find unaligned partially OOB accesses

ramosian-glider commented 9 years ago

Originally reported on Google Code with ID 101

Currently, asan does not detect unaligned partially OOB accesses:
int *x = new int[2]; // 8 bytes: [0,7].
int *u = (int*)((char*)x + 6);
*u = 1;  // Access to range [6-9]

rnk's idea: mark the last 8 bytes with the shadow value '8' instead of '0'. 

This will have two performance problems: 
 (minor) slow path will be taken more frequently for 1-, 2-, and 4-byte accesses
 (major) 8-byte accesses will need slow path too (same for 16- and 32-byte accesses)

If we use larger shadow granularity (16:1 or 32:1 shadow) this will be less of a problem.

Anyway, this is something to try and evaluate.

Reported by konstantin.s.serebryany on 2012-08-13 17:52:39

ramosian-glider commented 9 years ago

Reported by konstantin.s.serebryany on 2012-08-13 17:54:53

Status changed: Duplicate
Merged into: #100

ramosian-glider commented 9 years ago

Adding Project:AddressSanitizer as part of GitHub migration.

Reported by ramosian.glider on 2015-07-30 09:12:59

Labels added: ProjectAddressSanitizer

ramosian-glider / sanitizer-issues

find unaligned partially OOB accesses #101