<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - ASan should provide d'tor stack traces for use-after-poison."
href="https://bugs.llvm.org/show_bug.cgi?id=41592">41592</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>ASan should provide d'tor stack traces for use-after-poison.
</td>
</tr>
<tr>
<th>Product</th>
<td>compiler-rt
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>asan
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>mitchphillips@outlook.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>ASAN use-after-poison reports do not contain a strack trace for the destructor
of the object. This is a problem in allocation pools where the d'tor is called,
but free may be delayed. We do not get any stack trace for the deallocation,
and lifetime issues are hard to debug (<a href="https://reviews.llvm.org/D61048">https://reviews.llvm.org/D61048</a>).
Consider this a proposal to add shadow bytes to logically identify { start of
poisoned zone, poisoned zone }. When we find a poisoned shadow byte, traverse
the shadow left to find the start of the poisoned zone.
We can store the destructor's trace in the stack depot, and use the poisoned
memory to store a pointer to the trace in the depot.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>