[compiler-rt] r296653 - Reapply r296419: [asan] Print a "PC is at a non-executable memory region" message if that's the case

Filipe Cabecinhas via llvm-commits llvm-commits at lists.llvm.org
Wed Mar 1 10:52:11 PST 2017 

Author: filcab
Date: Wed Mar  1 12:52:11 2017
New Revision: 296653

URL: http://llvm.org/viewvc/llvm-project?rev=296653&view=rev
Log:
Reapply r296419: [asan] Print a "PC is at a non-executable memory region" message if that's the case

Summary: Points the user to look at function pointer assignments.

Reviewers: kcc, eugenis, kubamracek

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D30432

Added:
    compiler-rt/trunk/test/asan/TestCases/non-executable-pc.cpp
Modified:
    compiler-rt/trunk/lib/asan/asan_errors.cc

Modified: compiler-rt/trunk/lib/asan/asan_errors.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_errors.cc?rev=296653&r1=296652&r2=296653&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/asan_errors.cc (original)
+++ compiler-rt/trunk/lib/asan/asan_errors.cc Wed Mar  1 12:52:11 2017
@@ -58,6 +58,16 @@ static void MaybeDumpRegisters(void *con
   SignalContext::DumpAllRegisters(context);
 }
 
+static void MaybeReportNonExecRegion(uptr pc) {
+  MemoryMappingLayout proc_maps(/*cache_enabled*/ true);
+  uptr start, end, protection;
+  while (proc_maps.Next(&start, &end, nullptr, nullptr, 0, &protection)) {
+    if (pc >= start && pc < end &&
+        !(protection & MemoryMappingLayout::kProtectionExecute))
+      Report("Hint: PC is at a non-executable region. Maybe a wild jump?\n");
+  }
+}
+
 void ErrorDeadlySignal::Print() {
   Decorator d;
   Printf("%s", d.Warning());
@@ -77,6 +87,7 @@ void ErrorDeadlySignal::Print() {
     if (addr < GetPageSizeCached())
       Report("Hint: address points to the zero page.\n");
   }
+  MaybeReportNonExecRegion(pc);
   scariness.Print();
   BufferedStackTrace stack;
   GetStackTraceWithPcBpAndContext(&stack, kStackTraceMax, pc, bp, context,

Added: compiler-rt/trunk/test/asan/TestCases/non-executable-pc.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/non-executable-pc.cpp?rev=296653&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/non-executable-pc.cpp (added)
+++ compiler-rt/trunk/test/asan/TestCases/non-executable-pc.cpp Wed Mar  1 12:52:11 2017
@@ -0,0 +1,33 @@
+// RUN: %clangxx_asan %s -o %t
+// RUN: not %run %t 0 2>&1 | FileCheck %s
+// RUN: not %run %t n 2>&1 | FileCheck %s -check-prefix=CHECK -check-prefix=NON_EXEC
+
+// Only Linux and FreeBSD list every memory region in MemoryMappingLayout, for now.
+// REQUIRES: linux || freebsd
+
+#include <assert.h>
+
+typedef void void_f();
+int main(int argc, char **argv) {
+  char *array = new char[42];
+  void_f *func;
+  assert(argc > 1);
+  if (argv[1][0] == '0') {
+    func = (void_f *)0x04;
+  } else {
+    assert(argv[1][0] == 'n');
+    func = (void_f *)array;
+  }
+
+  func();
+  // x86 reports the SEGV with both address=X and pc=X.
+  // On PowerPC64 ELFv1, the pointer is taken to be a function-descriptor
+  // pointer out of which three 64-bit quantities are read. This will SEGV, but
+  // the compiler is free to choose the order. As a result, the address is
+  // either X, X+0x8 or X+0x10. The pc is still in main() because it has not
+  // actually made the call when the faulting access occurs.
+  // CHECK: DEADLYSIGNAL
+  // CHECK: {{AddressSanitizer: (SEGV|access-violation).*(address|pc) }}
+  // NON_EXEC: PC is at a non-executable region. Maybe a wild jump?
+  return 0;
+}

More information about the llvm-commits mailing list