[llvm-commits] [compiler-rt] r168040 - in /compiler-rt/trunk/lib/asan: asan_allocator.cc asan_internal.h asan_report.cc asan_thread.cc

[Alexander Potapenko]

Author: glider
Date: Thu Nov 15 07:40:44 2012
New Revision: 168040

URL: http://llvm.org/viewvc/llvm-project?rev=168040&view=rev
Log:
[ASan] Poison the leftmost shadow byte with a special value so that we can find
the beginning of the fake frame when reporting an use-after-return error.
Fixes http://code.google.com/p/address-sanitizer/issues/detail?id=126


Modified:
    compiler-rt/trunk/lib/asan/asan_allocator.cc
    compiler-rt/trunk/lib/asan/asan_internal.h
    compiler-rt/trunk/lib/asan/asan_report.cc
    compiler-rt/trunk/lib/asan/asan_thread.cc

Modified: compiler-rt/trunk/lib/asan/asan_allocator.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_allocator.cc?rev=168040&r1=168039&r2=168040&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/asan_allocator.cc (original)
+++ compiler-rt/trunk/lib/asan/asan_allocator.cc Thu Nov 15 07:40:44 2012
@@ -998,6 +998,10 @@
   CHECK(fake_frame->descr != 0);
   CHECK(fake_frame->size_minus_one == size - 1);
   PoisonShadow(ptr, size, kAsanStackAfterReturnMagic);
+  CHECK(size >= SHADOW_GRANULARITY);
+  // Poison the leftmost shadow byte with a special value so that we can find
+  // the beginning of the fake frame when reporting an error.
+  PoisonShadow(ptr, SHADOW_GRANULARITY, kAsanStackAfterReturnLeftMagic);
 }
 
 }  // namespace __asan

Modified: compiler-rt/trunk/lib/asan/asan_internal.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_internal.h?rev=168040&r1=168039&r2=168040&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/asan_internal.h (original)
+++ compiler-rt/trunk/lib/asan/asan_internal.h Thu Nov 15 07:40:44 2012
@@ -160,6 +160,7 @@
 const int kAsanStackAfterReturnMagic = 0xf5;
 const int kAsanInitializationOrderMagic = 0xf6;
 const int kAsanUserPoisonedMemoryMagic = 0xf7;
+const int kAsanStackAfterReturnLeftMagic = 0xf8;
 const int kAsanGlobalRedzoneMagic = 0xf9;
 const int kAsanInternalHeapMagic = 0xfe;
 

Modified: compiler-rt/trunk/lib/asan/asan_report.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_report.cc?rev=168040&r1=168039&r2=168040&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/asan_report.cc (original)
+++ compiler-rt/trunk/lib/asan/asan_report.cc Thu Nov 15 07:40:44 2012
@@ -450,6 +450,7 @@
         bug_descr = "stack-buffer-overflow";
         break;
       case kAsanStackAfterReturnMagic:
+      case kAsanStackAfterReturnLeftMagic:
         bug_descr = "stack-use-after-return";
         break;
       case kAsanUserPoisonedMemoryMagic:

Modified: compiler-rt/trunk/lib/asan/asan_thread.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_thread.cc?rev=168040&r1=168039&r2=168040&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/asan_thread.cc (original)
+++ compiler-rt/trunk/lib/asan/asan_thread.cc Thu Nov 15 07:40:44 2012
@@ -131,12 +131,14 @@
   u8 *shadow_bottom = (u8*)MemToShadow(bottom);
 
   while (shadow_ptr >= shadow_bottom &&
-      *shadow_ptr != kAsanStackLeftRedzoneMagic) {
+      *shadow_ptr != kAsanStackLeftRedzoneMagic &&
+      *shadow_ptr != kAsanStackAfterReturnLeftMagic) {
     shadow_ptr--;
   }
 
   while (shadow_ptr >= shadow_bottom &&
-      *shadow_ptr == kAsanStackLeftRedzoneMagic) {
+      (*shadow_ptr == kAsanStackLeftRedzoneMagic ||
+       *shadow_ptr == kAsanStackAfterReturnLeftMagic)) {
     shadow_ptr--;
   }