[llvm-commits] Fix a use-after-return in AddressSanitizer runtime

Thu Dec 15 10:56:43 PST 2011

On Thu, Dec 15, 2011 at 10:40 AM, Alexander Potapenko <glider at google.com>wrote:

> Uh-oh, then that's really a coincidence. Sorry for the false alarm.
> Then we really need to poison all the internal structures to see
> what's going on there.
>
Done in r146531.
And I found the bug (with printf's help):
http://code.google.com/p/address-sanitizer/issues/detail?id=19
--kcc

>
> On Thu, Dec 15, 2011 at 9:31 PM, Kostya Serebryany <kcc at google.com> wrote:
> > Could you please describe what the bug is?
> >
> > I see that we have a use-after-return in __asan_register_global(uintptr_t
> > addr, size_t size, const char *name)
> > but this function is only used by the gcc variant which I did not touch
> for
> > ages. (Still, OMG)
> >
> > In void __asan_register_globals(__asan_global *globals, size_t n),
> > which is used by the LLVM variant, I don't see a use-after-return.
> >
> > (I like the idea to poison the memory allocated by LowLevelAllocator,
> I'll
> > land a patch shortly).
> >
> > --kcc
> >
> >
> > On Thu, Dec 15, 2011 at 7:32 AM, Alexander Potapenko <glider at google.com>
> > wrote:
> >>
> >> The attached patch fixes a use-after-return in ASan runtime.
> >> Previously stack-local objects representing global variables were
> >> passed to RegisterGlobal and put into the globals list that was
> >> scanned later, when those objects had been overwritten.
> >>
> >> Related changes: s/Print/Report in RegisterGlobal (we may need the
> >> PIDs when analyzing the logs), poison the memory returned by the
> >> LowLevelAllocator to prevent possible corruptions.
> >>
> >>
> >> Alexander Potapenko
> >> Software Engineer
> >> Google Moscow
> >
> >
>
>
>
> --
> Alexander Potapenko
> Software Engineer
> Google Moscow
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20111215/13174ba7/attachment.html>