[llvm-branch-commits] [asan] Record container poisoning in poison history (PR #195674)

via llvm-branch-commits llvm-branch-commits at lists.llvm.org
Mon May 4 08:22:23 PDT 2026 

llvmorg-github-actions[bot] wrote:


<!--LLVM PR SUMMARY COMMENT-->

@llvm/pr-subscribers-compiler-rt-sanitizer

Author: Vitaly Buka (vitalybuka)

<details>
<summary>Changes</summary>



---
Full diff: https://github.com/llvm/llvm-project/pull/195674.diff


3 Files Affected:

- (modified) compiler-rt/lib/asan/asan_errors.cpp (+1) 
- (modified) compiler-rt/lib/asan/asan_poisoning.cpp (+7) 
- (modified) compiler-rt/test/asan/TestCases/contiguous_container_crash.cpp (+14-8) 


``````````diff
diff --git a/compiler-rt/lib/asan/asan_errors.cpp b/compiler-rt/lib/asan/asan_errors.cpp
index c777ecce5f529..7b59c6c860bee 100644
--- a/compiler-rt/lib/asan/asan_errors.cpp
+++ b/compiler-rt/lib/asan/asan_errors.cpp
@@ -661,6 +661,7 @@ static void CheckPoisonRecords(uptr addr) {
   }
 
   if (shadow_val != kAsanUserPoisonedMemoryMagic &&
+      shadow_val != kAsanContiguousContainerOOBMagic &&
       shadow_val >= ASAN_SHADOW_GRANULARITY) {
     return;
   }
diff --git a/compiler-rt/lib/asan/asan_poisoning.cpp b/compiler-rt/lib/asan/asan_poisoning.cpp
index fffb3b4ac08f1..822f3bc1bd954 100644
--- a/compiler-rt/lib/asan/asan_poisoning.cpp
+++ b/compiler-rt/lib/asan/asan_poisoning.cpp
@@ -507,6 +507,8 @@ void __sanitizer_annotate_contiguous_container(const void *beg_p,
   if (old_end == new_end)
     return;  // Nothing to do here.
 
+  RecordPoison(new_end, old_end);
+
   FixUnalignedStorage(storage_beg, storage_end, old_beg, old_end, new_beg,
                       new_end);
 
@@ -582,6 +584,9 @@ void __sanitizer_annotate_double_ended_contiguous_container(
       (old_beg == new_beg && old_end == new_end))
     return;  // Nothing to do here.
 
+  RecordPoison(old_beg, new_beg);
+  RecordPoison(new_end, old_end);
+
   FixUnalignedStorage(storage_beg, storage_end, old_beg, old_end, new_beg,
                       new_end);
 
@@ -779,6 +784,8 @@ void __sanitizer_copy_contiguous_container_annotations(const void *src_beg_p,
   uptr dst_beg = reinterpret_cast<uptr>(dst_beg_p);
   uptr dst_end = reinterpret_cast<uptr>(dst_end_p);
 
+  // RecordPoison(dst_beg, dst_end);
+
   constexpr uptr granularity = ASAN_SHADOW_GRANULARITY;
 
   if (src_beg > src_end || (dst_end - dst_beg) != (src_end - src_beg)) {
diff --git a/compiler-rt/test/asan/TestCases/contiguous_container_crash.cpp b/compiler-rt/test/asan/TestCases/contiguous_container_crash.cpp
index 93e0d8d158d80..b3053b0fd046f 100644
--- a/compiler-rt/test/asan/TestCases/contiguous_container_crash.cpp
+++ b/compiler-rt/test/asan/TestCases/contiguous_container_crash.cpp
@@ -1,5 +1,6 @@
 // RUN: %clangxx_asan -O %s -o %t
 // RUN: not %run %t crash 2>&1 | FileCheck --check-prefix=CHECK-CRASH %s
+// RUN: %env_asan_opts=poison_history_size=10000 not %run %t crash 2>&1 | FileCheck --check-prefix=CHECK-CRASH,POISON %s
 // RUN: not %run %t bad-bounds 2>&1 | FileCheck --check-prefix=CHECK-BAD-BOUNDS %s
 // RUN: not %run %t unaligned-bad-bounds 2>&1 | FileCheck --check-prefix=CHECK-UNALIGNED-BAD-BOUNDS %s --implicit-check-not="beg is not aligned by"
 // RUN: not %run %t odd-alignment 2>&1 | FileCheck --check-prefix=CHECK-CRASH %s
@@ -8,6 +9,8 @@
 //
 // RUN: not %run %t double-crash-beg 2>&1 | FileCheck --check-prefix=DOUBLE-CRASH-BEG %s
 // RUN: not %run %t double-crash-end 2>&1 | FileCheck --check-prefix=DOUBLE-CRASH-END %s
+// RUN: %env_asan_opts=poison_history_size=10000 not %run %t double-crash-beg 2>&1 | FileCheck --check-prefix=DOUBLE-CRASH-BEG,POISON %s
+// RUN: %env_asan_opts=poison_history_size=10000 not %run %t double-crash-end 2>&1 | FileCheck --check-prefix=DOUBLE-CRASH-END,POISON %s
 // RUN: not %run %t double-bad-bounds 2>&1 | FileCheck --check-prefix=DOUBLE-BAD-BOUNDS %s
 // RUN: not %run %t double-unaligned-bad-bounds 2>&1 | FileCheck --check-prefix=DOUBLE-UNALIGNED-BAD-BOUNDS %s --implicit-check-not="beg is not aligned by"
 // RUN: not %run %t double-odd-alignment 2>&1 | FileCheck --check-prefix=DOUBLE-CRASH-BEG %s
@@ -69,8 +72,8 @@ int DoubleEndedTestCrashBeg() {
   t[15] = 0;
   __sanitizer_annotate_double_ended_contiguous_container(
       &t[0], &t[0] + 100, &t[0], &t[0] + 100, &t[0] + 25, &t[0] + 75);
-// DOUBLE-CRASH-BEG: AddressSanitizer: container-overflow
-// DOUBLE-CRASH-BEG: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0
+  // DOUBLE-CRASH-BEG: AddressSanitizer: container-overflow
+  // DOUBLE-CRASH-BEG: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0
   return (int)t[15 * one];
 }
 
@@ -79,21 +82,21 @@ int DoubleEndedTestCrashEnd() {
   t[85] = 0;
   __sanitizer_annotate_double_ended_contiguous_container(
       &t[0], &t[0] + 100, &t[0], &t[0] + 100, &t[0] + 25, &t[0] + 75);
-// DOUBLE-CRASH-END: AddressSanitizer: container-overflow
-// DOUBLE-CRASH-END: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0
+  // DOUBLE-CRASH-END: AddressSanitizer: container-overflow
+  // DOUBLE-CRASH-END: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0
   return (int)t[85 * one];
 }
 
 void DoubleEndedBadBounds() {
   long t[100];
-// DOUBLE-BAD-BOUNDS: ERROR: AddressSanitizer: bad parameters to __sanitizer_annotate_double_ended_contiguous_container
+  // DOUBLE-BAD-BOUNDS: ERROR: AddressSanitizer: bad parameters to __sanitizer_annotate_double_ended_contiguous_container
   __sanitizer_annotate_double_ended_contiguous_container(
       &t[0], &t[0] + 100, &t[0], &t[0] + 100, &t[0] + 75, &t[0] + 25);
 }
 
 void DoubleEndedUnalignedBadBounds() {
   char t[100];
-// DOUBLE-UNALIGNED-BAD-BOUNDS: ERROR: AddressSanitizer: bad parameters to __sanitizer_annotate_double_ended_contiguous_container
+  // DOUBLE-UNALIGNED-BAD-BOUNDS: ERROR: AddressSanitizer: bad parameters to __sanitizer_annotate_double_ended_contiguous_container
   __sanitizer_annotate_double_ended_contiguous_container(
       &t[1], &t[0] + 100, &t[0], &t[0] + 100, &t[0] + 25, &t[0] + 75);
 }
@@ -103,7 +106,7 @@ int DoubleEndedOddAlignment() {
   t[5] = 0;
   __sanitizer_annotate_double_ended_contiguous_container(
       &t[1], &t[0] + 100, &t[1], &t[0] + 100, &t[1] + 10, &t[1] + 60);
-// DOUBLE-CRASH-BEG: AddressSanitizer: container-overflow
+  // DOUBLE-CRASH-BEG: AddressSanitizer: container-overflow
   return (int)t[5 * one];
 }
 
@@ -112,10 +115,13 @@ int DoubleEndedOddAlignmentEnd() {
   t[95] = 0;
   __sanitizer_annotate_double_ended_contiguous_container(
       &t[0], &t[0] + 99, &t[0], &t[0] + 99, &t[0] + 10, &t[0] + 90);
-// DOUBLE-CRASH-END: AddressSanitizer: container-overflow
+  // DOUBLE-CRASH-END: AddressSanitizer: container-overflow
   return (int)t[95 * one];
 }
 
+// POISON: Memory was manually poisoned by thread T0:
+// POISON: TestCrash
+
 int main(int argc, char **argv) {
   assert(argc == 2);
   if (!strcmp(argv[1], "crash"))

``````````

</details>


https://github.com/llvm/llvm-project/pull/195674

More information about the llvm-branch-commits mailing list