[LLVMbugs] [Bug 17059] New: [ASan RTL] Highlight nearest stack object in ASan error report

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Mon Sep 2 14:11:27 PDT 2013 

http://llvm.org/bugs/show_bug.cgi?id=17059

            Bug ID: 17059
           Summary: [ASan RTL] Highlight nearest stack object in ASan
                    error report
           Product: compiler-rt
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: compiler-rt
          Assignee: unassignedbugs at nondot.org
          Reporter: chandlerc at gmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Simple buggy program:
% cat asan/bug.cpp  
#include <iostream>

static const char hello[] = "Hello";
static const char world[] = "World";

void copy_hello(char *output) {
  for (auto c : hello)
    *output++ = c;
}

void copy_world(char *output) {
  for (auto c : world)
    *output++ = c;
}

int main() {
  // Buffer of 11 characters for "Hello", "World" and the space in between.
  char buffer[10 + 1];

  copy_hello(buffer);
  buffer[5] = ' ';
  copy_world(buffer + 6);

  std::cout << std::string(buffer) << std::endl;
}


When run, it produces this output with ASan:

% ./asan_bug 
=================================================================
==22200==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fff9bbd448b at pc 0x43fed8 bp 0x7fff9bbd4190 sp 0x7fff9bbd4188
WRITE of size 1 at 0x7fff9bbd448b thread T0
    #0 0x43fed7 (/home/chandlerc/src/llvm.git/build/gn_2013/asan_bug+0x43fed7)
    #1 0x440116 (/home/chandlerc/src/llvm.git/build/gn_2013/asan_bug+0x440116)
    #2 0x2aaaab60c60c (/lib64/libc.so.6+0x2460c)
    #3 0x43f658 (/home/chandlerc/src/llvm.git/build/gn_2013/asan_bug+0x43f658)
Address 0x7fff9bbd448b is located in stack of thread T0 at offset 43 in frame
    #0 0x43ff8f (/home/chandlerc/src/llvm.git/build/gn_2013/asan_bug+0x43ff8f)
  This frame has 5 object(s):
    [32, 43) 'buffer'
    [96, 104) 'ref.tmp'
    [160, 161) 'ref.tmp3'
    [224, 232) 'exn.slot'
    [288, 292) 'ehselector.slot'
<snip>

When we have information about the frame's objects it would be really nice to
highlight the nearest one to the stack buffer error:

    [32, 43) 'buffer' <-- WRITE of size 1 starts 1 byte past this object!

Or if it is overlapping (say 4 byte write starting at offset 41:

    [32, 43) 'buffer' <-- WRITE of size 4 extends 2 bytes past this object!

Or in the case of underflow:

    [32, 43) 'buffer' <-- WRITE of size 4 starts 1 byte before this object!


Also, color this line something eye catching as it is probably even more useful
than the green "Address ... is located in stack of thread T0 ..." message.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20130902/f1534845/attachment.html>

More information about the llvm-bugs mailing list