Mercurial > hg > CbC > CbC_gcc

annotate libsanitizer/asan/asan_errors.cpp @ 158:494b0b89df80 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
...
author Shinji KONO <kono@ie.u-ryukyu.ac.jp>
date Mon, 25 May 2020 18:13:55 +0900
parents 1830386684a0
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
145
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
1 //===-- asan_errors.cpp -----------------------------------------*- C++ -*-===//
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
2 //
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
4 // See https://llvm.org/LICENSE.txt for license information.
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
6 //
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
7 //===----------------------------------------------------------------------===//
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
8 //
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
9 // This file is a part of AddressSanitizer, an address sanity checker.
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
10 //
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
11 // ASan implementation for error structures.
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
12 //===----------------------------------------------------------------------===//
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
13
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
14 #include "asan_errors.h"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
15 #include "asan_descriptions.h"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
16 #include "asan_mapping.h"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
17 #include "asan_report.h"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
18 #include "asan_stack.h"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
19 #include "sanitizer_common/sanitizer_stackdepot.h"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
20
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
21 namespace __asan {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
22
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
23 static void OnStackUnwind(const SignalContext &sig,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
24 const void *callback_context,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
25 BufferedStackTrace *stack) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
26 bool fast = common_flags()->fast_unwind_on_fatal;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
27 #if SANITIZER_FREEBSD || SANITIZER_NETBSD
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
28 // On FreeBSD the slow unwinding that leverages _Unwind_Backtrace()
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
29 // yields the call stack of the signal's handler and not of the code
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
30 // that raised the signal (as it does on Linux).
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
31 fast = true;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
32 #endif
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
33 // Tests and maybe some users expect that scariness is going to be printed
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
34 // just before the stack. As only asan has scariness score we have no
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
35 // corresponding code in the sanitizer_common and we use this callback to
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
36 // print it.
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
37 static_cast<const ScarinessScoreBase *>(callback_context)->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
38 stack->Unwind(StackTrace::GetNextInstructionPc(sig.pc), sig.bp, sig.context,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
39 fast);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
40 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
41
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
42 void ErrorDeadlySignal::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
43 ReportDeadlySignal(signal, tid, &OnStackUnwind, &scariness);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
44 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
45
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
46 void ErrorDoubleFree::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
47 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
48 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
49 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
50 "ERROR: AddressSanitizer: attempting %s on %p in thread %s:\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
51 scariness.GetDescription(), addr_description.addr,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
52 AsanThreadIdAndName(tid).c_str());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
53 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
54 scariness.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
55 GET_STACK_TRACE_FATAL(second_free_stack->trace[0],
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
56 second_free_stack->top_frame_bp);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
57 stack.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
58 addr_description.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
59 ReportErrorSummary(scariness.GetDescription(), &stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
60 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
61
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
62 void ErrorNewDeleteTypeMismatch::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
63 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
64 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
65 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
66 "ERROR: AddressSanitizer: %s on %p in thread %s:\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
67 scariness.GetDescription(), addr_description.addr,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
68 AsanThreadIdAndName(tid).c_str());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
69 Printf("%s object passed to delete has wrong type:\n", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
70 if (delete_size != 0) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
71 Printf(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
72 " size of the allocated type: %zd bytes;\n"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
73 " size of the deallocated type: %zd bytes.\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
74 addr_description.chunk_access.chunk_size, delete_size);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
75 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
76 const uptr user_alignment =
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
77 addr_description.chunk_access.user_requested_alignment;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
78 if (delete_alignment != user_alignment) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
79 char user_alignment_str[32];
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
80 char delete_alignment_str[32];
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
81 internal_snprintf(user_alignment_str, sizeof(user_alignment_str),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
82 "%zd bytes", user_alignment);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
83 internal_snprintf(delete_alignment_str, sizeof(delete_alignment_str),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
84 "%zd bytes", delete_alignment);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
85 static const char *kDefaultAlignment = "default-aligned";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
86 Printf(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
87 " alignment of the allocated type: %s;\n"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
88 " alignment of the deallocated type: %s.\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
89 user_alignment > 0 ? user_alignment_str : kDefaultAlignment,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
90 delete_alignment > 0 ? delete_alignment_str : kDefaultAlignment);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
91 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
92 CHECK_GT(free_stack->size, 0);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
93 scariness.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
94 GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
95 stack.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
96 addr_description.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
97 ReportErrorSummary(scariness.GetDescription(), &stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
98 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
99 "HINT: if you don't care about these errors you may set "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
100 "ASAN_OPTIONS=new_delete_type_mismatch=0\n");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
101 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
102
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
103 void ErrorFreeNotMalloced::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
104 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
105 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
106 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
107 "ERROR: AddressSanitizer: attempting free on address "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
108 "which was not malloc()-ed: %p in thread %s\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
109 addr_description.Address(), AsanThreadIdAndName(tid).c_str());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
110 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
111 CHECK_GT(free_stack->size, 0);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
112 scariness.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
113 GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
114 stack.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
115 addr_description.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
116 ReportErrorSummary(scariness.GetDescription(), &stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
117 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
118
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
119 void ErrorAllocTypeMismatch::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
120 static const char *alloc_names[] = {"INVALID", "malloc", "operator new",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
121 "operator new []"};
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
122 static const char *dealloc_names[] = {"INVALID", "free", "operator delete",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
123 "operator delete []"};
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
124 CHECK_NE(alloc_type, dealloc_type);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
125 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
126 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
127 Report("ERROR: AddressSanitizer: %s (%s vs %s) on %p\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
128 scariness.GetDescription(), alloc_names[alloc_type],
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
129 dealloc_names[dealloc_type], addr_description.Address());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
130 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
131 CHECK_GT(dealloc_stack->size, 0);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
132 scariness.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
133 GET_STACK_TRACE_FATAL(dealloc_stack->trace[0], dealloc_stack->top_frame_bp);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
134 stack.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
135 addr_description.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
136 ReportErrorSummary(scariness.GetDescription(), &stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
137 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
138 "HINT: if you don't care about these errors you may set "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
139 "ASAN_OPTIONS=alloc_dealloc_mismatch=0\n");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
140 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
141
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
142 void ErrorMallocUsableSizeNotOwned::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
143 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
144 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
145 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
146 "ERROR: AddressSanitizer: attempting to call malloc_usable_size() for "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
147 "pointer which is not owned: %p\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
148 addr_description.Address());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
149 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
150 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
151 addr_description.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
152 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
153 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
154
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
155 void ErrorSanitizerGetAllocatedSizeNotOwned::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
156 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
157 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
158 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
159 "ERROR: AddressSanitizer: attempting to call "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
160 "__sanitizer_get_allocated_size() for pointer which is not owned: %p\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
161 addr_description.Address());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
162 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
163 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
164 addr_description.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
165 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
166 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
167
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
168 void ErrorCallocOverflow::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
169 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
170 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
171 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
172 "ERROR: AddressSanitizer: calloc parameters overflow: count * size "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
173 "(%zd * %zd) cannot be represented in type size_t (thread %s)\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
174 count, size, AsanThreadIdAndName(tid).c_str());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
175 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
176 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
177 PrintHintAllocatorCannotReturnNull();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
178 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
179 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
180
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
181 void ErrorReallocArrayOverflow::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
182 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
183 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
184 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
185 "ERROR: AddressSanitizer: reallocarray parameters overflow: count * size "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
186 "(%zd * %zd) cannot be represented in type size_t (thread %s)\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
187 count, size, AsanThreadIdAndName(tid).c_str());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
188 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
189 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
190 PrintHintAllocatorCannotReturnNull();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
191 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
192 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
193
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
194 void ErrorPvallocOverflow::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
195 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
196 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
197 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
198 "ERROR: AddressSanitizer: pvalloc parameters overflow: size 0x%zx "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
199 "rounded up to system page size 0x%zx cannot be represented in type "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
200 "size_t (thread %s)\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
201 size, GetPageSizeCached(), AsanThreadIdAndName(tid).c_str());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
202 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
203 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
204 PrintHintAllocatorCannotReturnNull();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
205 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
206 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
207
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
208 void ErrorInvalidAllocationAlignment::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
209 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
210 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
211 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
212 "ERROR: AddressSanitizer: invalid allocation alignment: %zd, "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
213 "alignment must be a power of two (thread %s)\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
214 alignment, AsanThreadIdAndName(tid).c_str());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
215 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
216 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
217 PrintHintAllocatorCannotReturnNull();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
218 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
219 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
220
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
221 void ErrorInvalidAlignedAllocAlignment::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
222 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
223 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
224 #if SANITIZER_POSIX
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
225 Report("ERROR: AddressSanitizer: invalid alignment requested in "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
226 "aligned_alloc: %zd, alignment must be a power of two and the "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
227 "requested size 0x%zx must be a multiple of alignment "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
228 "(thread %s)\n", alignment, size, AsanThreadIdAndName(tid).c_str());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
229 #else
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
230 Report("ERROR: AddressSanitizer: invalid alignment requested in "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
231 "aligned_alloc: %zd, the requested size 0x%zx must be a multiple of "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
232 "alignment (thread %s)\n", alignment, size,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
233 AsanThreadIdAndName(tid).c_str());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
234 #endif
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
235 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
236 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
237 PrintHintAllocatorCannotReturnNull();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
238 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
239 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
240
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
241 void ErrorInvalidPosixMemalignAlignment::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
242 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
243 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
244 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
245 "ERROR: AddressSanitizer: invalid alignment requested in posix_memalign: "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
246 "%zd, alignment must be a power of two and a multiple of sizeof(void*) "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
247 "== %zd (thread %s)\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
248 alignment, sizeof(void *), AsanThreadIdAndName(tid).c_str());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
249 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
250 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
251 PrintHintAllocatorCannotReturnNull();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
252 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
253 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
254
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
255 void ErrorAllocationSizeTooBig::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
256 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
257 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
258 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
259 "ERROR: AddressSanitizer: requested allocation size 0x%zx (0x%zx after "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
260 "adjustments for alignment, red zones etc.) exceeds maximum supported "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
261 "size of 0x%zx (thread %s)\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
262 user_size, total_size, max_size, AsanThreadIdAndName(tid).c_str());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
263 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
264 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
265 PrintHintAllocatorCannotReturnNull();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
266 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
267 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
268
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
269 void ErrorRssLimitExceeded::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
270 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
271 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
272 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
273 "ERROR: AddressSanitizer: specified RSS limit exceeded, currently set to "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
274 "soft_rss_limit_mb=%zd\n", common_flags()->soft_rss_limit_mb);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
275 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
276 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
277 PrintHintAllocatorCannotReturnNull();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
278 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
279 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
280
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
281 void ErrorOutOfMemory::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
282 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
283 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
284 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
285 "ERROR: AddressSanitizer: allocator is out of memory trying to allocate "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
286 "0x%zx bytes\n", requested_size);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
287 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
288 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
289 PrintHintAllocatorCannotReturnNull();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
290 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
291 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
292
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
293 void ErrorStringFunctionMemoryRangesOverlap::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
294 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
295 char bug_type[100];
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
296 internal_snprintf(bug_type, sizeof(bug_type), "%s-param-overlap", function);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
297 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
298 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
299 "ERROR: AddressSanitizer: %s: memory ranges [%p,%p) and [%p, %p) "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
300 "overlap\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
301 bug_type, addr1_description.Address(),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
302 addr1_description.Address() + length1, addr2_description.Address(),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
303 addr2_description.Address() + length2);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
304 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
305 scariness.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
306 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
307 addr1_description.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
308 addr2_description.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
309 ReportErrorSummary(bug_type, stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
310 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
311
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
312 void ErrorStringFunctionSizeOverflow::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
313 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
314 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
315 Report("ERROR: AddressSanitizer: %s: (size=%zd)\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
316 scariness.GetDescription(), size);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
317 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
318 scariness.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
319 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
320 addr_description.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
321 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
322 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
323
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
324 void ErrorBadParamsToAnnotateContiguousContainer::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
325 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
326 "ERROR: AddressSanitizer: bad parameters to "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
327 "__sanitizer_annotate_contiguous_container:\n"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
328 " beg : %p\n"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
329 " end : %p\n"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
330 " old_mid : %p\n"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
331 " new_mid : %p\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
332 beg, end, old_mid, new_mid);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
333 uptr granularity = SHADOW_GRANULARITY;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
334 if (!IsAligned(beg, granularity))
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
335 Report("ERROR: beg is not aligned by %d\n", granularity);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
336 stack->Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
337 ReportErrorSummary(scariness.GetDescription(), stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
338 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
339
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
340 void ErrorODRViolation::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
341 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
342 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
343 Report("ERROR: AddressSanitizer: %s (%p):\n", scariness.GetDescription(),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
344 global1.beg);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
345 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
346 InternalScopedString g1_loc(256), g2_loc(256);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
347 PrintGlobalLocation(&g1_loc, global1);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
348 PrintGlobalLocation(&g2_loc, global2);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
349 Printf(" [1] size=%zd '%s' %s\n", global1.size,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
350 MaybeDemangleGlobalName(global1.name), g1_loc.data());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
351 Printf(" [2] size=%zd '%s' %s\n", global2.size,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
352 MaybeDemangleGlobalName(global2.name), g2_loc.data());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
353 if (stack_id1 && stack_id2) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
354 Printf("These globals were registered at these points:\n");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
355 Printf(" [1]:\n");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
356 StackDepotGet(stack_id1).Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
357 Printf(" [2]:\n");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
358 StackDepotGet(stack_id2).Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
359 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
360 Report(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
361 "HINT: if you don't care about these errors you may set "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
362 "ASAN_OPTIONS=detect_odr_violation=0\n");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
363 InternalScopedString error_msg(256);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
364 error_msg.append("%s: global '%s' at %s", scariness.GetDescription(),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
365 MaybeDemangleGlobalName(global1.name), g1_loc.data());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
366 ReportErrorSummary(error_msg.data());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
367 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
368
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
369 void ErrorInvalidPointerPair::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
370 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
371 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
372 Report("ERROR: AddressSanitizer: %s: %p %p\n", scariness.GetDescription(),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
373 addr1_description.Address(), addr2_description.Address());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
374 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
375 GET_STACK_TRACE_FATAL(pc, bp);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
376 stack.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
377 addr1_description.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
378 addr2_description.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
379 ReportErrorSummary(scariness.GetDescription(), &stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
380 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
381
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
382 static bool AdjacentShadowValuesAreFullyPoisoned(u8 *s) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
383 return s[-1] > 127 && s[1] > 127;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
384 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
385
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
386 ErrorGeneric::ErrorGeneric(u32 tid, uptr pc_, uptr bp_, uptr sp_, uptr addr,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
387 bool is_write_, uptr access_size_)
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
388 : ErrorBase(tid),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
389 addr_description(addr, access_size_, /*shouldLockThreadRegistry=*/false),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
390 pc(pc_),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
391 bp(bp_),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
392 sp(sp_),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
393 access_size(access_size_),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
394 is_write(is_write_),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
395 shadow_val(0) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
396 scariness.Clear();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
397 if (access_size) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
398 if (access_size <= 9) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
399 char desr[] = "?-byte";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
400 desr[0] = '0' + access_size;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
401 scariness.Scare(access_size + access_size / 2, desr);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
402 } else if (access_size >= 10) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
403 scariness.Scare(15, "multi-byte");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
404 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
405 is_write ? scariness.Scare(20, "write") : scariness.Scare(1, "read");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
406
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
407 // Determine the error type.
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
408 bug_descr = "unknown-crash";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
409 if (AddrIsInMem(addr)) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
410 u8 *shadow_addr = (u8 *)MemToShadow(addr);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
411 // If we are accessing 16 bytes, look at the second shadow byte.
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
412 if (*shadow_addr == 0 && access_size > SHADOW_GRANULARITY) shadow_addr++;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
413 // If we are in the partial right redzone, look at the next shadow byte.
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
414 if (*shadow_addr > 0 && *shadow_addr < 128) shadow_addr++;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
415 bool far_from_bounds = false;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
416 shadow_val = *shadow_addr;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
417 int bug_type_score = 0;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
418 // For use-after-frees reads are almost as bad as writes.
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
419 int read_after_free_bonus = 0;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
420 switch (shadow_val) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
421 case kAsanHeapLeftRedzoneMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
422 case kAsanArrayCookieMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
423 bug_descr = "heap-buffer-overflow";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
424 bug_type_score = 10;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
425 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
426 break;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
427 case kAsanHeapFreeMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
428 bug_descr = "heap-use-after-free";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
429 bug_type_score = 20;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
430 if (!is_write) read_after_free_bonus = 18;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
431 break;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
432 case kAsanStackLeftRedzoneMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
433 bug_descr = "stack-buffer-underflow";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
434 bug_type_score = 25;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
435 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
436 break;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
437 case kAsanInitializationOrderMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
438 bug_descr = "initialization-order-fiasco";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
439 bug_type_score = 1;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
440 break;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
441 case kAsanStackMidRedzoneMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
442 case kAsanStackRightRedzoneMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
443 bug_descr = "stack-buffer-overflow";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
444 bug_type_score = 25;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
445 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
446 break;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
447 case kAsanStackAfterReturnMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
448 bug_descr = "stack-use-after-return";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
449 bug_type_score = 30;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
450 if (!is_write) read_after_free_bonus = 18;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
451 break;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
452 case kAsanUserPoisonedMemoryMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
453 bug_descr = "use-after-poison";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
454 bug_type_score = 20;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
455 break;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
456 case kAsanContiguousContainerOOBMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
457 bug_descr = "container-overflow";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
458 bug_type_score = 10;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
459 break;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
460 case kAsanStackUseAfterScopeMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
461 bug_descr = "stack-use-after-scope";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
462 bug_type_score = 10;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
463 break;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
464 case kAsanGlobalRedzoneMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
465 bug_descr = "global-buffer-overflow";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
466 bug_type_score = 10;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
467 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
468 break;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
469 case kAsanIntraObjectRedzone:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
470 bug_descr = "intra-object-overflow";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
471 bug_type_score = 10;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
472 break;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
473 case kAsanAllocaLeftMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
474 case kAsanAllocaRightMagic:
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
475 bug_descr = "dynamic-stack-buffer-overflow";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
476 bug_type_score = 25;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
477 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
478 break;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
479 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
480 scariness.Scare(bug_type_score + read_after_free_bonus, bug_descr);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
481 if (far_from_bounds) scariness.Scare(10, "far-from-bounds");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
482 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
483 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
484 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
485
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
486 static void PrintContainerOverflowHint() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
487 Printf("HINT: if you don't care about these errors you may set "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
488 "ASAN_OPTIONS=detect_container_overflow=0.\n"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
489 "If you suspect a false positive see also: "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
490 "https://github.com/google/sanitizers/wiki/"
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
491 "AddressSanitizerContainerOverflow.\n");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
492 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
493
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
494 static void PrintShadowByte(InternalScopedString *str, const char *before,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
495 u8 byte, const char *after = "\n") {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
496 PrintMemoryByte(str, before, byte, /*in_shadow*/true, after);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
497 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
498
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
499 static void PrintLegend(InternalScopedString *str) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
500 str->append(
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
501 "Shadow byte legend (one shadow byte represents %d "
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
502 "application bytes):\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
503 (int)SHADOW_GRANULARITY);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
504 PrintShadowByte(str, " Addressable: ", 0);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
505 str->append(" Partially addressable: ");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
506 for (u8 i = 1; i < SHADOW_GRANULARITY; i++) PrintShadowByte(str, "", i, " ");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
507 str->append("\n");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
508 PrintShadowByte(str, " Heap left redzone: ",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
509 kAsanHeapLeftRedzoneMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
510 PrintShadowByte(str, " Freed heap region: ", kAsanHeapFreeMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
511 PrintShadowByte(str, " Stack left redzone: ",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
512 kAsanStackLeftRedzoneMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
513 PrintShadowByte(str, " Stack mid redzone: ",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
514 kAsanStackMidRedzoneMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
515 PrintShadowByte(str, " Stack right redzone: ",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
516 kAsanStackRightRedzoneMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
517 PrintShadowByte(str, " Stack after return: ",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
518 kAsanStackAfterReturnMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
519 PrintShadowByte(str, " Stack use after scope: ",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
520 kAsanStackUseAfterScopeMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
521 PrintShadowByte(str, " Global redzone: ", kAsanGlobalRedzoneMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
522 PrintShadowByte(str, " Global init order: ",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
523 kAsanInitializationOrderMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
524 PrintShadowByte(str, " Poisoned by user: ",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
525 kAsanUserPoisonedMemoryMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
526 PrintShadowByte(str, " Container overflow: ",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
527 kAsanContiguousContainerOOBMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
528 PrintShadowByte(str, " Array cookie: ",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
529 kAsanArrayCookieMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
530 PrintShadowByte(str, " Intra object redzone: ",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
531 kAsanIntraObjectRedzone);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
532 PrintShadowByte(str, " ASan internal: ", kAsanInternalHeapMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
533 PrintShadowByte(str, " Left alloca redzone: ", kAsanAllocaLeftMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
534 PrintShadowByte(str, " Right alloca redzone: ", kAsanAllocaRightMagic);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
535 PrintShadowByte(str, " Shadow gap: ", kAsanShadowGap);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
536 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
537
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
538 static void PrintShadowBytes(InternalScopedString *str, const char *before,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
539 u8 *bytes, u8 *guilty, uptr n) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
540 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
541 if (before) str->append("%s%p:", before, bytes);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
542 for (uptr i = 0; i < n; i++) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
543 u8 *p = bytes + i;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
544 const char *before =
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
545 p == guilty ? "[" : (p - 1 == guilty && i != 0) ? "" : " ";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
546 const char *after = p == guilty ? "]" : "";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
547 PrintShadowByte(str, before, *p, after);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
548 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
549 str->append("\n");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
550 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
551
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
552 static void PrintShadowMemoryForAddress(uptr addr) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
553 if (!AddrIsInMem(addr)) return;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
554 uptr shadow_addr = MemToShadow(addr);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
555 const uptr n_bytes_per_row = 16;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
556 uptr aligned_shadow = shadow_addr & ~(n_bytes_per_row - 1);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
557 InternalScopedString str(4096 * 8);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
558 str.append("Shadow bytes around the buggy address:\n");
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
559 for (int i = -5; i <= 5; i++) {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
560 uptr row_shadow_addr = aligned_shadow + i * n_bytes_per_row;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
561 // Skip rows that would be outside the shadow range. This can happen when
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
562 // the user address is near the bottom, top, or shadow gap of the address
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
563 // space.
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
564 if (!AddrIsInShadow(row_shadow_addr)) continue;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
565 const char *prefix = (i == 0) ? "=>" : " ";
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
566 PrintShadowBytes(&str, prefix, (u8 *)row_shadow_addr, (u8 *)shadow_addr,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
567 n_bytes_per_row);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
568 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
569 if (flags()->print_legend) PrintLegend(&str);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
570 Printf("%s", str.data());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
571 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
572
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
573 void ErrorGeneric::Print() {
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
574 Decorator d;
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
575 Printf("%s", d.Error());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
576 uptr addr = addr_description.Address();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
577 Report("ERROR: AddressSanitizer: %s on address %p at pc %p bp %p sp %p\n",
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
578 bug_descr, (void *)addr, pc, bp, sp);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
579 Printf("%s", d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
580
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
581 Printf("%s%s of size %zu at %p thread %s%s\n", d.Access(),
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
582 access_size ? (is_write ? "WRITE" : "READ") : "ACCESS", access_size,
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
583 (void *)addr, AsanThreadIdAndName(tid).c_str(), d.Default());
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
584
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
585 scariness.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
586 GET_STACK_TRACE_FATAL(pc, bp);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
587 stack.Print();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
588
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
589 // Pass bug_descr because we have a special case for
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
590 // initialization-order-fiasco
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
591 addr_description.Print(bug_descr);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
592 if (shadow_val == kAsanContiguousContainerOOBMagic)
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
593 PrintContainerOverflowHint();
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
594 ReportErrorSummary(bug_descr, &stack);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
595 PrintShadowMemoryForAddress(addr);
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
596 }
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
597
1830386684a0 gcc-9.2.0
anatofuz
parents:
diff changeset
598 } // namespace __asan