ASAN intruments address taken arguments just for small types #823
Comments
|
This is what ASan sees in a simplified example:
%struct.A = type { [10 x i32] }
define void @f(%struct.A* byval align 8 %a) {
entry:
call void @g(%struct.A* nonnull %a)
ret void
}
declare void @g(%struct.A*)
The caller does not provide any redzones for the byval argument.
Instrumentation of @f should copy it into alloca.
…On Wed, Jun 14, 2017 at 2:37 AM, marxin ***@***.***> wrote:
cat pr81040-3.cpp && clang++ pr81040-3.cpp -fsanitize=address && ./a.out
struct A
{
int a[4];
};
static __attribute__ ((noinline)) int
goo (A *a)
{
int *ptr = &a->a[0];
return *(volatile int *) (ptr - 1);
}
__attribute__ ((noinline)) int
foo (A a)
{
return goo (&a);
}
int
main ()
{
return foo (A ());
}
=================================================================
==19878==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7ffea1dad07c at pc 0x0000004f32bb bp 0x7ffea1dad020 sp 0x7ffea1dad018
...
While following problem is not caught:
cat pr81040.cpp && clang++ pr81040.cpp -fsanitize=address && ./a.out
struct A
{
int a[5];
};
static __attribute__ ((noinline)) int
goo (A *a)
{
int *ptr = &a->a[0];
return *(volatile int *) (ptr - 1);
}
__attribute__ ((noinline)) int
foo (A a)
{
return goo (&a);
}
int
main ()
{
return foo (A ());
}
[no output]
Apart from that is the sanitization of function arguments documented in
manual?
Thanks.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#823>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAZuSo9ISZN6mlzXMeqB--bExECTZEyEks5sD6nkgaJpZM4N5oR8>
.
|
|
@eugenis Are you suggesting two passes for instrumentation? Pass 1 would copy byval arguments a second time to get an AllocaInst, and pass 2 would perform ASan as usual? |
|
Kind of, but not as 2 different LLVM passes. ASan pass can create an alloca
and copy the byval arg contents into it before doing the stack layout
thing. Or maybe it would be faster to avoid creating an alloca, but set up
an ASanStackVariableDescription instead, and then copy the byval arg once
stack layout it done.
…On Mon, Jun 26, 2017 at 10:01 AM, morehouse ***@***.***> wrote:
@eugenis <https://github.com/eugenis> Are you suggesting two passes for
instrumentation? Pass 1 would copy byval arguments a second time to get an
AllocaInst, and pass 2 would perform ASan as usual?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#823 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAZuSiVjZJOZEQW2Om7Hx8kHuxPR4hxmks5sH-QEgaJpZM4N5oR8>
.
|
|
Fixed by r308677 and r308387. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
While following problem is not caught:
Apart from that is the sanitization of function arguments documented in manual?
Thanks.
The text was updated successfully, but these errors were encountered: