[compiler-rt] Poison last word of FakeFrame (PR #133689)
Vitaly Buka via llvm-commits
llvm-commits at lists.llvm.org
Tue Apr 8 15:28:26 PDT 2025
================
@@ -231,6 +232,13 @@ static ALWAYS_INLINE uptr OnMalloc(uptr class_id, uptr size) {
return 0; // Out of fake stack.
uptr ptr = reinterpret_cast<uptr>(ff);
SetShadow(ptr, size, class_id, 0);
+
+ // Poison everything beyond user size, use kNumberOfSizeClasses to prevent
+ // SetShadow from inlining PoisonShadow
+ SetShadow(reinterpret_cast<uptr>(ptr + size),
----------------
vitalybuka wrote:
```
ALWAYS_INLINE void SetShadow(uptr ptr, uptr size, uptr class_id, u64 magic) {
u64 *shadow = reinterpret_cast<u64*>(MemToShadow(ptr));
if (ASAN_SHADOW_SCALE == 3 && class_id <= 6) {
// This code expects ASAN_SHADOW_SCALE=3.
for (uptr i = 0; i < (((uptr)1) << class_id); i++) {
shadow[i] = magic;
// Make sure this does not become memset.
SanitizerBreakOptimization(nullptr);
}
} else {
// The size class is too big, it's cheaper to poison only size bytes.
PoisonShadow(ptr, size, static_cast<u8>(magic));
}
if (magic != 0) {
PoisonShadow(ptr + size , ???, kAsanStackRightRedzoneMagic);
}
}
```
https://github.com/llvm/llvm-project/pull/133689
More information about the llvm-commits
mailing list