[all-commits] [llvm/llvm-project] dcf23e: [GWP-ASan] Fix up bad report for in-page underflow...

Mitch Phillips via All-commits all-commits at lists.llvm.org
Tue Jan 10 10:30:13 PST 2023


  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: dcf23e13615f88bdd4975058595ee60cf1d5811c
      https://github.com/llvm/llvm-project/commit/dcf23e13615f88bdd4975058595ee60cf1d5811c
  Author: Mitch Phillips <31459023+hctim at users.noreply.github.com>
  Date:   2023-01-10 (Tue, 10 Jan 2023)

  Changed paths:
    M compiler-rt/lib/gwp_asan/crash_handler.cpp
    M compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp
    A compiler-rt/test/gwp_asan/free_then_overflow.cpp
    A compiler-rt/test/gwp_asan/free_then_underflow.cpp
    M compiler-rt/test/gwp_asan/heap_buffer_overflow.cpp
    M compiler-rt/test/gwp_asan/heap_buffer_underflow.cpp

  Log Message:
  -----------
  [GWP-ASan] Fix up bad report for in-page underflow w/ UaF

Complex scenario, but reports when there's both a use-after-free and
buffer-underflow that is in-page (i.e. doesn't touch the guard page)
ended up generating a pretty bad report:

'Use After Free at 0x7ff392e88fef (18446744073709551615 bytes into a
1-byte allocation at 0x7ff392e88ff0) by thread 3836722 here:'

(note the 2^64-bytes-into-alloc, very cool and good!)

Fix up that case, and add a diagnostic about when you have both a
use-after-free and a buffer-overflow that it's probably a bogus report
(assuming the developer didn't *really* screw up and have a uaf+overflow
bug at the same time).

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D139885




More information about the All-commits mailing list