diff options
| author | Alexander Potapenko <glider@google.com> | 2012-11-15 13:40:44 +0000 |
|---|---|---|
| committer | Alexander Potapenko <glider@google.com> | 2012-11-15 13:40:44 +0000 |
| commit | b34db9e88336d673c3b69a65d8ffc41491731668 (patch) | |
| tree | f5c56c4179f32d2dfc2690766ab16c3ec931f530 | |
| parent | cc9ffd1f8a3ffa16388b093e6117d1afeec6c27a (diff) | |
| download | bcm5719-llvm-b34db9e88336d673c3b69a65d8ffc41491731668.tar.gz bcm5719-llvm-b34db9e88336d673c3b69a65d8ffc41491731668.zip | |
[ASan] Poison the leftmost shadow byte with a special value so that we can find
the beginning of the fake frame when reporting an use-after-return error.
Fixes http://code.google.com/p/address-sanitizer/issues/detail?id=126
llvm-svn: 168040
| -rw-r--r-- | compiler-rt/lib/asan/asan_allocator.cc | 4 | ||||
| -rw-r--r-- | compiler-rt/lib/asan/asan_internal.h | 1 | ||||
| -rw-r--r-- | compiler-rt/lib/asan/asan_report.cc | 1 | ||||
| -rw-r--r-- | compiler-rt/lib/asan/asan_thread.cc | 6 |
4 files changed, 10 insertions, 2 deletions
diff --git a/compiler-rt/lib/asan/asan_allocator.cc b/compiler-rt/lib/asan/asan_allocator.cc index de37137562e..d864ea1f793 100644 --- a/compiler-rt/lib/asan/asan_allocator.cc +++ b/compiler-rt/lib/asan/asan_allocator.cc @@ -998,6 +998,10 @@ void FakeStack::OnFree(uptr ptr, uptr size, uptr real_stack) { CHECK(fake_frame->descr != 0); CHECK(fake_frame->size_minus_one == size - 1); PoisonShadow(ptr, size, kAsanStackAfterReturnMagic); + CHECK(size >= SHADOW_GRANULARITY); + // Poison the leftmost shadow byte with a special value so that we can find + // the beginning of the fake frame when reporting an error. + PoisonShadow(ptr, SHADOW_GRANULARITY, kAsanStackAfterReturnLeftMagic); } } // namespace __asan diff --git a/compiler-rt/lib/asan/asan_internal.h b/compiler-rt/lib/asan/asan_internal.h index f9a6149245e..a473a046757 100644 --- a/compiler-rt/lib/asan/asan_internal.h +++ b/compiler-rt/lib/asan/asan_internal.h @@ -160,6 +160,7 @@ const int kAsanStackPartialRedzoneMagic = 0xf4; const int kAsanStackAfterReturnMagic = 0xf5; const int kAsanInitializationOrderMagic = 0xf6; const int kAsanUserPoisonedMemoryMagic = 0xf7; +const int kAsanStackAfterReturnLeftMagic = 0xf8; const int kAsanGlobalRedzoneMagic = 0xf9; const int kAsanInternalHeapMagic = 0xfe; diff --git a/compiler-rt/lib/asan/asan_report.cc b/compiler-rt/lib/asan/asan_report.cc index 2fbf8fd8ac8..86bb66cdfc7 100644 --- a/compiler-rt/lib/asan/asan_report.cc +++ b/compiler-rt/lib/asan/asan_report.cc @@ -450,6 +450,7 @@ void __asan_report_error(uptr pc, uptr bp, uptr sp, bug_descr = "stack-buffer-overflow"; break; case kAsanStackAfterReturnMagic: + case kAsanStackAfterReturnLeftMagic: bug_descr = "stack-use-after-return"; break; case kAsanUserPoisonedMemoryMagic: diff --git a/compiler-rt/lib/asan/asan_thread.cc b/compiler-rt/lib/asan/asan_thread.cc index bdb50224dc3..9ac396202b4 100644 --- a/compiler-rt/lib/asan/asan_thread.cc +++ b/compiler-rt/lib/asan/asan_thread.cc @@ -131,12 +131,14 @@ const char *AsanThread::GetFrameNameByAddr(uptr addr, uptr *offset) { u8 *shadow_bottom = (u8*)MemToShadow(bottom); while (shadow_ptr >= shadow_bottom && - *shadow_ptr != kAsanStackLeftRedzoneMagic) { + *shadow_ptr != kAsanStackLeftRedzoneMagic && + *shadow_ptr != kAsanStackAfterReturnLeftMagic) { shadow_ptr--; } while (shadow_ptr >= shadow_bottom && - *shadow_ptr == kAsanStackLeftRedzoneMagic) { + (*shadow_ptr == kAsanStackLeftRedzoneMagic || + *shadow_ptr == kAsanStackAfterReturnLeftMagic)) { shadow_ptr--; } |
