forked from OSchip/llvm-project
[hwasan] print exact mismatch offset for short granules.
Reviewed By: eugenis Differential Revision: https://reviews.llvm.org/D104463
This commit is contained in:
parent
6ea2431d3f
commit
dd943ebc6d
|
@ -705,9 +705,24 @@ void ReportTagMismatch(StackTrace *stack, uptr tagged_addr, uptr access_size,
|
|||
Printf("%s of size %zu at %p tags: %02x/%02x (ptr/mem) in thread T%zd\n",
|
||||
is_store ? "WRITE" : "READ", access_size, untagged_addr, ptr_tag,
|
||||
mem_tag, t->unique_id());
|
||||
if (mem_tag && mem_tag < kShadowAlignment) {
|
||||
tag_t *granule_ptr = reinterpret_cast<tag_t *>((untagged_addr + offset) &
|
||||
~(kShadowAlignment - 1));
|
||||
// If offset is 0, (untagged_addr + offset) is not aligned to granules.
|
||||
// This is the offset of the leftmost accessed byte within the bad granule.
|
||||
u8 in_granule_offset = (untagged_addr + offset) & (kShadowAlignment - 1);
|
||||
// The first mismatch was a short granule that matched the ptr_tag.
|
||||
if (granule_ptr[kShadowAlignment - 1] == ptr_tag) {
|
||||
// If the access starts after the end of the short granule, then the first
|
||||
// bad byte is the first byte of the access; otherwise it is the first
|
||||
// byte past the end of the short granule
|
||||
if (mem_tag > in_granule_offset) {
|
||||
offset += mem_tag - in_granule_offset;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (offset != 0)
|
||||
Printf("Invalid access starting at offset [%zu, %zu)\n", offset,
|
||||
Min(access_size, static_cast<uptr>(offset) + (1 << kShadowScale)));
|
||||
Printf("Invalid access starting at offset %zu\n", offset);
|
||||
Printf("%s", d.Default());
|
||||
|
||||
stack->Print();
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
// RUN: %clang_hwasan %s -o %t
|
||||
// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK
|
||||
// RUN: not %run %t 5 10 2>&1 | FileCheck %s --check-prefix=CHECK5
|
||||
// RUN: not %run %t 7 10 2>&1 | FileCheck %s --check-prefix=CHECK7
|
||||
// RUN: not %run %t 8 20 2>&1 | FileCheck %s --check-prefix=CHECK8
|
||||
// RUN: not %run %t 32 20 2>&1 | FileCheck %s --check-prefix=CHECK32
|
||||
|
||||
// REQUIRES: stable-runtime
|
||||
|
||||
|
@ -10,8 +13,20 @@
|
|||
|
||||
int main(int argc, char **argv) {
|
||||
__hwasan_enable_allocator_tagging();
|
||||
char *volatile x = (char *)malloc(10);
|
||||
memset(x + 5, 0, 26);
|
||||
// CHECK: is located 5 bytes inside 10-byte region
|
||||
if (argc < 2) {
|
||||
fprintf(stderr, "Invalid number of arguments.");
|
||||
abort();
|
||||
}
|
||||
int read_offset = argc < 2 ? 5 : atoi(argv[1]);
|
||||
int size = argc < 3 ? 10 : atoi(argv[2]);
|
||||
char *volatile x = (char *)malloc(size);
|
||||
memset(x + read_offset, 0, 26);
|
||||
// CHECK5: Invalid access starting at offset 5
|
||||
// CHECK5: is located 5 bytes inside 10-byte region
|
||||
// CHECK7: Invalid access starting at offset 3
|
||||
// CHECK7: is located 7 bytes inside 10-byte region
|
||||
// CHECK8: Invalid access starting at offset 12
|
||||
// CHECK8: is located 8 bytes inside 20-byte region
|
||||
// CHECK32: is located 12 bytes to the right of 20-byte region
|
||||
free(x);
|
||||
}
|
||||
|
|
|
@ -58,6 +58,7 @@ int main(int argc, char **argv) {
|
|||
// CHECKM: is located 0 bytes to the right of 1000000-byte region
|
||||
//
|
||||
// CHECK31: tags: [[TAG:..]]/0e (ptr/mem)
|
||||
// CHECK31-NOT: Invalid access starting at offset
|
||||
// CHECK31: Cause: heap-buffer-overflow
|
||||
// CHECK31: is located 1 bytes to the right of 30-byte region
|
||||
// CHECK31: Memory tags around the buggy address
|
||||
|
@ -65,6 +66,7 @@ int main(int argc, char **argv) {
|
|||
// CHECK31: Tags for short granules around the buggy address
|
||||
// CHECK31: {{\[}}[[TAG]]]
|
||||
//
|
||||
// CHECK20-NOT: Invalid access starting at offset
|
||||
// CHECK20: Cause: heap-buffer-overflow
|
||||
// CHECK20: is located 10 bytes to the right of 20-byte region [0x{{.*}}0,0x{{.*}}4)
|
||||
free(x);
|
||||
|
|
|
@ -23,7 +23,7 @@ int main() {
|
|||
write(STDOUT_FILENO, "recovered\n", 10);
|
||||
// WRITE: ERROR: HWAddressSanitizer: tag-mismatch on address
|
||||
// WRITE: WRITE of size 32 at {{.*}} tags: [[PTR_TAG:..]]/[[MEM_TAG:..]] (ptr/mem)
|
||||
// WRITE: Invalid access starting at offset [16, 32)
|
||||
// WRITE: Invalid access starting at offset 16
|
||||
// WRITE: Memory tags around the buggy address (one tag corresponds to 16 bytes):
|
||||
// WRITE: =>{{.*}}[[PTR_TAG]]{{[[:space:]]\[}}[[MEM_TAG]]
|
||||
// WRITE-NOT: recovered
|
||||
|
|
Loading…
Reference in New Issue