[PATCH] D85378: Fix off-by-one error in size of the required shadow memory passed to `MapDynamicShadow`.
Dan Liew via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Aug 5 17:06:18 PDT 2020
delcypher created this revision.
delcypher added reviewers: kubamracek, yln, tejohnson.
Herald added a project: Sanitizers.
Herald added a subscriber: Sanitizers.
delcypher requested review of this revision.
The VM region is [kLowMemBegin, kHighMemEnd] (note the inclusive
ranges). Thus the size of the region is
kHighMemEnd - kLowMemBegin + 1
Note `kLowMemBegin` is assumed to be 0 so the size that should be
passed to `MemToShadowSize()` should be `kHighMemEnd + 1`, not
`kHighMemEnd`.
The overall effect of this bug is we were requesting a shadow memory 1-byte
smaller than required. This is due to the way kHighMemEnd is aligned (adding `+1`
changes bits that aren't removed by doing ` >> SHADOW_SCALE`).
This latent bug was likely hidden because the shadow memory size is
always page aligned due to being allocated by mmap.
Note this bug was present before the refactor introduced by
5d2be1a18845 <https://reviews.llvm.org/rG5d2be1a18845c528d3e86f7efcc59872e4a757c3>. However, the refactor preserved it.
rdar://problem/66600450
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D85378
Files:
compiler-rt/lib/asan/asan_mac.cpp
Index: compiler-rt/lib/asan/asan_mac.cpp
===================================================================
--- compiler-rt/lib/asan/asan_mac.cpp
+++ compiler-rt/lib/asan/asan_mac.cpp
@@ -55,7 +55,8 @@
}
uptr FindDynamicShadowStart() {
- return MapDynamicShadow(MemToShadowSize(kHighMemEnd), SHADOW_SCALE,
+ // VM range is [0, kHighMemEnd] so size is (kHighMemEnd - 0 + 1).
+ return MapDynamicShadow(MemToShadowSize(kHighMemEnd + 1), SHADOW_SCALE,
/*min_shadow_base_alignment*/ 0, kHighMemEnd);
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D85378.283446.patch
Type: text/x-patch
Size: 535 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200806/f5b9fa33/attachment.bin>
More information about the llvm-commits
mailing list