gopalshankar / address-sanitizer

Automatically exported from code.google.com/p/address-sanitizer
0 stars 0 forks source link

false negatives with throw/longjmp #258

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
currently, when throw or longjmp happens, we un-poison the entire thread's
stack to avoid false positives. As the result we may get false negatives
of this kind:
void foo() {
 int stack[20];
 ThrowAndCatch();  // un-poisons the entire stack
 ... stack[21] ... // Not detected
}

We should un-poison only the section of the stack between throw and catch.
(same for lonjmp/setjmp)

Original issue reported on code.google.com by konstant...@gmail.com on 21 Jan 2014 at 9:49

GoogleCodeExporter commented 9 years ago
added unittests: 
http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/lit_tests/TestCas
es/throw_catch.cc?revision=199723&view=markup&pathrev=199723

Original comment by konstant...@gmail.com on 23 Jan 2014 at 12:41

GoogleCodeExporter commented 9 years ago
A very similar situation happens with container-overflow annotations
http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20140512/105332.html

Original comment by konstant...@gmail.com on 13 May 2014 at 12:41