idea why?

mknyszek · 2023-07-05T19:24:07Z

In triage, we think that maybe your build.sh isn't passing everything needed to go build. We think it's missing -msan, which might be why it's this C string copy code isn't getting instrumented correctly. (-tags msan is passed, but that's insufficient; it doesn't actually do the instrumentation. Also, -msan implies -tags msan.)

bc-lee · 2023-07-06T07:54:48Z

Aha, I checked that there are no error messages after I replaced '-tags msan' with '-msan' in build.sh, and the binary is working fine. Thanks!
I'm closing this issue.

bcmills added the compiler/runtime label Jun 21, 2023

dmitshur changed the title ~~cgo: Memory sanitizer error due to uninitialized memory in C.CString when using cgo with sanitizers enabled~~ cmd/cgo: memory sanitizer error due to uninitialized memory in C.CString when using cgo with sanitizers enabled Jun 22, 2023

dmitshur added this to the Backlog milestone Jun 22, 2023

dmitshur added the NeedsInvestigation label Jun 22, 2023

mknyszek added this to Go Compiler / Runtime Jun 28, 2023

mknyszek added the WaitingForInfo label Jul 5, 2023

mknyszek moved this to Todo in Go Compiler / Runtime Jul 5, 2023

bc-lee closed this as completed Jul 6, 2023

github-project-automation bot moved this from Todo to Done in Go Compiler / Runtime Jul 6, 2023

mknyszek removed this from Go Compiler / Runtime Oct 25, 2023

golang locked and limited conversation to collaborators Jul 5, 2024

gopherbot added the FrozenDueToAge label Jul 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cmd/cgo: memory sanitizer error due to uninitialized memory in C.CString when using cgo with sanitizers enabled #60912

cmd/cgo: memory sanitizer error due to uninitialized memory in C.CString when using cgo with sanitizers enabled #60912

bc-lee commented Jun 21, 2023

dmitshur commented Jun 22, 2023

bc-lee commented Jun 23, 2023

mknyszek commented Jul 5, 2023

bc-lee commented Jul 6, 2023

cmd/cgo: memory sanitizer error due to uninitialized memory in C.CString when using cgo with sanitizers enabled #60912

cmd/cgo: memory sanitizer error due to uninitialized memory in C.CString when using cgo with sanitizers enabled #60912

Comments

bc-lee commented Jun 21, 2023

What version of Go are you using (go version)?

Does this issue reproduce with the latest release?

What operating system and processor architecture are you using (go env)?

What did you do?

What did you expect to see?

What did you see instead?

dmitshur commented Jun 22, 2023

bc-lee commented Jun 23, 2023

mknyszek commented Jul 5, 2023

bc-lee commented Jul 6, 2023

What version of Go are you using (`go version`)?

What operating system and processor architecture are you using (`go env`)?