[cfe-dev] Buildling with/without AddressSanitizer causes divergent execution behaviour

Dan Liew via cfe-dev cfe-dev at lists.llvm.org
Wed Feb 17 11:23:01 PST 2016


> m_segments is at the end of the clause_allocator object, which I'm assuming
> is allocated in another object sls here:
>         clause_allocator m_alloc;              // clause allocator
>         clause_vector    m_bin_clauses;        // binary clauses
> The out-of-bounds access probably touches memory in m_bin_clauses.
>
> One of ASan's limitations is that it can't currently catch intra-object
> overflow:
> https://github.com/google/sanitizers/wiki/AddressSanitizerIntraObjectOverflow
> There's a prototype that adds padding to make it possible to catch this kind
> of bug, but I haven't seen anyone pushing it forward for a while now.

Wow thanks for the useful and fast response. It's a shame that ASan
can't catch this but in general this problem looks hard. The approach
of putting redzones betweens fields mentioned in that wiki page sounds
like it could still miss bugs as there will be some offsets that would
cause the redzones between fields to be missed. Doing that also
changes the size of objects which means you'll break ABI
compatibility. It's certainly better than nothing though.

Perhaps this limitation should be added to the Address Sanitizer FAQ?
I'd would add it myself but I don't have access.

Thanks,
Dan.



More information about the cfe-dev mailing list