diff options
| -rw-r--r-- | compiler-rt/lib/asan/asan_rtl.cc | 6 | ||||
| -rw-r--r-- | compiler-rt/lib/asan/asan_thread.cc | 13 | ||||
| -rw-r--r-- | compiler-rt/lib/asan/lit_tests/deep_stack_uaf.cc | 36 | ||||
| -rw-r--r-- | compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.h | 2 |
4 files changed, 43 insertions, 14 deletions
diff --git a/compiler-rt/lib/asan/asan_rtl.cc b/compiler-rt/lib/asan/asan_rtl.cc index af5fbfecc2c..b93964ff7b2 100644 --- a/compiler-rt/lib/asan/asan_rtl.cc +++ b/compiler-rt/lib/asan/asan_rtl.cc @@ -62,7 +62,7 @@ void CheckFailed(const char *file, int line, const char *cond, u64 v1, u64 v2) { namespace __asan { // -------------------------- Flags ------------------------- {{{1 -static const int kMallocContextSize = 64; +static const int kDeafultMallocContextSize = 30; static Flags asan_flags; @@ -82,7 +82,7 @@ static void ParseFlagsFromString(Flags *f, const char *str) { ParseFlag(str, &f->report_globals, "report_globals"); ParseFlag(str, &f->check_initialization_order, "initialization_order"); ParseFlag(str, &f->malloc_context_size, "malloc_context_size"); - CHECK(f->malloc_context_size <= kMallocContextSize); + CHECK(f->malloc_context_size <= kStackTraceMax); ParseFlag(str, &f->replace_str, "replace_str"); ParseFlag(str, &f->replace_intrin, "replace_intrin"); @@ -121,7 +121,7 @@ void InitializeFlags(Flags *f, const char *env) { f->debug = false; f->report_globals = 1; f->check_initialization_order = true; - f->malloc_context_size = kMallocContextSize; + f->malloc_context_size = kDeafultMallocContextSize; f->replace_str = true; f->replace_intrin = true; f->replace_cfallocator = true; diff --git a/compiler-rt/lib/asan/asan_thread.cc b/compiler-rt/lib/asan/asan_thread.cc index e800e401c0d..bdb50224dc3 100644 --- a/compiler-rt/lib/asan/asan_thread.cc +++ b/compiler-rt/lib/asan/asan_thread.cc @@ -26,9 +26,6 @@ AsanThread::AsanThread(LinkerInitialized x) malloc_storage_(x), stats_(x) { } -static AsanLock mu_for_thread_summary(LINKER_INITIALIZED); -static LowLevelAllocator allocator_for_thread_summary; - AsanThread *AsanThread::Create(u32 parent_tid, thread_callback_t start_routine, void *arg, StackTrace *stack) { uptr size = RoundUpTo(sizeof(AsanThread), kPageSize); @@ -36,14 +33,10 @@ AsanThread *AsanThread::Create(u32 parent_tid, thread_callback_t start_routine, thread->start_routine_ = start_routine; thread->arg_ = arg; - const uptr kSummaryAllocSize = 1024; + const uptr kSummaryAllocSize = kPageSize; CHECK_LE(sizeof(AsanThreadSummary), kSummaryAllocSize); - AsanThreadSummary *summary; - { - ScopedLock lock(&mu_for_thread_summary); - summary = (AsanThreadSummary*) - allocator_for_thread_summary.Allocate(kSummaryAllocSize); - } + AsanThreadSummary *summary = + (AsanThreadSummary*)MmapOrDie(kPageSize, "AsanThreadSummary"); summary->Init(parent_tid, stack); summary->set_thread(thread); thread->set_summary(summary); diff --git a/compiler-rt/lib/asan/lit_tests/deep_stack_uaf.cc b/compiler-rt/lib/asan/lit_tests/deep_stack_uaf.cc new file mode 100644 index 00000000000..17d0a33a8cf --- /dev/null +++ b/compiler-rt/lib/asan/lit_tests/deep_stack_uaf.cc @@ -0,0 +1,36 @@ +// Check that we can store lots of stack frames if asked to. + +// RUN: %clangxx_asan -m64 -O0 %s -o %t 2>&1 +// RUN: ASAN_OPTIONS=malloc_context_size=120:redzone=512 %t 2>&1 | \ +// RUN: %symbolize | FileCheck %s + +// RUN: %clangxx_asan -m32 -O0 %s -o %t 2>&1 +// RUN: ASAN_OPTIONS=malloc_context_size=120:redzone=512 %t 2>&1 | \ +// RUN: %symbolize | FileCheck %s +#include <stdlib.h> +#include <stdio.h> + +template <int depth> +struct DeepFree { + static void free(char *x) { + DeepFree<depth - 1>::free(x); + } +}; + +template<> +struct DeepFree<0> { + static void free(char *x) { + ::free(x); + } +}; + +int main() { + char *x = new char[10]; + // deep_free(x); + DeepFree<200>::free(x); + return x[5]; + // CHECK: {{.*ERROR: AddressSanitizer heap-use-after-free on address}} + // CHECK: DeepFree<36> + // CHECK: DeepFree<98> + // CHECK: DeepFree<115> +} diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.h b/compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.h index 28e3f5743ba..5d15a610e7a 100644 --- a/compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.h +++ b/compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.h @@ -17,7 +17,7 @@ namespace __sanitizer { -static const uptr kStackTraceMax = 64; +static const uptr kStackTraceMax = 256; struct StackTrace { typedef bool (*SymbolizeCallback)(const void *pc, char *out_buffer, |
