forked from OSchip/llvm-project
781ef03e10
Summary: Fixes Bug 32434 See https://bugs.llvm.org/show_bug.cgi?id=32434 Short summary: std::rethrow_exception does not use __cxa_throw to rethrow the exception, so if it is called from uninstrumented code, it will leave the stack poisoned. This can lead to false positives. Long description: For functions which don't return normally (e.g. via exceptions), asan needs to unpoison the entire stack. It is not known before a call to such a function where execution will continue, some function which don't contain cleanup code like destructors might be skipped. After stack unwinding, execution might continue in uninstrumented code. If the stack has been poisoned before such a function is called, but the stack is unwound during the unconventional return, then zombie redzones (entries) for no longer existing stack variables can remain in the shadow memory. Normally, this is avoided by asan generating a call to asan_handle_no_return before all functions marked as [[noreturn]]. This asan_handle_no_return unpoisons the entire stack. Since these [[noreturn]] functions can be called from uninstrumented code, asan also introduces interceptor functions which call asan_handle_no_return before running the original [[noreturn]] function; for example, cxa_throw is intercepted. If a [[noreturn]] function is called from uninstrumented code (so the stack is left poisoned) and additionally, execution continues in uninstrumented code, new stack variables might be introduced and overlap with the stack variables which have been removed during stack unwinding. Since the redzones are not cleared nor overwritten by uninstrumented code, they remain but now contain invalid data. Now, if the redzones are checked against the new stack variables, false positive reports can occur. This can happen for example by the uninstrumented code calling an intercepted function such as memcpy, or an instrumented function. Intercepting std::rethrow_exception directly is not easily possible since it depends on the C++ standard library implementation (e.g. libcxx vs libstdc++) and the mangled name it produces for this function. As a rather simple workaround, we're intercepting _Unwind_RaiseException for libstdc++. For libcxxabi, we can intercept the ABI function __cxa_rethrow_primary_exception. Patch by Robert Schneider. Reviewers: kcc, eugenis, alekseyshl, vitalybuka Reviewed By: vitalybuka Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D42644 llvm-svn: 326132 |
||
---|---|---|
clang | ||
clang-tools-extra | ||
compiler-rt | ||
debuginfo-tests | ||
libclc | ||
libcxx | ||
libcxxabi | ||
libunwind | ||
lld | ||
lldb | ||
llgo | ||
llvm | ||
openmp | ||
parallel-libs | ||
polly | ||
README.md |
README.md
Low Level Virtual Machine (LLVM)
This directory and its subdirectories contain source code for LLVM, a toolkit for the construction of highly optimized compilers, optimizers, and runtime environments.