[llvm-dev] What the current state of Asan/Container Overflow detection?

Kostya Serebryany via llvm-dev llvm-dev at lists.llvm.org
Wed Sep 6 13:25:44 PDT 2017


+Marshall

Hi Dennis,

With libc++ the annotations in the std::vector work for me:

# test file from https://github.com/google/sani
tizers/wiki/AddressSanitizerContainerOverflow
clang++ -fsanitize=address co.cc -stdlib=libc++  && ./a.out
=================================================================
==11644==ERROR: AddressSanitizer: container-overflow

This is not the most frequent kind of bug, but we catch it reliably.
E.g. these are trophies at oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=status%3AFixed%2CVerified+Type%3ABug%2CBug-Security+-component%3AInfra++container-overflow+&colspec=ID+Type+Component+Status+Proj+Reported+Owner+Summary&cells=ids

In the fresh libstdc++ the annotations also seem to be present, but I did
not verify that they work.

We did not annotate any other STL container in libc++ nor in libstdc++.
Our work on annotating std::string in STL got stuck in review for several
months, then we stopped pushing.
Marshall, do you think we should try again?

--kcc



On Wed, Sep 6, 2017 at 5:06 AM, Dennis Luehring via llvm-dev <
llvm-dev at lists.llvm.org> wrote:

> https://llvm.org/devmtg/2014-04/PDFs/LightningTalks/EuroLLVM
> %202014%20--%20container%20overflow.pdf
>
> https://github.com/google/sanitizers/wiki/AddressSanitizerCo
> ntainerOverflow
>
> and followed some discussion from ~2014
>
> are libc++ and stdlibc++ now fully annotated?
>
> my tests with clang 5.x/gcc 7.x does not report any error on container
> missuse
>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20170906/37cfd106/attachment.html>


More information about the llvm-dev mailing list