<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=http://email.email.llvm.org/c/eJzlWFtv2zYU_jXOCxFBluzIevCDkzRbsa0dmhbDngSaoiyulKiJVLL01-871MWXJFu6FeiKFa4lk-fynSsPszX5w_qXUtass6reMWFqx1UtW8br2jjulKktm0Wr2UWYZZbXyqlPss2GXZkRg9p1prPZxAvaWZSye-VKhncLDlOQjGiz7YoCBNidxVfs9vvN9dtfsu_ebd58-HHz7vX7X0HO2OZ284Zpye-kZVtZqjpntanPQ2ZLnpt7VsnKtA_MEgCmaiZkS4qZFbLmrTIesAx2AbvvLZP5BKZTtYujzJEiUJVcF-zetDkg4RPMwutZuOm_35eSNa3ZalmxrVHaMiivmTPMYef3TlryDunA75YNrLC9__if7OVOg396FvybRTdwFozfwaxZfI2FDdbY6L4r9ohWwkuPKPHrkgnecKHcA9gecRmds0r9E85a3r-IM53Fl0-6RlnGtTb3CA5c6sP999F2JXes6qwDKRNgqsHeNWz74INCAgV3pvVpwa0cMUFZ0UrQcojXkNSyVu4Tg7NcEZ2s3QQ9YDetqbzYzc-vWS6taFXjQ_4aKdPBcyVh5tZ2FRlB0FwJTfgQ1x3X8A9wtw7eofgc2ECAOq0fDow4Sr43ZqTsmnve5uQstaupRuFBCKMEzo209SxKALrk9Q5Y6gcgAA23RObzhwjJ6j0bbyW82kpo9y4o4K8hDyt4wEKaFB9Re51DKNywXzWdI9FkWmOUNYS6JbX2pGxgmy0ROcSFkzds58v0qoQ_VVfN4g0rnWssXnwy3Wy7nQ3EsB2Ydoe1Bv_HJbx6KRYvuQROPYtvVI7Um0dpFKfRof5bqYvzsayAUKKGSdNTOdirRwxgBtKWMvfcADSv94XJzq0jVaInmM_ZeTHWNJZ5nrfS2hOmQIhRQ6xqobtcUscTEJXLYha_emp36hRkuqkqU2foVrItuJAZ2GxQ7jkP8d-qqtGIqU9_JqtO-8bNLB62eKCorVAiTvZJBK_0RTXEzS9yOHd1Z-BVKubU56oSbOyXbKfNluts6EDLy-VseT2V9sDHqoesB-G7PZp8cokAuK6tT_jjS-xd75mJkwr0GAOxT2RD10CFVnAxCOmVtztB7RD533qmDS3dDcxT06IjKNuXtm9a8wn92NRu2HcSIn1r63EGE8F0blBbHvochPReytBqHAJ4QESBilYn_jjshpCpCjqCDo7EA8QjonnANtQlccwYhNjX2x7VZx0v-8Pj6Rb_WctHhoxgoxGsqam3NMwprb3zvx7k8BjrlE4T6KazZbbl4uMQo2H3JcGJA_a6Fq2kg-brWjl_1sqpYEMU7HBaJ8jH5JC8N-daaunkaeq_xBGLbyBLD3yybzaTWfsp5dgnpx2hnxfUEPV8Py2MfEc9Jnrs5NMW2bfHfmKwvIL7sfeRBhphoEblshZ7X36h1vOSmC6_gZhOYC_-Z50neb7zDBSXb9_-NI09B-u3TjZUr1y4jtMAqmXh_mLw_i_2tKc8tN8dBo5wX9LTCHEy_fnvq5bb8rkBcdNPd7fTZIbZ9er7V1c_sAJTqMzpt5_8-okYk1YgmgarcZIAY-Qju_KTyarrn-lPsnpvbr2PscqH4vRX4uu-PxNPOK5HtBD-sSDvhH_4mzUWnB9_k3SZpOlB7lCY4xB0Cx4vF3Mau7OMAJKB8eaKBvsP9T1iPbQfD751mmAH5kjMnMRsV-nFohdjD5wwyrrpvRCtaACjS4T1HQhQ0Y_GwexovattP4Jqg7GUvp5bTXtP3HSWBmK62Gk8d8bsNFr3TWkqelRaNQ3v3Ce84yL_0SKXaN3JqvEP0nw5WnLqqohsTKUokhMb_zrBvywyr_8UWUzI8jCSPog08n5ZpV70qdIFlCbFRRxGYcwTKXqnaLUVmb_HZh6HsB1EBQFdU_wrEZx7gkBQ7sc49zbziyPRS7JnXkSr1Av11F_WIi98smgq5LN8HedpnPIzCClNu54EnnWtXh_fRHc43bttgNsXIdJ34-Mcl8jfpHCHN9FlvIxXZ-V6kSRJvlrwbXSx5cvlMkz5IhVJGkm5vVheJGeab6W2a8xgqGYaJbwI6g7L67N_j0CtozDCJ4zm8xixC3g-R_nzOJoncS74crYIJQKnA5JD1-uzdu1F0r0bm1pZZ_eb3PpalB4wEDrltFxfPfeXQdyG3aPrMFWvoMZ6-ie45_8YOJw6OwwauL-2OA_OvKFrb-WfSCJjVA>53538</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Container annotations (-fstanitize=address) crash when used with sizeof(*buffer) < shadow granularity
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          mlippautz
      </td>
    </tr>
</table>

<pre>
    When using container annotations (`__sanitizer_annotate_contiguous_container`) with `sizeof(*buffer) < SHADOW_GRANULARITY`  ASAN leaves behind non-0 shadow memory state in certain scenarios (e.g. when used with `uint32_t` (half word)).

The problem boils down to the question whether 
```
 __sanitizer_annotate_contiguous_container(
    /* begin = */ buffer, 
    /* end = */ buffer + capacity,
    /* old mid = */ buffer + capacity,
    /* new mid = */ buffer + capacity);
```
is allowed to leave behind non-0 shadow memory state that must be cleaned up by the allocator in case buffer is freed and later reused with a different capacity. From the API description I would have assumed that this is the valid start/end state that is fully cleaned up.

Note that upwards aligning `end` doesn't change anything as `begin` and `end` are merely used for containments checks but not for computing the poisoned ranges.

This show up as issue in Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=1292392

Self-contained repro:
```
// clang++ -o asan_container -std=c++11 -fsanitize=address asan_container.cc
#include <cstddef>
#include <sanitizer/common_interface_defs.h>

// Simple malloc emulation satisfying 8 byte aligned memory.
alignas(void*) static uint32_t global_buffer[5];
void* my_malloc() { return global_buffer; }
void my_free(void*) { }

int main(int argc, char** argv) {
   size_t capacity = 1;
   // Get a new buffer.
   uint32_t* buffer = static_cast<uint32_t*>(my_malloc());
   if (buffer) {
    // 1. Allow whole range.
    __sanitizer_annotate_contiguous_container(buffer, buffer + capacity, buffer + capacity, buffer + capacity);
    // 2. Allow only up till size.
    __sanitizer_annotate_contiguous_container(buffer, buffer + capacity, buffer + capacity, buffer + 0);
  }
  // push_back()
  if (buffer) {
    // 3. Increase size.
    __sanitizer_annotate_contiguous_container(buffer, buffer + capacity, buffer + capacity, buffer + 1);
  }
  buffer[0] = 'c';
  // Delete buffer.
  if (buffer) {
    // 4. Allow whole range.
    __sanitizer_annotate_contiguous_container(buffer, buffer + capacity, buffer + capacity, buffer + capacity);
  }
  my_free(buffer);

  // Get a new buffer with increased capacity.
  capacity = 2;
  // my_malloc() returns the same block by coincidence.
  buffer = static_cast<uint32_t*>(my_malloc());
  if (buffer) {
    // 5. Allow whole range.
    __sanitizer_annotate_contiguous_container(buffer, buffer + capacity, buffer + capacity, buffer + capacity);
    // 6. Allow only up till size.
    __sanitizer_annotate_contiguous_container(buffer, buffer + capacity, buffer + capacity, buffer + 0);
  }
  // push_back()
  if (buffer) {
    // 7. Increase size.
    // BOOM:
    // Step 4. actually left behind non-0 shadow memory.
    __sanitizer_annotate_contiguous_container(buffer, buffer + capacity, buffer + capacity, buffer + 1);
  }
  if (buffer) {}
  return 0;
}
```

Crash:
```
AddressSanitizer: CHECK failed: asan_poisoning.cpp:377 "((*(u8*)MemToShadow(a))) == ((0))" (0x4, 0x0) (tid=795799)
    #0 0x4a3541 in __asan::CheckUnwind() asan_rtl.cpp.o
    #1 0x4b8964 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/local/google/home/mlippautz/workspace/temp/test+0x4b8964)
    #2 0x49ecf7 in __sanitizer_annotate_contiguous_container (/usr/local/google/home/mlippautz/workspace/temp/test+0x49ecf7)
    #3 0x4d02e1 in main (/usr/local/google/home/mlippautz/workspace/temp/test+0x4d02e1)
    #4 0x7f630203a7ec in __libc_start_main csu/../csu/libc-start.c:332:16
    #5 0x41f289 in _start (/usr/local/google/home/mlippautz/workspace/temp/test+0x41f289)
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzlWFtv2zYU_jXOCxFBluzYevCDkzRtsbUdmhbFngSaoiwulKiJVLL01-871MWXJF06BOiKFa4lk-fynSsPszHZ_epLISvWWlVtmTCV46qSDeNVZRx3ylSWTaLl5CxMU8sr5dRX2aT9rkyJQW1b09p05AXtJErYnXIFw7sFh8lJRrTetHkOAuxO4gt2_WZ9-eFL-vrj-v3nX9cf3376HeSMra_X75mW_FZatpGFqjJWmeo0ZLbgmbljpSxNc88sAWCqYkI2pJhZISveKOMBy2AbsLvOMpmNYFpVuThKHSkCVcF1zu5MkwESPsEkvJyE6-77UyFZ3ZiNliXbGKUtg_KKOcMcdv5spSXvkA78bljPCtu7j__Jnu80-Kdjwb9JdAVnwfgtzJrEl1hYY40N7rtgD2glvPSAEr_OmeA1F8rdg-0Bl9EZK9W_4azk3bM4k0l8_qhrlGVca3OH4MClPtz_HG1XcMfK1jqQMgGmCuxtzTb3PigkUHBnGp8W3MoBE5TljQQth3gNSQ1r5C4xOMsU0cnKjdADdtWY0otd__aWZdKKRtU-5G-RMi08VxBmbm1bkhEEzRXQhA9x3XIN_wB34-Adis-eDQSo1fp-z4iD5HtvBsq2vuNNRs5S24pqFB6EMErgzEhbTaIFQBe82gJLdQ8EoOGWyHz-ECFZvWPjjYRXGwnt3gU5_NXnYQkPWEiT4ga11zqEwvX7Zd06Ek2m1UZZQ6gbUmuPyga22QKRQ1w4ecO2vkwvCvhTteUkXrPCudrixSfT1abd2kD024Fptlir8X9YwquXYvGSSeDUk_hKZUi9aZREcRLt67-WOj8dygoIJWqYND2Wg516xABmIG0pc08NQPNqV5js1DpSJTqC6ZSd5kNNY5lnWSOtPWIKhBg0xKoSus0kdTwBUZnMJ_Grx3bHTkGmm7I0VYpuJZucC5mCzQbFjnMf_7Uqa42Y-vRnsmy1b9zM4mHze4raEiXiZJdE8EpXVH3c_CKHc5e3Bl6lYk58rirBhn7JttpsuE77DjQ_n0_ml2Np93ysvE87EL7bo8kvzhEA1zbVEX98jr3LHTNxUoEeYiD2kazvGqjQEi4GIb3yZiuoHSL_G8-0pqXbnnlsWnQEpbvS9k1rOqIfmtoVey0h0re2DmcwEoznBrXlvs9BSOelFK3GIYB7RBSoaHnkj_1uCJkqpyNo70jcQzwgmgZsTV0Sx4xBiH297VB91_GyOzweb_HftXxgyAA2GsCainpLzZzS2jv_x0EOD7GO6TSCrltbpBsubvoY9bvPCU4csLeVaCQdND_WyumTVo4FG6Jg-9N6gXxc7JN35lxKLZ08Tv3nOGL2E2Tpnk92zWY0azelHPrkuCN084Lqo57tpoWB76DHRA-dfNwiu_bYTQyWl3A_9m5ooBEGalQmK7Hz5Qu1nufEdP4TxHQEe_Y_6zyLpztPT3H-4cO7cezZW792sqZ65cK1nAZQLXP3jcH7v9jTHvPQbrcfOMJdSY8jxNH0578vGm6LpwbEdTfdXY-TGWbXizevLn5hOaZQmdFvP_l1EzEmrUDUNVbjxQIYIx_ZpZ9Mlm33TN7J8pO59j7GKu-L01-JL7v-TDzhsB7RQvjXjLwT_uVv1lhwfvxdJPNFkuzlDoU5DkE34_F8NqWxO00JIBkYry9osP9c3SHWffvx4BunCXZgDsRMScxmmZzNOjF2zwmDrKvOC9GSBjC6RFjfgQAV_WgYzA7W28p2I6g2GEvp66nVpPPEVWtpIKaLncZza8xWo3VfFaakR6lVXfPWfcU7LvI3FrlE606WtX-Q5vPBkmNXRWRjIkW-OLLx2wn-ssi8_mNkMSHLwkj6INLI-7JKvehjpTMoXeRncRiFMV9I0TlFq41I_T029TiEbSEqCOia4l-J4NQTBIJyP8a5t56eHYiekz3TPFomXqinflmLvPDRorGQT7JVnCVxwk-cclquLp76Exeude7BvY7SUFCHOP5b0tN_1erb5xYnJi5iDRrbSdvo1eGVdwsZ7SbANY9M17fD4xS31T-kcPtX3nk8j5cnxepsullmYSwX8ewslslGJDGfnc15Fs3mi2nETzTfSG1XGPbQNmhm8SKoDc0vT9QqCiN8wmg6jRHigGdTdAkeR9NFnAk-n8xCifjqgHDQLfykWXlIdD3HplbW2d0mt75kpVcH-QhRYZrVGK4Tr3zlwf8NK9FNxQ">