"heap-use-after-free" is printed for buffer overflow bugs.

ramosian-glider / sanitizers

0 stars 0 forks source link

"heap-use-after-free" is printed for buffer overflow bugs. #67

Closed ramosian-glider closed 9 years ago

ramosian-glider commented 9 years ago

Originally reported on Google Code with ID 66

In some cases asan mistakenly reports "heap-use-after-free" instead of "heap-buffer-overflow".

./bin_linux/asan_test64  --gtest_filter=*BufferOverflowAfterManeFrees --gtest_also_run_disabled_tests

==11906== ERROR: AddressSanitizer heap-use-after-free 
...

0x7fa16a0b0080 is located 0 bytes to the right of 8192-byte region [0x7fa16a0ae080,0x7fa16a0b0080)
allocated by thread T0 here:

Reported by konstantin.s.serebryany on 2012-04-19 14:53:16

ramosian-glider commented 9 years ago

This fix is simple (below), but it may have non-zero performance cost. 
Will check next week. 

===================================================================
--- asan_allocator.cc   (revision 155126)
+++ asan_allocator.cc   (working copy)
@@ -498,6 +498,7 @@

     CHECK(m->chunk_state == CHUNK_QUARANTINE);
     m->chunk_state = CHUNK_AVAILABLE;
+    PoisonShadow((uintptr_t)m, m->Size(), kAsanHeapLeftRedzoneMagic);
     CHECK(m->alloc_tid >= 0);
     CHECK(m->free_tid >= 0);

Reported by konstantin.s.serebryany on 2012-04-19 15:07:18

ramosian-glider commented 9 years ago

This change slows down the stress test by 5%:
(ASAN_OPTIONS=quarantine_size=1 ./bin_linux/asan_test64 --gtest_filter=AddressSanitizer.MallocStressTest)
This translates to a tolerable extra slowdown on usual programs. 

LLVM r155344.

Reported by konstantin.s.serebryany on 2012-04-23 10:10:40

Status changed: Fixed

ramosian-glider commented 9 years ago

Adding Project:AddressSanitizer as part of GitHub migration.

Reported by ramosian.glider on 2015-07-30 09:12:59

Labels added: ProjectAddressSanitizer