[all-commits] [llvm/llvm-project] a9356a: [ASan][libcxx] Annotating std::vector with all all...

Tacet via All-commits all-commits at lists.llvm.org
Thu Feb 23 11:46:59 PST 2023


  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: a9356a515b5a1a3637eaf5820fc0d2c0dad21a64
      https://github.com/llvm/llvm-project/commit/a9356a515b5a1a3637eaf5820fc0d2c0dad21a64
  Author: Advenam Tacet <advenam.tacet at trailofbits.com>
  Date:   2023-02-23 (Thu, 23 Feb 2023)

  Changed paths:
    M libcxx/include/vector
    M libcxx/test/libcxx/containers/sequences/vector/asan.pass.cpp
    M libcxx/test/std/containers/sequences/vector/access.pass.cpp
    M libcxx/test/std/containers/sequences/vector/contiguous.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.capacity/empty.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.capacity/reserve.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.capacity/resize_size.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.capacity/resize_size_value.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.capacity/shrink_to_fit.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.capacity/size.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.capacity/swap.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/assign_copy.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/assign_move.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/construct_iter_iter.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/construct_iter_iter_alloc.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/construct_size.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/construct_size_value.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/construct_size_value_alloc.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/copy.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/copy_alloc.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/initializer_list.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/initializer_list_alloc.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/move.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.cons/move_alloc.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.data/data.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.data/data_const.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.erasure/erase.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.erasure/erase_if.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.modifiers/clear.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.modifiers/emplace.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.modifiers/emplace_back.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.modifiers/emplace_extra.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.modifiers/insert_iter_lvalue.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.modifiers/insert_iter_rvalue.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.modifiers/insert_iter_size_value.pass.cpp
    M libcxx/test/std/containers/sequences/vector/vector.special/swap.pass.cpp
    M libcxx/test/support/min_allocator.h

  Log Message:
  -----------
  [ASan][libcxx] Annotating std::vector with all allocators

This revision is a part of a series of patches extending
AddressSanitizer C++ container overflow detection
capabilities by adding annotations, similar to those existing
in std::vector, to std::string and std::deque collections.
These changes allow ASan to detect cases when the instrumented
program accesses memory which is internally allocated by
the collection but is still not in-use (accesses before or
after the stored elements for std::deque, or between the size and
capacity bounds for std::string).

The motivation for the research and those changes was a bug,
found by Trail of Bits, in a real code where an out-of-bounds read
could happen as two strings were compared via a std::equals function
that took iter1_begin, iter1_end, iter2_begin iterators
(with a custom comparison function).
When object iter1 was longer than iter2, read out-of-bounds on iter2
could happen. Container sanitization would detect it.

In revision D132522, support for non-aligned memory buffers (sharing
first/last granule with other objects) was added, therefore the
check for standard allocator is not necessary anymore.
This patch removes the check in std::vector annotation member
function (__annotate_contiguous_container) to support
different allocators.

Additionally, this revision fixes unpoisoning in std::vector.
It guarantees that __alloc_traits::deallocate may access returned memory.
Originally suggested in D144155 revision.

If you have any questions, please email:
 - advenam.tacet at trailofbits.com
 - disconnect3d at trailofbits.com

Reviewed By: #libc, #sanitizers, philnik, vitalybuka

Spies: hans, EricWF, philnik, #sanitizers, libcxx-commits

Differential Revision: https://reviews.llvm.org/D136765




More information about the All-commits mailing list