forked from OSchip/llvm-project
788764ca12
Summary: Retagging allocas before returning from the function might help detecting use after return bugs, but it does not work at all in real life, when instrumented and non-instrumented code is intermixed. Consider the following code: F_non_instrumented() { T x; F1_instrumented(&x); ... } { F_instrumented(); F_non_instrumented(); } - F_instrumented call leaves the stack below the current sp tagged randomly for UAR detection - F_non_instrumented allocates its own vars on that tagged stack, not generating any tags, that is the address of x has tag 0, but the shadow memory still contains tags left behind by F_instrumented on the previous step - F1_instrumented verifies &x before using it and traps on tag mismatch, 0 vs whatever tag was set by F_instrumented Reviewers: eugenis Subscribers: srhines, llvm-commits Differential Revision: https://reviews.llvm.org/D48664 llvm-svn: 336011 |
||
---|---|---|
.. | ||
AddressSanitizer | ||
BoundsChecking | ||
DataFlowSanitizer | ||
EfficiencySanitizer | ||
HWAddressSanitizer | ||
InstrProfiling | ||
MemorySanitizer | ||
SanitizerCoverage | ||
ThreadSanitizer |