[llvm-branch-commits] [compiler-rt] [hwasan] Distinguish overflow and underflow (PR #76131)
via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Wed Dec 20 23:58:35 PST 2023
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-compiler-rt-sanitizer
Author: Vitaly Buka (vitalybuka)
<details>
<summary>Changes</summary>
---
Full diff: https://github.com/llvm/llvm-project/pull/76131.diff
3 Files Affected:
- (modified) compiler-rt/lib/hwasan/hwasan_report.cpp (+5-1)
- (modified) compiler-rt/test/hwasan/TestCases/Linux/syscalls.cpp (+1-1)
- (modified) compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c (+4-3)
``````````diff
diff --git a/compiler-rt/lib/hwasan/hwasan_report.cpp b/compiler-rt/lib/hwasan/hwasan_report.cpp
index bbe89112e4dbe1..71155c9814c186 100644
--- a/compiler-rt/lib/hwasan/hwasan_report.cpp
+++ b/compiler-rt/lib/hwasan/hwasan_report.cpp
@@ -648,19 +648,23 @@ void BaseReport::PrintHeapOrGlobalCandidate() const {
if (candidate.heap.is_allocated) {
uptr offset;
const char *whence;
+ const char *cause;
if (candidate.heap.begin <= untagged_addr &&
untagged_addr < candidate.heap.end) {
offset = untagged_addr - candidate.heap.begin;
whence = "inside";
+ cause = "heap-use-after-free";
} else if (candidate.after) {
offset = untagged_addr - candidate.heap.end;
whence = "after";
+ cause = "heap-buffer-overflow";
} else {
offset = candidate.heap.begin - untagged_addr;
whence = "before";
+ cause = "heap-buffer-underflow";
}
Printf("%s", d.Error());
- Printf("\nCause: heap-buffer-overflow\n");
+ Printf("\nCause: %s\n", cause);
Printf("%s", d.Default());
Printf("%s", d.Location());
Printf("%p is located %zd bytes %s a %zd-byte region [%p,%p)\n",
diff --git a/compiler-rt/test/hwasan/TestCases/Linux/syscalls.cpp b/compiler-rt/test/hwasan/TestCases/Linux/syscalls.cpp
index 154b6989899352..eee43f458fac10 100644
--- a/compiler-rt/test/hwasan/TestCases/Linux/syscalls.cpp
+++ b/compiler-rt/test/hwasan/TestCases/Linux/syscalls.cpp
@@ -26,7 +26,7 @@ int main(int argc, char *argv[]) {
__sanitizer_syscall_pre_recvmsg(0, buf - 1, 0);
// CHECK: HWAddressSanitizer: tag-mismatch on address [[PTR:0x[a-f0-9]+]]
- // CHECK: Cause: heap-buffer-overflow
+ // CHECK: Cause: heap-buffer-underflow
// CHECK: [[PTR]] is located 1 bytes before a 1000-byte region
free(buf);
diff --git a/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c b/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c
index 4e6638be584b0d..c1c7d458b9424f 100644
--- a/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c
+++ b/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c
@@ -29,7 +29,8 @@ int main(int argc, char **argv) {
if (size == 1000000) {
fprintf(stderr, "is a large allocated heap chunk; size: 1003520 offset: %d\n",
offset);
- fprintf(stderr, "Cause: heap-buffer-overflow\n");
+ fprintf(stderr, "Cause: heap-buffer-%s\n",
+ offset == -30 ? "underflow" : "overflow");
fprintf(stderr, "is located %s a 1000000-byte region\n",
offset == -30 ? "30 bytes before" : "0 bytes after");
return -1;
@@ -44,11 +45,11 @@ int main(int argc, char **argv) {
// CHECK80: Cause: heap-buffer-overflow
// CHECK80: is located 50 bytes after a 30-byte region
//
-// CHECKm30: Cause: heap-buffer-overflow
+// CHECKm30: Cause: heap-buffer-underflow
// CHECKm30: is located 30 bytes before a 30-byte region
//
// CHECKMm30: is a large allocated heap chunk; size: 1003520 offset: -30
-// CHECKMm30: Cause: heap-buffer-overflow
+// CHECKMm30: Cause: heap-buffer-underflow
// CHECKMm30: is located 30 bytes before a 1000000-byte region
//
// CHECKM: is a large allocated heap chunk; size: 1003520 offset: 1000000
``````````
</details>
https://github.com/llvm/llvm-project/pull/76131
More information about the llvm-branch-commits
mailing list