[compiler-rt] DO_NOT_MERGE (PR #66682)
Vitaly Buka via llvm-commits
llvm-commits at lists.llvm.org
Tue Sep 19 19:25:11 PDT 2023
================
@@ -427,74 +429,128 @@ class BaseReport {
bool from_small_heap = false;
bool is_allocated = false;
} heap;
+
+ struct {
+ uptr untagged_addr = 0;
+ bool after = false;
+ bool is_close = false;
+
+ struct {
+ uptr begin = 0;
+ uptr end = 0;
+ u32 thread_id = 0;
+ u32 stack_id = 0;
+ bool is_allocated = false;
+ } heap;
+ } candidate;
};
-void BaseReport::PrintHeapOrGlobalCandidate(tag_t *candidate, tag_t *left,
- tag_t *right) const {
+void BaseReport::FindBufferOverflowCandidate() {
+ // Check if this looks like a heap buffer overflow by scanning
+ // the shadow left and right and looking for the first adjacent
+ // object with a different memory tag. If that tag matches ptr_tag,
+ // check the allocator if it has a live chunk there.
+ tag_t *tag_ptr = reinterpret_cast<tag_t *>(MemToShadow(untagged_addr));
+ tag_t *candidate_tag_ptr = nullptr, *left = tag_ptr, *right = tag_ptr;
+ uptr candidate_distance = 0;
+ for (; candidate_distance < 1000; candidate_distance++) {
+ if (MemIsShadow(reinterpret_cast<uptr>(left)) && TagsEqual(ptr_tag, left)) {
+ candidate_tag_ptr = left;
+ break;
+ }
+ --left;
+ if (MemIsShadow(reinterpret_cast<uptr>(right)) &&
+ TagsEqual(ptr_tag, right)) {
+ candidate_tag_ptr = right;
+ break;
+ }
+ ++right;
+ }
+
+ constexpr auto kCloseCandidateDistance = 1;
+ candidate.is_close = candidate_distance <= kCloseCandidateDistance;
+
+ {
+ candidate.after = candidate_tag_ptr == left;
+ candidate.untagged_addr =
+ ShadowToMem(reinterpret_cast<uptr>(candidate_tag_ptr));
+ HwasanChunkView chunk = FindHeapChunkByAddress(candidate.untagged_addr);
+ if (chunk.IsAllocated()) {
+ candidate.heap.is_allocated = chunk.IsAllocated();
----------------
vitalybuka wrote:
done
https://github.com/llvm/llvm-project/pull/66682
More information about the llvm-commits
mailing list