search

ramosian-glider / memory-sanitizer

Automatically exported from code.google.com/p/memory-sanitizer
0 stars 0 forks source link

__msan_copy_origin may destroy valid origin info #34

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
#include <string.h>

int main() {
  const char *s = "ab";
  char buf[4];
  strcpy(buf, s);
  return buf[3];
}

WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7f5063578e3f in main /code/llvm/1.cc:7
    #1 0x7f506212376c in __libc_start_main /build/buildd/eglibc-2.15/csu/libc-start.c:226
    #2 0x7f5063578bc0 in _start (/code/llvm/1+0x56bc0)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /code/llvm/1.cc:7 main
  ORIGIN: invalid (0). Might be a bug in MemorySanitizer, please report to MemorySanitizer developers.

This is caused by __msan_copy_origin widening the address range to the nearest 
4-byte aligned addresses both on the left and on the right. If the target 
buffer is uninitialized and the source is fully initialized, this will result 
in overriding valid origin of target buffer with stale (possibly 0) origin of 
the source buffer.

Sounds like we need to do the widening only if the corresponding shadow value 
is not 0.

Original issue reported on code.google.com by euge...@google.com on 24 Oct 2013 at 10:05

GoogleCodeExporter commented 9 years ago 
fixed in r193338

Original comment by euge...@google.com on 24 Oct 2013 at 12:14

GoogleCodeExporter commented 9 years ago 
Adding Project:MemorySanitizer as part of GitHub migration.

Original comment by gli...@google.com on 30 Jul 2015 at 9:22