2019-06-18 01:45:34 +08:00
|
|
|
// REQUIRES: gwp_asan
|
|
|
|
// RUN: %clangxx_gwp_asan %s -o %t -DTEST_MALLOC
|
[GWP-ASan] Crash Handler API.
Summary:
Forewarning: This patch looks big in #LOC changed. I promise it's not that bad, it just moves a lot of content from one file to another. I've gone ahead and left inline comments on Phabricator for sections where this has happened.
This patch:
1. Introduces the crash handler API (crash_handler_api.h).
2. Moves information required for out-of-process crash handling into an AllocatorState. This is a trivially-copied POD struct that designed to be recovered from a deceased process, and used by the crash handler to create a GWP-ASan report (along with the other trivially-copied Metadata struct).
3. Implements the crash handler API using the AllocatorState and Metadata.
4. Adds tests for the crash handler.
5. Reimplements the (now optionally linked by the supporting allocator) in-process crash handler (i.e. the segv handler) using the new crash handler API.
6. Minor updates Scudo & Scudo Standalone to fix compatibility.
7. Changed capitalisation of errors (e.g. /s/Use after free/Use After Free).
Reviewers: cryptoad, eugenis, jfb
Reviewed By: eugenis
Subscribers: merge_guards_bot, pcc, jfb, dexonsmith, mgorny, cryptoad, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D73557
2020-02-06 07:39:03 +08:00
|
|
|
// RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-MALLOC
|
2019-06-18 01:45:34 +08:00
|
|
|
|
|
|
|
// Check both C++98 and C.
|
|
|
|
// RUN: %clangxx_gwp_asan -std=c++98 %s -o %t -DTEST_FREE
|
|
|
|
// RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-FREE
|
|
|
|
// RUN: cp %s %t.c && %clang_gwp_asan %t.c -o %t -DTEST_FREE
|
|
|
|
// RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-FREE
|
|
|
|
|
|
|
|
// Ensure GWP-ASan stub implementation of realloc() in Scudo works to-spec. In
|
|
|
|
// particular, the behaviour regarding realloc of size zero is interesting, as
|
|
|
|
// it's defined as free().
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
int main() {
|
|
|
|
#if defined(TEST_MALLOC)
|
|
|
|
// realloc(nullptr, size) is equivalent to malloc(size).
|
|
|
|
char *Ptr = reinterpret_cast<char *>(realloc(nullptr, 1));
|
|
|
|
*Ptr = 0;
|
|
|
|
// Trigger an INVALID_FREE to the right.
|
|
|
|
free(Ptr + 1);
|
|
|
|
|
|
|
|
// CHECK-MALLOC: GWP-ASan detected a memory error
|
[GWP-ASan] Crash Handler API.
Summary:
Forewarning: This patch looks big in #LOC changed. I promise it's not that bad, it just moves a lot of content from one file to another. I've gone ahead and left inline comments on Phabricator for sections where this has happened.
This patch:
1. Introduces the crash handler API (crash_handler_api.h).
2. Moves information required for out-of-process crash handling into an AllocatorState. This is a trivially-copied POD struct that designed to be recovered from a deceased process, and used by the crash handler to create a GWP-ASan report (along with the other trivially-copied Metadata struct).
3. Implements the crash handler API using the AllocatorState and Metadata.
4. Adds tests for the crash handler.
5. Reimplements the (now optionally linked by the supporting allocator) in-process crash handler (i.e. the segv handler) using the new crash handler API.
6. Minor updates Scudo & Scudo Standalone to fix compatibility.
7. Changed capitalisation of errors (e.g. /s/Use after free/Use After Free).
Reviewers: cryptoad, eugenis, jfb
Reviewed By: eugenis
Subscribers: merge_guards_bot, pcc, jfb, dexonsmith, mgorny, cryptoad, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D73557
2020-02-06 07:39:03 +08:00
|
|
|
// CHECK-MALLOC: Invalid (Wild) Free at 0x{{[a-f0-9]+}} (1 byte to the right
|
[GWP-ASan] Add generic unwinders and structure backtrace output.
Summary:
Adds two flavours of generic unwinder and all the supporting cruft. If the
supporting allocator is okay with bringing in sanitizer_common, they can use
the fast frame-pointer based unwinder from sanitizer_common. Otherwise, we also
provide the backtrace() libc-based unwinder as well. Of course, the allocator
can always specify its own unwinder and unwinder-symbolizer.
The slightly changed output format is exemplified in the first comment on this
patch. It now better incorporates backtrace information, and displays
allocation details on the second line.
Reviewers: eugenis, vlad.tsyrklevich
Reviewed By: eugenis, vlad.tsyrklevich
Subscribers: srhines, kubamracek, mgorny, cryptoad, #sanitizers, llvm-commits, morehouse
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D63841
llvm-svn: 364941
2019-07-03 00:04:52 +08:00
|
|
|
// CHECK-MALLOC-SAME: of a 1-byte allocation
|
2019-06-18 01:45:34 +08:00
|
|
|
#elif defined(TEST_FREE)
|
|
|
|
char *Ptr = (char *) malloc(1);
|
|
|
|
// realloc(ptr, 0) is equivalent to free(ptr) and must return nullptr. Note
|
|
|
|
// that this is only the specification in C++98 and C.
|
|
|
|
if (realloc(Ptr, 0) != NULL) {
|
|
|
|
|
|
|
|
}
|
|
|
|
// Trigger a USE_AFTER_FREE.
|
|
|
|
*Ptr = 0;
|
|
|
|
|
|
|
|
// CHECK-FREE: GWP-ASan detected a memory error
|
[GWP-ASan] Crash Handler API.
Summary:
Forewarning: This patch looks big in #LOC changed. I promise it's not that bad, it just moves a lot of content from one file to another. I've gone ahead and left inline comments on Phabricator for sections where this has happened.
This patch:
1. Introduces the crash handler API (crash_handler_api.h).
2. Moves information required for out-of-process crash handling into an AllocatorState. This is a trivially-copied POD struct that designed to be recovered from a deceased process, and used by the crash handler to create a GWP-ASan report (along with the other trivially-copied Metadata struct).
3. Implements the crash handler API using the AllocatorState and Metadata.
4. Adds tests for the crash handler.
5. Reimplements the (now optionally linked by the supporting allocator) in-process crash handler (i.e. the segv handler) using the new crash handler API.
6. Minor updates Scudo & Scudo Standalone to fix compatibility.
7. Changed capitalisation of errors (e.g. /s/Use after free/Use After Free).
Reviewers: cryptoad, eugenis, jfb
Reviewed By: eugenis
Subscribers: merge_guards_bot, pcc, jfb, dexonsmith, mgorny, cryptoad, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D73557
2020-02-06 07:39:03 +08:00
|
|
|
// CHECK-FREE: Use After Free at 0x{{[a-f0-9]+}} (0 bytes into a 1-byte
|
[GWP-ASan] Add generic unwinders and structure backtrace output.
Summary:
Adds two flavours of generic unwinder and all the supporting cruft. If the
supporting allocator is okay with bringing in sanitizer_common, they can use
the fast frame-pointer based unwinder from sanitizer_common. Otherwise, we also
provide the backtrace() libc-based unwinder as well. Of course, the allocator
can always specify its own unwinder and unwinder-symbolizer.
The slightly changed output format is exemplified in the first comment on this
patch. It now better incorporates backtrace information, and displays
allocation details on the second line.
Reviewers: eugenis, vlad.tsyrklevich
Reviewed By: eugenis, vlad.tsyrklevich
Subscribers: srhines, kubamracek, mgorny, cryptoad, #sanitizers, llvm-commits, morehouse
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D63841
llvm-svn: 364941
2019-07-03 00:04:52 +08:00
|
|
|
// CHECK-FREE-SAME: allocation
|
2019-06-18 01:45:34 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|