17354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov//===-- asan_report.cc ----------------------------------------------------===// 27354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov// 37354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov// The LLVM Compiler Infrastructure 47354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov// 57354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov// This file is distributed under the University of Illinois Open Source 67354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov// License. See LICENSE.TXT for details. 77354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov// 87354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov//===----------------------------------------------------------------------===// 97354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov// 107354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov// This file is a part of AddressSanitizer, an address sanity checker. 117354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov// 127354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov// This file contains error reporting code. 137354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov//===----------------------------------------------------------------------===// 14799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 159873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov#include "asan_flags.h" 167354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov#include "asan_internal.h" 17e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov#include "asan_mapping.h" 187354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov#include "asan_report.h" 19c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar#include "asan_scariness_score.h" 207354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov#include "asan_stack.h" 21e4bfca2b154a6ab4eda921aff454035f33f3551aAlexey Samsonov#include "asan_thread.h" 2258f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany#include "sanitizer_common/sanitizer_common.h" 23ed20ebe35c64b8c7043447f6a48b0e5adc89adedSergey Matveev#include "sanitizer_common/sanitizer_flags.h" 2458f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany#include "sanitizer_common/sanitizer_report_decorator.h" 256d95869fa900da9ddd68e15e2aa065854cfa176bKostya Serebryany#include "sanitizer_common/sanitizer_stackdepot.h" 269c92748b8fa3b833924138a6ae1e653972c9de3bAlexey Samsonov#include "sanitizer_common/sanitizer_symbolizer.h" 277354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov 287354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonovnamespace __asan { 297354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov 30f657a1977b6053c76ca8393f574da7593ea3ea12Alexey Samsonov// -------------------- User-specified callbacks ----------------- {{{1 31c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonovstatic void (*error_report_callback)(const char*); 32799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainarstatic char *error_message_buffer = nullptr; 33c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonovstatic uptr error_message_buffer_pos = 0; 34799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainarstatic BlockingMutex error_message_buf_mutex(LINKER_INITIALIZED); 35799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainarstatic const unsigned kAsanBuggyPcPoolSize = 25; 36799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainarstatic __sanitizer::atomic_uintptr_t AsanBuggyPcPool[kAsanBuggyPcPoolSize]; 37c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov 386d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesstruct ReportData { 396d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr pc; 406d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr sp; 416d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr bp; 426d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr addr; 436d1862363c88c183b0ed7740fca876342cf0474bStephen Hines bool is_write; 446d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr access_size; 456d1862363c88c183b0ed7740fca876342cf0474bStephen Hines const char *description; 466d1862363c88c183b0ed7740fca876342cf0474bStephen Hines}; 476d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 486d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesstatic bool report_happened = false; 496d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesstatic ReportData report_data = {}; 506d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 51c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonovvoid AppendToErrorMessageBuffer(const char *buffer) { 52799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar BlockingMutexLock l(&error_message_buf_mutex); 53799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar if (!error_message_buffer) { 54799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar error_message_buffer = 55799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar (char*)MmapOrDieQuietly(kErrorMessageBufferSize, __func__); 56799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar error_message_buffer_pos = 0; 57c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov } 58799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar uptr length = internal_strlen(buffer); 59799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar RAW_CHECK(kErrorMessageBufferSize >= error_message_buffer_pos); 60799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar uptr remaining = kErrorMessageBufferSize - error_message_buffer_pos; 61799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar internal_strncpy(error_message_buffer + error_message_buffer_pos, 62799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar buffer, remaining); 63799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar error_message_buffer[kErrorMessageBufferSize - 1] = '\0'; 64799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // FIXME: reallocate the buffer instead of truncating the message. 65799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar error_message_buffer_pos += Min(remaining, length); 66c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov} 67c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov 6858f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany// ---------------------- Decorator ------------------------------ {{{1 692d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesclass Decorator: public __sanitizer::SanitizerCommonDecorator { 7058f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany public: 712d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Decorator() : SanitizerCommonDecorator() { } 7258f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany const char *Access() { return Blue(); } 7358f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany const char *EndAccess() { return Default(); } 7458f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany const char *Location() { return Green(); } 7558f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany const char *EndLocation() { return Default(); } 7658f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany const char *Allocation() { return Magenta(); } 7758f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany const char *EndAllocation() { return Default(); } 789514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany 799514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany const char *ShadowByte(u8 byte) { 809514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany switch (byte) { 819514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanHeapLeftRedzoneMagic: 829514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanHeapRightRedzoneMagic: 836d1862363c88c183b0ed7740fca876342cf0474bStephen Hines case kAsanArrayCookieMagic: 849514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany return Red(); 859514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanHeapFreeMagic: 869514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany return Magenta(); 879514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanStackLeftRedzoneMagic: 889514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanStackMidRedzoneMagic: 899514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanStackRightRedzoneMagic: 909514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanStackPartialRedzoneMagic: 919514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany return Red(); 929514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanStackAfterReturnMagic: 939514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany return Magenta(); 949514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanInitializationOrderMagic: 959514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany return Cyan(); 969514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanUserPoisonedMemoryMagic: 972d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines case kAsanContiguousContainerOOBMagic: 9886277eb844c4983c81de62d7c050e92fe7155788Stephen Hines case kAsanAllocaLeftMagic: 9986277eb844c4983c81de62d7c050e92fe7155788Stephen Hines case kAsanAllocaRightMagic: 1009514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany return Blue(); 1019514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanStackUseAfterScopeMagic: 1029514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany return Magenta(); 1039514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanGlobalRedzoneMagic: 1049514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany return Red(); 1059514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany case kAsanInternalHeapMagic: 1069514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany return Yellow(); 1076d1862363c88c183b0ed7740fca876342cf0474bStephen Hines case kAsanIntraObjectRedzone: 1086d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return Yellow(); 1099514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany default: 1109514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany return Default(); 1119514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany } 1129514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany } 1139514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany const char *EndShadowByte() { return Default(); } 1146d1862363c88c183b0ed7740fca876342cf0474bStephen Hines const char *MemoryByte() { return Magenta(); } 1156d1862363c88c183b0ed7740fca876342cf0474bStephen Hines const char *EndMemoryByte() { return Default(); } 11658f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany}; 11758f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany 1189873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov// ---------------------- Helper functions ----------------------- {{{1 1199873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov 1206d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesstatic void PrintMemoryByte(InternalScopedString *str, const char *before, 1216d1862363c88c183b0ed7740fca876342cf0474bStephen Hines u8 byte, bool in_shadow, const char *after = "\n") { 1229514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany Decorator d; 1236d1862363c88c183b0ed7740fca876342cf0474bStephen Hines str->append("%s%s%x%x%s%s", before, 1246d1862363c88c183b0ed7740fca876342cf0474bStephen Hines in_shadow ? d.ShadowByte(byte) : d.MemoryByte(), 1256d1862363c88c183b0ed7740fca876342cf0474bStephen Hines byte >> 4, byte & 15, 1266d1862363c88c183b0ed7740fca876342cf0474bStephen Hines in_shadow ? d.EndShadowByte() : d.EndMemoryByte(), after); 1276d1862363c88c183b0ed7740fca876342cf0474bStephen Hines} 1286d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 1296d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesstatic void PrintShadowByte(InternalScopedString *str, const char *before, 1306d1862363c88c183b0ed7740fca876342cf0474bStephen Hines u8 byte, const char *after = "\n") { 1316d1862363c88c183b0ed7740fca876342cf0474bStephen Hines PrintMemoryByte(str, before, byte, /*in_shadow*/true, after); 1329514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany} 1339514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany 1342d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesstatic void PrintShadowBytes(InternalScopedString *str, const char *before, 1352d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines u8 *bytes, u8 *guilty, uptr n) { 1369514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany Decorator d; 1372d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines if (before) str->append("%s%p:", before, bytes); 1389514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany for (uptr i = 0; i < n; i++) { 1399514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany u8 *p = bytes + i; 1402d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines const char *before = 1412d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines p == guilty ? "[" : (p - 1 == guilty && i != 0) ? "" : " "; 1429514a53d7b56be6302c666291b21c0387f7ceca8Kostya Serebryany const char *after = p == guilty ? "]" : ""; 1432d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, before, *p, after); 1449873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov } 1452d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str->append("\n"); 1462d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines} 1472d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines 1482d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesstatic void PrintLegend(InternalScopedString *str) { 1492d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str->append( 1502d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines "Shadow byte legend (one shadow byte represents %d " 1512d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines "application bytes):\n", 1522d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines (int)SHADOW_GRANULARITY); 1532d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Addressable: ", 0); 1542d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str->append(" Partially addressable: "); 1552d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines for (u8 i = 1; i < SHADOW_GRANULARITY; i++) PrintShadowByte(str, "", i, " "); 1562d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str->append("\n"); 1572d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Heap left redzone: ", 1582d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines kAsanHeapLeftRedzoneMagic); 1592d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Heap right redzone: ", 1602d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines kAsanHeapRightRedzoneMagic); 1612d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Freed heap region: ", kAsanHeapFreeMagic); 1622d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Stack left redzone: ", 1632d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines kAsanStackLeftRedzoneMagic); 1642d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Stack mid redzone: ", 1652d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines kAsanStackMidRedzoneMagic); 1662d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Stack right redzone: ", 1672d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines kAsanStackRightRedzoneMagic); 1682d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Stack partial redzone: ", 1692d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines kAsanStackPartialRedzoneMagic); 1702d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Stack after return: ", 1712d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines kAsanStackAfterReturnMagic); 1722d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Stack use after scope: ", 1732d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines kAsanStackUseAfterScopeMagic); 1742d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Global redzone: ", kAsanGlobalRedzoneMagic); 1752d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Global init order: ", 1762d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines kAsanInitializationOrderMagic); 1772d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Poisoned by user: ", 1782d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines kAsanUserPoisonedMemoryMagic); 1792d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " Container overflow: ", 1802d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines kAsanContiguousContainerOOBMagic); 1816d1862363c88c183b0ed7740fca876342cf0474bStephen Hines PrintShadowByte(str, " Array cookie: ", 1826d1862363c88c183b0ed7740fca876342cf0474bStephen Hines kAsanArrayCookieMagic); 1836d1862363c88c183b0ed7740fca876342cf0474bStephen Hines PrintShadowByte(str, " Intra object redzone: ", 1846d1862363c88c183b0ed7740fca876342cf0474bStephen Hines kAsanIntraObjectRedzone); 1852d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowByte(str, " ASan internal: ", kAsanInternalHeapMagic); 18686277eb844c4983c81de62d7c050e92fe7155788Stephen Hines PrintShadowByte(str, " Left alloca redzone: ", kAsanAllocaLeftMagic); 18786277eb844c4983c81de62d7c050e92fe7155788Stephen Hines PrintShadowByte(str, " Right alloca redzone: ", kAsanAllocaRightMagic); 1889873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov} 1899873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov 1906d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesvoid MaybeDumpInstructionBytes(uptr pc) { 1916d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (!flags()->dump_instruction_bytes || (pc < GetPageSizeCached())) 1926d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return; 1936d1862363c88c183b0ed7740fca876342cf0474bStephen Hines InternalScopedString str(1024); 1946d1862363c88c183b0ed7740fca876342cf0474bStephen Hines str.append("First 16 instruction bytes at pc: "); 1956d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (IsAccessibleMemoryRange(pc, 16)) { 1966d1862363c88c183b0ed7740fca876342cf0474bStephen Hines for (int i = 0; i < 16; ++i) { 1976d1862363c88c183b0ed7740fca876342cf0474bStephen Hines PrintMemoryByte(&str, "", ((u8 *)pc)[i], /*in_shadow*/false, " "); 1986d1862363c88c183b0ed7740fca876342cf0474bStephen Hines } 1996d1862363c88c183b0ed7740fca876342cf0474bStephen Hines str.append("\n"); 2006d1862363c88c183b0ed7740fca876342cf0474bStephen Hines } else { 2016d1862363c88c183b0ed7740fca876342cf0474bStephen Hines str.append("unaccessible\n"); 2026d1862363c88c183b0ed7740fca876342cf0474bStephen Hines } 2036d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Report("%s", str.data()); 2046d1862363c88c183b0ed7740fca876342cf0474bStephen Hines} 2056d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 20695f630ae40cef78fb03b18110eff43bcf8d1c040Kostya Serebryanystatic void PrintShadowMemoryForAddress(uptr addr) { 2072d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines if (!AddrIsInMem(addr)) return; 20895f630ae40cef78fb03b18110eff43bcf8d1c040Kostya Serebryany uptr shadow_addr = MemToShadow(addr); 20995f630ae40cef78fb03b18110eff43bcf8d1c040Kostya Serebryany const uptr n_bytes_per_row = 16; 21095f630ae40cef78fb03b18110eff43bcf8d1c040Kostya Serebryany uptr aligned_shadow = shadow_addr & ~(n_bytes_per_row - 1); 2112d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines InternalScopedString str(4096 * 8); 2122d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("Shadow bytes around the buggy address:\n"); 21395f630ae40cef78fb03b18110eff43bcf8d1c040Kostya Serebryany for (int i = -5; i <= 5; i++) { 21495f630ae40cef78fb03b18110eff43bcf8d1c040Kostya Serebryany const char *prefix = (i == 0) ? "=>" : " "; 2152d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintShadowBytes(&str, prefix, (u8 *)(aligned_shadow + i * n_bytes_per_row), 2162d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines (u8 *)shadow_addr, n_bytes_per_row); 21795f630ae40cef78fb03b18110eff43bcf8d1c040Kostya Serebryany } 2182d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines if (flags()->print_legend) PrintLegend(&str); 2192d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Printf("%s", str.data()); 22095f630ae40cef78fb03b18110eff43bcf8d1c040Kostya Serebryany} 22195f630ae40cef78fb03b18110eff43bcf8d1c040Kostya Serebryany 2229873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonovstatic void PrintZoneForPointer(uptr ptr, uptr zone_ptr, 2239873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov const char *zone_name) { 2249873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov if (zone_ptr) { 2259873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov if (zone_name) { 226283c296b64bc55deec9698260b3427a9b050a925Kostya Serebryany Printf("malloc_zone_from_ptr(%p) = %p, which is %s\n", 2279873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov ptr, zone_ptr, zone_name); 2289873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov } else { 229283c296b64bc55deec9698260b3427a9b050a925Kostya Serebryany Printf("malloc_zone_from_ptr(%p) = %p, which doesn't have a name\n", 2309873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov ptr, zone_ptr); 2319873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov } 2329873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov } else { 233283c296b64bc55deec9698260b3427a9b050a925Kostya Serebryany Printf("malloc_zone_from_ptr(%p) = 0\n", ptr); 2349873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov } 2359873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov} 2369873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov 237997454a41a1658837d72d69ec7def59616311243Timur Iskhodzhanovstatic void DescribeThread(AsanThread *t) { 238997454a41a1658837d72d69ec7def59616311243Timur Iskhodzhanov if (t) 239997454a41a1658837d72d69ec7def59616311243Timur Iskhodzhanov DescribeThread(t->context()); 240997454a41a1658837d72d69ec7def59616311243Timur Iskhodzhanov} 241997454a41a1658837d72d69ec7def59616311243Timur Iskhodzhanov 242e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov// ---------------------- Address Descriptions ------------------- {{{1 243e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov 244e4bfca2b154a6ab4eda921aff454035f33f3551aAlexey Samsonovstatic bool IsASCII(unsigned char c) { 2459873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov return /*0x00 <= c &&*/ c <= 0x7F; 246e4bfca2b154a6ab4eda921aff454035f33f3551aAlexey Samsonov} 247e4bfca2b154a6ab4eda921aff454035f33f3551aAlexey Samsonov 248c9424276474a27bd7b6ae59e771371f850a08ba1Alexey Samsonovstatic const char *MaybeDemangleGlobalName(const char *name) { 249c9424276474a27bd7b6ae59e771371f850a08ba1Alexey Samsonov // We can spoil names of globals with C linkage, so use an heuristic 250c9424276474a27bd7b6ae59e771371f850a08ba1Alexey Samsonov // approach to check if the name should be demangled. 2512d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines bool should_demangle = false; 2522d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines if (name[0] == '_' && name[1] == 'Z') 2532d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines should_demangle = true; 2542d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines else if (SANITIZER_WINDOWS && name[0] == '\01' && name[1] == '?') 2552d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines should_demangle = true; 2562d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines 2576d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return should_demangle ? Symbolizer::GetOrInit()->Demangle(name) : name; 258c9424276474a27bd7b6ae59e771371f850a08ba1Alexey Samsonov} 259c9424276474a27bd7b6ae59e771371f850a08ba1Alexey Samsonov 260939316c822cc46e62684464eecd5cb2cefcf41c5Alexey Samsonov// Check if the global is a zero-terminated ASCII string. If so, print it. 2612d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesstatic void PrintGlobalNameIfASCII(InternalScopedString *str, 2622d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines const __asan_global &g) { 263939316c822cc46e62684464eecd5cb2cefcf41c5Alexey Samsonov for (uptr p = g.beg; p < g.beg + g.size - 1; p++) { 264939316c822cc46e62684464eecd5cb2cefcf41c5Alexey Samsonov unsigned char c = *(unsigned char*)p; 265939316c822cc46e62684464eecd5cb2cefcf41c5Alexey Samsonov if (c == '\0' || !IsASCII(c)) return; 266939316c822cc46e62684464eecd5cb2cefcf41c5Alexey Samsonov } 267939316c822cc46e62684464eecd5cb2cefcf41c5Alexey Samsonov if (*(char*)(g.beg + g.size - 1) != '\0') return; 2682d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str->append(" '%s' is ascii string '%s'\n", MaybeDemangleGlobalName(g.name), 2692d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines (char *)g.beg); 270939316c822cc46e62684464eecd5cb2cefcf41c5Alexey Samsonov} 271939316c822cc46e62684464eecd5cb2cefcf41c5Alexey Samsonov 2726a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hinesstatic const char *GlobalFilename(const __asan_global &g) { 2736a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines const char *res = g.module_name; 2746a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines // Prefer the filename from source location, if is available. 2756a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines if (g.location) 2766a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines res = g.location->filename; 2776a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines CHECK(res); 2786a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines return res; 2796a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines} 2806a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines 2816a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hinesstatic void PrintGlobalLocation(InternalScopedString *str, 2826a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines const __asan_global &g) { 2836a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines str->append("%s", GlobalFilename(g)); 2846a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines if (!g.location) 2856a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines return; 2866a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines if (g.location->line_no) 2876a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines str->append(":%d", g.location->line_no); 2886a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines if (g.location->column_no) 2896a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines str->append(":%d", g.location->column_no); 2906a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines} 2916a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines 292cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainarstatic void DescribeAddressRelativeToGlobal(uptr addr, uptr size, 293cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar const __asan_global &g) { 2942d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines InternalScopedString str(4096); 29558f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Decorator d; 2962d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("%s", d.Location()); 297e4bfca2b154a6ab4eda921aff454035f33f3551aAlexey Samsonov if (addr < g.beg) { 2982d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("%p is located %zd bytes to the left", (void *)addr, 2992d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines g.beg - addr); 300589dcdaa520de1033a0f6112c9b67ab9eb7931afEvgeniy Stepanov } else if (addr + size > g.beg + g.size) { 301589dcdaa520de1033a0f6112c9b67ab9eb7931afEvgeniy Stepanov if (addr < g.beg + g.size) 302589dcdaa520de1033a0f6112c9b67ab9eb7931afEvgeniy Stepanov addr = g.beg + g.size; 3032d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("%p is located %zd bytes to the right", (void *)addr, 3042d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines addr - (g.beg + g.size)); 305e4bfca2b154a6ab4eda921aff454035f33f3551aAlexey Samsonov } else { 306589dcdaa520de1033a0f6112c9b67ab9eb7931afEvgeniy Stepanov // Can it happen? 3072d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("%p is located %zd bytes inside", (void *)addr, addr - g.beg); 308e4bfca2b154a6ab4eda921aff454035f33f3551aAlexey Samsonov } 3096a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines str.append(" of global variable '%s' defined in '", 3106a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines MaybeDemangleGlobalName(g.name)); 3116a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines PrintGlobalLocation(&str, g); 3126a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines str.append("' (0x%zx) of size %zu\n", g.beg, g.size); 3132d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("%s", d.EndLocation()); 3142d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PrintGlobalNameIfASCII(&str, g); 3152d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Printf("%s", str.data()); 316cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar} 317cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar 318cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainarstatic bool DescribeAddressIfGlobal(uptr addr, uptr size, 319cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar const char *bug_type) { 320cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar // Assume address is close to at most four globals. 321cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar const int kMaxGlobalsInReport = 4; 322cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar __asan_global globals[kMaxGlobalsInReport]; 323cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar u32 reg_sites[kMaxGlobalsInReport]; 324cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar int globals_num = 325cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar GetGlobalsForAddress(addr, globals, reg_sites, ARRAY_SIZE(globals)); 326cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar if (globals_num == 0) 327cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar return false; 328cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar for (int i = 0; i < globals_num; i++) { 329cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar DescribeAddressRelativeToGlobal(addr, size, globals[i]); 330cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar if (0 == internal_strcmp(bug_type, "initialization-order-fiasco") && 331cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar reg_sites[i]) { 332cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar Printf(" registered at:\n"); 333cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar StackDepotGet(reg_sites[i]).Print(); 334cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar } 335cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar } 336e4bfca2b154a6ab4eda921aff454035f33f3551aAlexey Samsonov return true; 337e4bfca2b154a6ab4eda921aff454035f33f3551aAlexey Samsonov} 338e4bfca2b154a6ab4eda921aff454035f33f3551aAlexey Samsonov 3396d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesbool DescribeAddressIfShadow(uptr addr, AddressDescription *descr, bool print) { 340e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov if (AddrIsInMem(addr)) 341e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov return false; 3426d1862363c88c183b0ed7740fca876342cf0474bStephen Hines const char *area_type = nullptr; 3436d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (AddrIsInShadowGap(addr)) area_type = "shadow gap"; 3446d1862363c88c183b0ed7740fca876342cf0474bStephen Hines else if (AddrIsInHighShadow(addr)) area_type = "high shadow"; 3456d1862363c88c183b0ed7740fca876342cf0474bStephen Hines else if (AddrIsInLowShadow(addr)) area_type = "low shadow"; 3466d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (area_type != nullptr) { 3476d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (print) { 3486d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Printf("Address %p is located in the %s area.\n", addr, area_type); 3496d1862363c88c183b0ed7740fca876342cf0474bStephen Hines } else { 3506d1862363c88c183b0ed7740fca876342cf0474bStephen Hines CHECK(descr); 3516d1862363c88c183b0ed7740fca876342cf0474bStephen Hines descr->region_kind = area_type; 3526d1862363c88c183b0ed7740fca876342cf0474bStephen Hines } 353e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov return true; 354e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov } 355e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov CHECK(0 && "Address is not in memory and not in shadow?"); 356e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov return false; 357e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov} 358e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov 35950f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany// Return " (thread_name) " or an empty string if the name is empty. 36050f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryanyconst char *ThreadNameWithParenthesis(AsanThreadContext *t, char buff[], 36150f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany uptr buff_len) { 36250f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany const char *name = t->name; 36350f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany if (name[0] == '\0') return ""; 36450f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany buff[0] = 0; 36550f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany internal_strncat(buff, " (", 3); 36650f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany internal_strncat(buff, name, buff_len - 4); 36750f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany internal_strncat(buff, ")", 2); 36850f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany return buff; 36950f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany} 37050f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany 37150f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryanyconst char *ThreadNameWithParenthesis(u32 tid, char buff[], 37250f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany uptr buff_len) { 37350f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany if (tid == kInvalidTid) return ""; 37450f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany asanThreadRegistry().CheckLocked(); 37550f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany AsanThreadContext *t = GetThreadContextByTidLocked(tid); 37650f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany return ThreadNameWithParenthesis(t, buff, buff_len); 37750f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany} 37850f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany 3796d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesstatic void PrintAccessAndVarIntersection(const StackVarDescr &var, uptr addr, 3806d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr access_size, uptr prev_var_end, 3816d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr next_var_beg) { 3826d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr var_end = var.beg + var.size; 383edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany uptr addr_end = addr + access_size; 384799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar const char *pos_descr = nullptr; 3856d1862363c88c183b0ed7740fca876342cf0474bStephen Hines // If the variable [var.beg, var_end) is the nearest variable to the 386edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany // current memory access, indicate it in the log. 3876d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (addr >= var.beg) { 388edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany if (addr_end <= var_end) 389edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany pos_descr = "is inside"; // May happen if this is a use-after-return. 390edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany else if (addr < var_end) 391edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany pos_descr = "partially overflows"; 392edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany else if (addr_end <= next_var_beg && 393edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany next_var_beg - addr_end >= addr - var_end) 394edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany pos_descr = "overflows"; 395edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany } else { 3966d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (addr_end > var.beg) 397edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany pos_descr = "partially underflows"; 398edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany else if (addr >= prev_var_end && 3996d1862363c88c183b0ed7740fca876342cf0474bStephen Hines addr - prev_var_end >= var.beg - addr_end) 400edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany pos_descr = "underflows"; 401edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany } 4022d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines InternalScopedString str(1024); 4036d1862363c88c183b0ed7740fca876342cf0474bStephen Hines str.append(" [%zd, %zd)", var.beg, var_end); 4046d1862363c88c183b0ed7740fca876342cf0474bStephen Hines // Render variable name. 4056d1862363c88c183b0ed7740fca876342cf0474bStephen Hines str.append(" '"); 4066d1862363c88c183b0ed7740fca876342cf0474bStephen Hines for (uptr i = 0; i < var.name_len; ++i) { 4076d1862363c88c183b0ed7740fca876342cf0474bStephen Hines str.append("%c", var.name_pos[i]); 4086d1862363c88c183b0ed7740fca876342cf0474bStephen Hines } 4096d1862363c88c183b0ed7740fca876342cf0474bStephen Hines str.append("'"); 410edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany if (pos_descr) { 411edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany Decorator d; 412edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany // FIXME: we may want to also print the size of the access here, 413edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany // but in case of accesses generated by memset it may be confusing. 4142d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("%s <== Memory access at offset %zd %s this variable%s\n", 4152d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines d.Location(), addr, pos_descr, d.EndLocation()); 416edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany } else { 4172d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("\n"); 418edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany } 4192d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Printf("%s", str.data()); 420edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany} 421edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany 4226d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesbool ParseFrameDescription(const char *frame_descr, 4236d1862363c88c183b0ed7740fca876342cf0474bStephen Hines InternalMmapVector<StackVarDescr> *vars) { 4246d1862363c88c183b0ed7740fca876342cf0474bStephen Hines CHECK(frame_descr); 4256d1862363c88c183b0ed7740fca876342cf0474bStephen Hines char *p; 4266d1862363c88c183b0ed7740fca876342cf0474bStephen Hines // This string is created by the compiler and has the following form: 4276d1862363c88c183b0ed7740fca876342cf0474bStephen Hines // "n alloc_1 alloc_2 ... alloc_n" 4286d1862363c88c183b0ed7740fca876342cf0474bStephen Hines // where alloc_i looks like "offset size len ObjectName". 4296d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr n_objects = (uptr)internal_simple_strtoll(frame_descr, &p, 10); 4306d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (n_objects == 0) 4316d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return false; 4326d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 4336d1862363c88c183b0ed7740fca876342cf0474bStephen Hines for (uptr i = 0; i < n_objects; i++) { 4346d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr beg = (uptr)internal_simple_strtoll(p, &p, 10); 4356d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr size = (uptr)internal_simple_strtoll(p, &p, 10); 4366d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr len = (uptr)internal_simple_strtoll(p, &p, 10); 4376d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (beg == 0 || size == 0 || *p != ' ') { 4386d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return false; 4396d1862363c88c183b0ed7740fca876342cf0474bStephen Hines } 4406d1862363c88c183b0ed7740fca876342cf0474bStephen Hines p++; 4416d1862363c88c183b0ed7740fca876342cf0474bStephen Hines StackVarDescr var = {beg, size, p, len}; 4426d1862363c88c183b0ed7740fca876342cf0474bStephen Hines vars->push_back(var); 4436d1862363c88c183b0ed7740fca876342cf0474bStephen Hines p += len; 4446d1862363c88c183b0ed7740fca876342cf0474bStephen Hines } 4456d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 4466d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return true; 4476d1862363c88c183b0ed7740fca876342cf0474bStephen Hines} 448edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany 449e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonovbool DescribeAddressIfStack(uptr addr, uptr access_size) { 450def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov AsanThread *t = FindThreadByStackAddress(addr); 451e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov if (!t) return false; 452d570bb4c7d82767d26ada0f923f84b10d8ec0fc6Kostya Serebryany 45358f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Decorator d; 4546d1862363c88c183b0ed7740fca876342cf0474bStephen Hines char tname[128]; 45558f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.Location()); 4566d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Printf("Address %p is located in stack of thread T%d%s", addr, t->tid(), 4576d1862363c88c183b0ed7740fca876342cf0474bStephen Hines ThreadNameWithParenthesis(t->tid(), tname, sizeof(tname))); 4586d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 4596d1862363c88c183b0ed7740fca876342cf0474bStephen Hines // Try to fetch precise stack frame for this access. 4606d1862363c88c183b0ed7740fca876342cf0474bStephen Hines AsanThread::StackFrameAccess access; 4616d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (!t->GetStackFrameAccessByAddr(addr, &access)) { 4626d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Printf("%s\n", d.EndLocation()); 4636d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return true; 4646d1862363c88c183b0ed7740fca876342cf0474bStephen Hines } 4656d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Printf(" at offset %zu in frame%s\n", access.offset, d.EndLocation()); 4666d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 46750f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany // Now we print the frame where the alloca has happened. 46850f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany // We print this frame as a stack trace with one element. 46950f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany // The symbolizer may print more than one frame if inlining was involved. 47050f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany // The frame numbers may be different than those in the stack trace printed 47150f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany // previously. That's unfortunate, but I have no better solution, 47250f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany // especially given that the alloca may be from entirely different place 47350f3daa00d3da0a80c8798a3e977705e96ec106fKostya Serebryany // (e.g. use-after-scope, or different thread's stack). 474c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar#if SANITIZER_PPC64V1 4756d1862363c88c183b0ed7740fca876342cf0474bStephen Hines // On PowerPC64 ELFv1, the address of a function actually points to a 4766d1862363c88c183b0ed7740fca876342cf0474bStephen Hines // three-doubleword data structure with the first field containing 4776d1862363c88c183b0ed7740fca876342cf0474bStephen Hines // the address of the function's code. 4786d1862363c88c183b0ed7740fca876342cf0474bStephen Hines access.frame_pc = *reinterpret_cast<uptr *>(access.frame_pc); 4796d1862363c88c183b0ed7740fca876342cf0474bStephen Hines#endif 4806d1862363c88c183b0ed7740fca876342cf0474bStephen Hines access.frame_pc += 16; 48158f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.EndLocation()); 4826d1862363c88c183b0ed7740fca876342cf0474bStephen Hines StackTrace alloca_stack(&access.frame_pc, 1); 4832d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines alloca_stack.Print(); 4846d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 4856d1862363c88c183b0ed7740fca876342cf0474bStephen Hines InternalMmapVector<StackVarDescr> vars(16); 4866d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (!ParseFrameDescription(access.frame_descr, &vars)) { 4876d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Printf("AddressSanitizer can't parse the stack frame " 4886d1862363c88c183b0ed7740fca876342cf0474bStephen Hines "descriptor: |%s|\n", access.frame_descr); 4896d1862363c88c183b0ed7740fca876342cf0474bStephen Hines // 'addr' is a stack address, so return true even if we can't parse frame 4906d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return true; 4916d1862363c88c183b0ed7740fca876342cf0474bStephen Hines } 4926d1862363c88c183b0ed7740fca876342cf0474bStephen Hines uptr n_objects = vars.size(); 493e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov // Report the number of stack objects. 494283c296b64bc55deec9698260b3427a9b050a925Kostya Serebryany Printf(" This frame has %zu object(s):\n", n_objects); 495edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany 496e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov // Report all objects in this frame. 49789fe5642529335dc5d13ce7f4e61bdea36fca508Kostya Serebryany for (uptr i = 0; i < n_objects; i++) { 498edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany uptr prev_var_end = i ? vars[i - 1].beg + vars[i - 1].size : 0; 49922917e961033a840c500761d3c7110b5a654fca4Timur Iskhodzhanov uptr next_var_beg = i + 1 < n_objects ? vars[i + 1].beg : ~(0UL); 5006d1862363c88c183b0ed7740fca876342cf0474bStephen Hines PrintAccessAndVarIntersection(vars[i], access.offset, access_size, 501edb39c7942fc9fe5043b7cce348bac0aec4c83ebKostya Serebryany prev_var_end, next_var_beg); 502e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov } 503283c296b64bc55deec9698260b3427a9b050a925Kostya Serebryany Printf("HINT: this may be a false positive if your program uses " 5046d1862363c88c183b0ed7740fca876342cf0474bStephen Hines "some custom stack unwind mechanism or swapcontext\n"); 5056d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (SANITIZER_WINDOWS) 5066d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Printf(" (longjmp, SEH and C++ exceptions *are* supported)\n"); 5076d1862363c88c183b0ed7740fca876342cf0474bStephen Hines else 5086d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Printf(" (longjmp and C++ exceptions *are* supported)\n"); 5096d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 510997454a41a1658837d72d69ec7def59616311243Timur Iskhodzhanov DescribeThread(t); 511e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov return true; 512e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov} 513e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov 5145c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonovstatic void DescribeAccessToHeapChunk(AsanChunkView chunk, uptr addr, 5155c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov uptr access_size) { 516589dcdaa520de1033a0f6112c9b67ab9eb7931afEvgeniy Stepanov sptr offset; 51758f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Decorator d; 5182d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines InternalScopedString str(4096); 5192d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("%s", d.Location()); 520589dcdaa520de1033a0f6112c9b67ab9eb7931afEvgeniy Stepanov if (chunk.AddrIsAtLeft(addr, access_size, &offset)) { 5212d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("%p is located %zd bytes to the left of", (void *)addr, offset); 5225c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov } else if (chunk.AddrIsAtRight(addr, access_size, &offset)) { 523589dcdaa520de1033a0f6112c9b67ab9eb7931afEvgeniy Stepanov if (offset < 0) { 524589dcdaa520de1033a0f6112c9b67ab9eb7931afEvgeniy Stepanov addr -= offset; 525589dcdaa520de1033a0f6112c9b67ab9eb7931afEvgeniy Stepanov offset = 0; 526589dcdaa520de1033a0f6112c9b67ab9eb7931afEvgeniy Stepanov } 5272d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("%p is located %zd bytes to the right of", (void *)addr, offset); 528589dcdaa520de1033a0f6112c9b67ab9eb7931afEvgeniy Stepanov } else if (chunk.AddrIsInside(addr, access_size, &offset)) { 5292d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("%p is located %zd bytes inside of", (void*)addr, offset); 5305c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov } else { 5312d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("%p is located somewhere around (this is AddressSanitizer bug!)", 5322d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines (void *)addr); 5335c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov } 5342d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append(" %zu-byte region [%p,%p)\n", chunk.UsedSize(), 5352d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines (void *)(chunk.Beg()), (void *)(chunk.End())); 5362d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("%s", d.EndLocation()); 5372d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Printf("%s", str.data()); 5385c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov} 5395c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov 5405c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonovvoid DescribeHeapAddress(uptr addr, uptr access_size) { 5415c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov AsanChunkView chunk = FindHeapChunkByAddress(addr); 542d9def29fe0dc8fc70ef270dcc1a266ad9257ec1fAlexey Samsonov if (!chunk.IsValid()) { 543d9def29fe0dc8fc70ef270dcc1a266ad9257ec1fAlexey Samsonov Printf("AddressSanitizer can not describe address in more detail " 544d9def29fe0dc8fc70ef270dcc1a266ad9257ec1fAlexey Samsonov "(wild memory access suspected).\n"); 545d9def29fe0dc8fc70ef270dcc1a266ad9257ec1fAlexey Samsonov return; 546d9def29fe0dc8fc70ef270dcc1a266ad9257ec1fAlexey Samsonov } 5475c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov DescribeAccessToHeapChunk(chunk, addr, access_size); 5485c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov CHECK(chunk.AllocTid() != kInvalidTid); 549def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov asanThreadRegistry().CheckLocked(); 550def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov AsanThreadContext *alloc_thread = 551def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov GetThreadContextByTidLocked(chunk.AllocTid()); 5526d1862363c88c183b0ed7740fca876342cf0474bStephen Hines StackTrace alloc_stack = chunk.GetAllocStack(); 553716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany char tname[128]; 55458f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Decorator d; 555799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar AsanThreadContext *free_thread = nullptr; 5565c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov if (chunk.FreeTid() != kInvalidTid) { 557997454a41a1658837d72d69ec7def59616311243Timur Iskhodzhanov free_thread = GetThreadContextByTidLocked(chunk.FreeTid()); 55858f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%sfreed by thread T%d%s here:%s\n", d.Allocation(), 559def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov free_thread->tid, 56058f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany ThreadNameWithParenthesis(free_thread, tname, sizeof(tname)), 56158f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany d.EndAllocation()); 5626d1862363c88c183b0ed7740fca876342cf0474bStephen Hines StackTrace free_stack = chunk.GetFreeStack(); 5632d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines free_stack.Print(); 56458f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%spreviously allocated by thread T%d%s here:%s\n", 565def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov d.Allocation(), alloc_thread->tid, 56658f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany ThreadNameWithParenthesis(alloc_thread, tname, sizeof(tname)), 56758f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany d.EndAllocation()); 5685c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov } else { 56958f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%sallocated by thread T%d%s here:%s\n", d.Allocation(), 570def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov alloc_thread->tid, 57158f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany ThreadNameWithParenthesis(alloc_thread, tname, sizeof(tname)), 57258f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany d.EndAllocation()); 5735c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov } 5742d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines alloc_stack.Print(); 575997454a41a1658837d72d69ec7def59616311243Timur Iskhodzhanov DescribeThread(GetCurrentThread()); 576997454a41a1658837d72d69ec7def59616311243Timur Iskhodzhanov if (free_thread) 577997454a41a1658837d72d69ec7def59616311243Timur Iskhodzhanov DescribeThread(free_thread); 578997454a41a1658837d72d69ec7def59616311243Timur Iskhodzhanov DescribeThread(alloc_thread); 5795c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov} 5805c153faa535f671dd0e8d40ab43397f2d3c6f6f5Alexey Samsonov 581cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainarstatic void DescribeAddress(uptr addr, uptr access_size, const char *bug_type) { 582e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov // Check if this is shadow or shadow gap. 583e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov if (DescribeAddressIfShadow(addr)) 584e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov return; 585e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov CHECK(AddrIsInMem(addr)); 586cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar if (DescribeAddressIfGlobal(addr, access_size, bug_type)) 587e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov return; 588e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov if (DescribeAddressIfStack(addr, access_size)) 589e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov return; 590e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov // Assume it is a heap address. 591e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov DescribeHeapAddress(addr, access_size); 592e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov} 593e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov 59471b42c9740e6f73da607aaa539affb5c4807231cAlexey Samsonov// ------------------- Thread description -------------------- {{{1 59571b42c9740e6f73da607aaa539affb5c4807231cAlexey Samsonov 596def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonovvoid DescribeThread(AsanThreadContext *context) { 597def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov CHECK(context); 598def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov asanThreadRegistry().CheckLocked(); 59971b42c9740e6f73da607aaa539affb5c4807231cAlexey Samsonov // No need to announce the main thread. 600def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov if (context->tid == 0 || context->announced) { 60171b42c9740e6f73da607aaa539affb5c4807231cAlexey Samsonov return; 60271b42c9740e6f73da607aaa539affb5c4807231cAlexey Samsonov } 603def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov context->announced = true; 604716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany char tname[128]; 6052d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines InternalScopedString str(1024); 6062d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append("Thread T%d%s", context->tid, 6072d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines ThreadNameWithParenthesis(context->tid, tname, sizeof(tname))); 608259f7063e3e4c4b94dded1e90ab0a943d0fa737bPirama Arumuga Nainar if (context->parent_tid == kInvalidTid) { 609259f7063e3e4c4b94dded1e90ab0a943d0fa737bPirama Arumuga Nainar str.append(" created by unknown thread\n"); 610259f7063e3e4c4b94dded1e90ab0a943d0fa737bPirama Arumuga Nainar Printf("%s", str.data()); 611259f7063e3e4c4b94dded1e90ab0a943d0fa737bPirama Arumuga Nainar return; 612259f7063e3e4c4b94dded1e90ab0a943d0fa737bPirama Arumuga Nainar } 6132d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines str.append( 6142d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines " created by T%d%s here:\n", context->parent_tid, 6152d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines ThreadNameWithParenthesis(context->parent_tid, tname, sizeof(tname))); 6162d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Printf("%s", str.data()); 6176d1862363c88c183b0ed7740fca876342cf0474bStephen Hines StackDepotGet(context->stack_id).Print(); 61871b42c9740e6f73da607aaa539affb5c4807231cAlexey Samsonov // Recursively described parent thread if needed. 61971b42c9740e6f73da607aaa539affb5c4807231cAlexey Samsonov if (flags()->print_full_thread_history) { 620def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov AsanThreadContext *parent_context = 621def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov GetThreadContextByTidLocked(context->parent_tid); 622def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov DescribeThread(parent_context); 62371b42c9740e6f73da607aaa539affb5c4807231cAlexey Samsonov } 62471b42c9740e6f73da607aaa539affb5c4807231cAlexey Samsonov} 62571b42c9740e6f73da607aaa539affb5c4807231cAlexey Samsonov 626e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov// -------------------- Different kinds of reports ----------------- {{{1 627e218beb2d14b663bd277158f386a86d0e62fef74Alexey Samsonov 6289873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov// Use ScopedInErrorReport to run common actions just before and 6299873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov// immediately after printing error report. 6309873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonovclass ScopedInErrorReport { 6319873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov public: 632799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar explicit ScopedInErrorReport(ReportData *report = nullptr, 633799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar bool fatal = false) { 634799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar halt_on_error_ = fatal || flags()->halt_on_error; 635799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 636799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar if (lock_.TryLock()) { 637799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar StartReporting(report); 638799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar return; 639799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar } 640799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 641799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // ASan found two bugs in different threads simultaneously. 642799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 643799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar u32 current_tid = GetCurrentTidOrInvalid(); 644799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar if (reporting_thread_tid_ == current_tid || 645799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar reporting_thread_tid_ == kInvalidTid) { 646799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // This is either asynch signal or nested error during error reporting. 647799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // Fail simple to avoid deadlocks in Report(). 648799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 649799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // Can't use Report() here because of potential deadlocks 650799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // in nested signal handlers. 651799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar const char msg[] = "AddressSanitizer: nested bug in the same thread, " 652799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar "aborting.\n"; 653799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar WriteToFile(kStderrFd, msg, sizeof(msg)); 654799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 655799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar internal__exit(common_flags()->exitcode); 656799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar } 657799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 658799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar if (halt_on_error_) { 6599873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov // Do not print more than one report, otherwise they will mix up. 6609873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov // Error reporting functions shouldn't return at this situation, as 661799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // they are effectively no-returns. 662799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 6636d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Report("AddressSanitizer: while reporting a bug found another one. " 664799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar "Ignoring.\n"); 665799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 666799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // Sleep long enough to make sure that the thread which started 667799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // to print an error report will finish doing it. 668799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar SleepForSeconds(Max(100, flags()->sleep_before_dying + 1)); 669799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 670f882247088952deed954a19d745c2dd8871e2035Alexey Samsonov // If we're still not dead for some reason, use raw _exit() instead of 671031633bef8dff03f4e8943a12e34856bd66bbc78Alexey Samsonov // Die() to bypass any additional checks. 672799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar internal__exit(common_flags()->exitcode); 673799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar } else { 674799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // The other thread will eventually finish reporting 675799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // so it's safe to wait 676799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar lock_.Lock(); 677799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar } 678799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 679799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar StartReporting(report); 680799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar } 681799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 682799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar ~ScopedInErrorReport() { 683799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // Make sure the current thread is announced. 684799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar DescribeThread(GetCurrentThread()); 685799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // We may want to grab this lock again when printing stats. 686799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar asanThreadRegistry().Unlock(); 687799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // Print memory stats. 688799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar if (flags()->print_stats) 689799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar __asan_print_accumulated_stats(); 690799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 691c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar if (common_flags()->print_cmdline) 692c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar PrintCmdline(); 693c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar 694799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // Copy the message buffer so that we could start logging without holding a 695799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar // lock that gets aquired during printing. 696799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar InternalScopedBuffer<char> buffer_copy(kErrorMessageBufferSize); 697799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar { 698799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar BlockingMutexLock l(&error_message_buf_mutex); 699799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar internal_memcpy(buffer_copy.data(), 700799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar error_message_buffer, kErrorMessageBufferSize); 701799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar } 702799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 703799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar LogFullErrorReport(buffer_copy.data()); 704799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 705799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar if (error_report_callback) { 706799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar error_report_callback(buffer_copy.data()); 7079873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov } 708799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar CommonSanitizerReportMutex.Unlock(); 709799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar reporting_thread_tid_ = kInvalidTid; 710799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar lock_.Unlock(); 711799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar if (halt_on_error_) { 712799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar Report("ABORTING\n"); 713799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar Die(); 714799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar } 715799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar } 716799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 717799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar private: 718799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar void StartReporting(ReportData *report) { 7196d1862363c88c183b0ed7740fca876342cf0474bStephen Hines if (report) report_data = *report; 7206d1862363c88c183b0ed7740fca876342cf0474bStephen Hines report_happened = true; 7216a08d29b2020004b801ca69d8aea5872a7e67d72Alexey Samsonov ASAN_ON_ERROR(); 7227ed46ff7af911da0dd2067734d1408c6986c6657Alexey Samsonov // Make sure the registry and sanitizer report mutexes are locked while 7237ed46ff7af911da0dd2067734d1408c6986c6657Alexey Samsonov // we're printing an error report. 7247ed46ff7af911da0dd2067734d1408c6986c6657Alexey Samsonov // We can lock them only here to avoid self-deadlock in case of 725def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov // recursive reports. 726def1be9b7ef4091ce465c0fbfb26cdb52128ade8Alexey Samsonov asanThreadRegistry().Lock(); 7277ed46ff7af911da0dd2067734d1408c6986c6657Alexey Samsonov CommonSanitizerReportMutex.Lock(); 728799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar reporting_thread_tid_ = GetCurrentTidOrInvalid(); 729283c296b64bc55deec9698260b3427a9b050a925Kostya Serebryany Printf("====================================================" 73062e27098b97e5ef74931c536350123a3df9dec6dAlexey Samsonov "=============\n"); 7319873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov } 732799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 733799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar static StaticSpinMutex lock_; 734799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar static u32 reporting_thread_tid_; 735799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar bool halt_on_error_; 7369873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov}; 7379873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov 738799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga NainarStaticSpinMutex ScopedInErrorReport::lock_; 739c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainaru32 ScopedInErrorReport::reporting_thread_tid_ = kInvalidTid; 740799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 74186277eb844c4983c81de62d7c050e92fe7155788Stephen Hinesvoid ReportStackOverflow(const SignalContext &sig) { 742c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar ScopedInErrorReport in_report(/*report*/ nullptr, /*fatal*/ true); 74358f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Decorator d; 74458f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.Warning()); 7452d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Report( 7462d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines "ERROR: AddressSanitizer: stack-overflow on address %p" 7476d1862363c88c183b0ed7740fca876342cf0474bStephen Hines " (pc %p bp %p sp %p T%d)\n", 74886277eb844c4983c81de62d7c050e92fe7155788Stephen Hines (void *)sig.addr, (void *)sig.pc, (void *)sig.bp, (void *)sig.sp, 7492d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines GetCurrentTidOrInvalid()); 75058f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.EndWarning()); 751c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar ScarinessScore::PrintSimple(10, "stack-overflow"); 75286277eb844c4983c81de62d7c050e92fe7155788Stephen Hines GET_STACK_TRACE_SIGNAL(sig); 7532d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack.Print(); 7542d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines ReportErrorSummary("stack-overflow", &stack); 7552d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines} 7562d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines 757799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainarvoid ReportDeadlySignal(const char *description, const SignalContext &sig) { 758c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar ScopedInErrorReport in_report(/*report*/ nullptr, /*fatal*/ true); 7592d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Decorator d; 7602d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Printf("%s", d.Warning()); 7612d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Report( 7626d1862363c88c183b0ed7740fca876342cf0474bStephen Hines "ERROR: AddressSanitizer: %s on unknown address %p" 7636d1862363c88c183b0ed7740fca876342cf0474bStephen Hines " (pc %p bp %p sp %p T%d)\n", 76486277eb844c4983c81de62d7c050e92fe7155788Stephen Hines description, (void *)sig.addr, (void *)sig.pc, (void *)sig.bp, 76586277eb844c4983c81de62d7c050e92fe7155788Stephen Hines (void *)sig.sp, GetCurrentTidOrInvalid()); 766c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar Printf("%s", d.EndWarning()); 767c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar ScarinessScore SS; 768c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar if (sig.pc < GetPageSizeCached()) 7696d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Report("Hint: pc points to the zero page.\n"); 770c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar if (sig.is_memory_access) { 771c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar const char *access_type = 772c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar sig.write_flag == SignalContext::WRITE 773c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar ? "WRITE" 774c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar : (sig.write_flag == SignalContext::READ ? "READ" : "UNKNOWN"); 775c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar Report("The signal is caused by a %s memory access.\n", access_type); 776c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar if (sig.addr < GetPageSizeCached()) { 777c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar Report("Hint: address points to the zero page.\n"); 778c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar SS.Scare(10, "null-deref"); 779c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar } else if (sig.addr == sig.pc) { 780c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar SS.Scare(60, "wild-jump"); 781c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar } else if (sig.write_flag == SignalContext::WRITE) { 782c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar SS.Scare(30, "wild-addr-write"); 783c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar } else if (sig.write_flag == SignalContext::READ) { 784c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar SS.Scare(20, "wild-addr-read"); 785c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar } else { 786c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar SS.Scare(25, "wild-addr"); 787c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar } 788c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar } else { 789c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar SS.Scare(10, "signal"); 7906d1862363c88c183b0ed7740fca876342cf0474bStephen Hines } 791c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar SS.Print(); 79286277eb844c4983c81de62d7c050e92fe7155788Stephen Hines GET_STACK_TRACE_SIGNAL(sig); 7932d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack.Print(); 79486277eb844c4983c81de62d7c050e92fe7155788Stephen Hines MaybeDumpInstructionBytes(sig.pc); 795d9def29fe0dc8fc70ef270dcc1a266ad9257ec1fAlexey Samsonov Printf("AddressSanitizer can not provide additional info.\n"); 796799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar ReportErrorSummary(description, &stack); 7977354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov} 7987354509ec8a37262c5ea0c54f99afee8a5116ce5Alexey Samsonov 7996d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesvoid ReportDoubleFree(uptr addr, BufferedStackTrace *free_stack) { 8009873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov ScopedInErrorReport in_report; 80158f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Decorator d; 80258f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.Warning()); 803a89a35acf3004de3e39f1074b8620fb3c423d41fKostya Serebryany char tname[128]; 804a89a35acf3004de3e39f1074b8620fb3c423d41fKostya Serebryany u32 curr_tid = GetCurrentTidOrInvalid(); 805a89a35acf3004de3e39f1074b8620fb3c423d41fKostya Serebryany Report("ERROR: AddressSanitizer: attempting double-free on %p in " 806a89a35acf3004de3e39f1074b8620fb3c423d41fKostya Serebryany "thread T%d%s:\n", 807a89a35acf3004de3e39f1074b8620fb3c423d41fKostya Serebryany addr, curr_tid, 808a89a35acf3004de3e39f1074b8620fb3c423d41fKostya Serebryany ThreadNameWithParenthesis(curr_tid, tname, sizeof(tname))); 80958f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.EndWarning()); 8101b17f5b79d58c5aff291dde05727ad0b215b81c6Alexey Samsonov CHECK_GT(free_stack->size, 0); 811c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar ScarinessScore::PrintSimple(42, "double-free"); 8121b17f5b79d58c5aff291dde05727ad0b215b81c6Alexey Samsonov GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); 8132d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack.Print(); 814f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov DescribeHeapAddress(addr, 1); 8151b17f5b79d58c5aff291dde05727ad0b215b81c6Alexey Samsonov ReportErrorSummary("double-free", &stack); 816f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov} 817f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov 818c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainarvoid ReportNewDeleteSizeMismatch(uptr addr, uptr alloc_size, uptr delete_size, 8196d1862363c88c183b0ed7740fca876342cf0474bStephen Hines BufferedStackTrace *free_stack) { 8206d1862363c88c183b0ed7740fca876342cf0474bStephen Hines ScopedInErrorReport in_report; 8216d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Decorator d; 8226d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Printf("%s", d.Warning()); 8236d1862363c88c183b0ed7740fca876342cf0474bStephen Hines char tname[128]; 8246d1862363c88c183b0ed7740fca876342cf0474bStephen Hines u32 curr_tid = GetCurrentTidOrInvalid(); 8256d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Report("ERROR: AddressSanitizer: new-delete-type-mismatch on %p in " 8266d1862363c88c183b0ed7740fca876342cf0474bStephen Hines "thread T%d%s:\n", 8276d1862363c88c183b0ed7740fca876342cf0474bStephen Hines addr, curr_tid, 8286d1862363c88c183b0ed7740fca876342cf0474bStephen Hines ThreadNameWithParenthesis(curr_tid, tname, sizeof(tname))); 8296d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Printf("%s object passed to delete has wrong type:\n", d.EndWarning()); 8306d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Printf(" size of the allocated type: %zd bytes;\n" 8316d1862363c88c183b0ed7740fca876342cf0474bStephen Hines " size of the deallocated type: %zd bytes.\n", 832c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar alloc_size, delete_size); 8336d1862363c88c183b0ed7740fca876342cf0474bStephen Hines CHECK_GT(free_stack->size, 0); 834c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar ScarinessScore::PrintSimple(10, "new-delete-type-mismatch"); 8356d1862363c88c183b0ed7740fca876342cf0474bStephen Hines GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); 8366d1862363c88c183b0ed7740fca876342cf0474bStephen Hines stack.Print(); 8376d1862363c88c183b0ed7740fca876342cf0474bStephen Hines DescribeHeapAddress(addr, 1); 8386d1862363c88c183b0ed7740fca876342cf0474bStephen Hines ReportErrorSummary("new-delete-type-mismatch", &stack); 839799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar Report("HINT: if you don't care about these errors you may set " 8406d1862363c88c183b0ed7740fca876342cf0474bStephen Hines "ASAN_OPTIONS=new_delete_type_mismatch=0\n"); 8416d1862363c88c183b0ed7740fca876342cf0474bStephen Hines} 8426d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 8436d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesvoid ReportFreeNotMalloced(uptr addr, BufferedStackTrace *free_stack) { 8449873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov ScopedInErrorReport in_report; 84558f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Decorator d; 84658f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.Warning()); 847a89a35acf3004de3e39f1074b8620fb3c423d41fKostya Serebryany char tname[128]; 848a89a35acf3004de3e39f1074b8620fb3c423d41fKostya Serebryany u32 curr_tid = GetCurrentTidOrInvalid(); 84969d8ede30a0ef32c74af7e4e795eb4b4e7fb1d36Kostya Serebryany Report("ERROR: AddressSanitizer: attempting free on address " 850a89a35acf3004de3e39f1074b8620fb3c423d41fKostya Serebryany "which was not malloc()-ed: %p in thread T%d%s\n", addr, 851a89a35acf3004de3e39f1074b8620fb3c423d41fKostya Serebryany curr_tid, ThreadNameWithParenthesis(curr_tid, tname, sizeof(tname))); 85258f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.EndWarning()); 8531b17f5b79d58c5aff291dde05727ad0b215b81c6Alexey Samsonov CHECK_GT(free_stack->size, 0); 854c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar ScarinessScore::PrintSimple(40, "bad-free"); 8551b17f5b79d58c5aff291dde05727ad0b215b81c6Alexey Samsonov GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); 8562d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack.Print(); 8579873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov DescribeHeapAddress(addr, 1); 8581b17f5b79d58c5aff291dde05727ad0b215b81c6Alexey Samsonov ReportErrorSummary("bad-free", &stack); 859f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov} 860f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov 8616d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesvoid ReportAllocTypeMismatch(uptr addr, BufferedStackTrace *free_stack, 862fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany AllocType alloc_type, 863fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany AllocType dealloc_type) { 864fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany static const char *alloc_names[] = 865fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany {"INVALID", "malloc", "operator new", "operator new []"}; 866fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany static const char *dealloc_names[] = 867fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany {"INVALID", "free", "operator delete", "operator delete []"}; 868fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany CHECK_NE(alloc_type, dealloc_type); 869fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany ScopedInErrorReport in_report; 870fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany Decorator d; 871fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany Printf("%s", d.Warning()); 872fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany Report("ERROR: AddressSanitizer: alloc-dealloc-mismatch (%s vs %s) on %p\n", 873fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany alloc_names[alloc_type], dealloc_names[dealloc_type], addr); 874fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany Printf("%s", d.EndWarning()); 8751b17f5b79d58c5aff291dde05727ad0b215b81c6Alexey Samsonov CHECK_GT(free_stack->size, 0); 876c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar ScarinessScore::PrintSimple(10, "alloc-dealloc-mismatch"); 8771b17f5b79d58c5aff291dde05727ad0b215b81c6Alexey Samsonov GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); 8782d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack.Print(); 879fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany DescribeHeapAddress(addr, 1); 8801b17f5b79d58c5aff291dde05727ad0b215b81c6Alexey Samsonov ReportErrorSummary("alloc-dealloc-mismatch", &stack); 881799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar Report("HINT: if you don't care about these errors you may set " 882fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany "ASAN_OPTIONS=alloc_dealloc_mismatch=0\n"); 883fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany} 884fe6d91684bcda766593800f6307233f1a33d31f6Kostya Serebryany 8856d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesvoid ReportMallocUsableSizeNotOwned(uptr addr, BufferedStackTrace *stack) { 8869873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov ScopedInErrorReport in_report; 88758f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Decorator d; 88858f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.Warning()); 88969d8ede30a0ef32c74af7e4e795eb4b4e7fb1d36Kostya Serebryany Report("ERROR: AddressSanitizer: attempting to call " 890f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov "malloc_usable_size() for pointer which is " 891f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov "not owned: %p\n", addr); 89258f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.EndWarning()); 8932d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack->Print(); 894f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov DescribeHeapAddress(addr, 1); 8952fb08720b11b4c339e191b90d85477c6a2dd74dbAlexey Samsonov ReportErrorSummary("bad-malloc_usable_size", stack); 896f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov} 897f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov 8986d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesvoid ReportSanitizerGetAllocatedSizeNotOwned(uptr addr, 8996d1862363c88c183b0ed7740fca876342cf0474bStephen Hines BufferedStackTrace *stack) { 9009873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov ScopedInErrorReport in_report; 90158f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Decorator d; 90258f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.Warning()); 90369d8ede30a0ef32c74af7e4e795eb4b4e7fb1d36Kostya Serebryany Report("ERROR: AddressSanitizer: attempting to call " 9046a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines "__sanitizer_get_allocated_size() for pointer which is " 905f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov "not owned: %p\n", addr); 90658f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.EndWarning()); 9072d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack->Print(); 908f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov DescribeHeapAddress(addr, 1); 9096a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines ReportErrorSummary("bad-__sanitizer_get_allocated_size", stack); 910f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov} 911f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov 9126d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesvoid ReportStringFunctionMemoryRangesOverlap(const char *function, 9136d1862363c88c183b0ed7740fca876342cf0474bStephen Hines const char *offset1, uptr length1, 9146d1862363c88c183b0ed7740fca876342cf0474bStephen Hines const char *offset2, uptr length2, 9156d1862363c88c183b0ed7740fca876342cf0474bStephen Hines BufferedStackTrace *stack) { 9169873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov ScopedInErrorReport in_report; 91758f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Decorator d; 9182673fd8406197c42f16cede6d287f72169298c2eKostya Serebryany char bug_type[100]; 9192673fd8406197c42f16cede6d287f72169298c2eKostya Serebryany internal_snprintf(bug_type, sizeof(bug_type), "%s-param-overlap", function); 92058f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.Warning()); 9212673fd8406197c42f16cede6d287f72169298c2eKostya Serebryany Report("ERROR: AddressSanitizer: %s: " 922487fee7f6f7497906a00d7d2fe2c75e6d5d4feb1Alexey Samsonov "memory ranges [%p,%p) and [%p, %p) overlap\n", \ 9232673fd8406197c42f16cede6d287f72169298c2eKostya Serebryany bug_type, offset1, offset1 + length1, offset2, offset2 + length2); 92458f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.EndWarning()); 925c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar ScarinessScore::PrintSimple(10, bug_type); 9262d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack->Print(); 927cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar DescribeAddress((uptr)offset1, length1, bug_type); 928cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar DescribeAddress((uptr)offset2, length2, bug_type); 9292fb08720b11b4c339e191b90d85477c6a2dd74dbAlexey Samsonov ReportErrorSummary(bug_type, stack); 930487fee7f6f7497906a00d7d2fe2c75e6d5d4feb1Alexey Samsonov} 931f7c1d18183d2dfbd02864cf47b3239d6a5d717c0Alexey Samsonov 9322d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesvoid ReportStringFunctionSizeOverflow(uptr offset, uptr size, 9336d1862363c88c183b0ed7740fca876342cf0474bStephen Hines BufferedStackTrace *stack) { 9342d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines ScopedInErrorReport in_report; 9352d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Decorator d; 9362d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines const char *bug_type = "negative-size-param"; 9372d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Printf("%s", d.Warning()); 9382d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Report("ERROR: AddressSanitizer: %s: (size=%zd)\n", bug_type, size); 9392d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Printf("%s", d.EndWarning()); 940c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar ScarinessScore::PrintSimple(10, bug_type); 9412d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack->Print(); 942cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar DescribeAddress(offset, size, bug_type); 9432d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines ReportErrorSummary(bug_type, stack); 9442d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines} 9452d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines 9462d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesvoid ReportBadParamsToAnnotateContiguousContainer(uptr beg, uptr end, 9472d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines uptr old_mid, uptr new_mid, 9486d1862363c88c183b0ed7740fca876342cf0474bStephen Hines BufferedStackTrace *stack) { 9492d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines ScopedInErrorReport in_report; 9502d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Report("ERROR: AddressSanitizer: bad parameters to " 9512d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines "__sanitizer_annotate_contiguous_container:\n" 9522d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines " beg : %p\n" 9532d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines " end : %p\n" 9542d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines " old_mid : %p\n" 9552d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines " new_mid : %p\n", 9562d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines beg, end, old_mid, new_mid); 95786277eb844c4983c81de62d7c050e92fe7155788Stephen Hines uptr granularity = SHADOW_GRANULARITY; 95886277eb844c4983c81de62d7c050e92fe7155788Stephen Hines if (!IsAligned(beg, granularity)) 95986277eb844c4983c81de62d7c050e92fe7155788Stephen Hines Report("ERROR: beg is not aligned by %d\n", granularity); 9602d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack->Print(); 9612d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines ReportErrorSummary("bad-__sanitizer_annotate_contiguous_container", stack); 9622d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines} 9632d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines 9646a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hinesvoid ReportODRViolation(const __asan_global *g1, u32 stack_id1, 9656a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines const __asan_global *g2, u32 stack_id2) { 9662d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines ScopedInErrorReport in_report; 9672d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Decorator d; 9682d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Printf("%s", d.Warning()); 9692d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Report("ERROR: AddressSanitizer: odr-violation (%p):\n", g1->beg); 9702d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Printf("%s", d.EndWarning()); 9716a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines InternalScopedString g1_loc(256), g2_loc(256); 9726a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines PrintGlobalLocation(&g1_loc, *g1); 9736a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines PrintGlobalLocation(&g2_loc, *g2); 9746d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Printf(" [1] size=%zd '%s' %s\n", g1->size, 9756d1862363c88c183b0ed7740fca876342cf0474bStephen Hines MaybeDemangleGlobalName(g1->name), g1_loc.data()); 9766d1862363c88c183b0ed7740fca876342cf0474bStephen Hines Printf(" [2] size=%zd '%s' %s\n", g2->size, 9776d1862363c88c183b0ed7740fca876342cf0474bStephen Hines MaybeDemangleGlobalName(g2->name), g2_loc.data()); 9786a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines if (stack_id1 && stack_id2) { 9796a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines Printf("These globals were registered at these points:\n"); 9806a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines Printf(" [1]:\n"); 9816d1862363c88c183b0ed7740fca876342cf0474bStephen Hines StackDepotGet(stack_id1).Print(); 9826a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines Printf(" [2]:\n"); 9836d1862363c88c183b0ed7740fca876342cf0474bStephen Hines StackDepotGet(stack_id2).Print(); 9846a211c5814e25d6745a5058cc0e499e5235d3821Stephen Hines } 985799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar Report("HINT: if you don't care about these errors you may set " 9862d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines "ASAN_OPTIONS=detect_odr_violation=0\n"); 9876d1862363c88c183b0ed7740fca876342cf0474bStephen Hines InternalScopedString error_msg(256); 9886d1862363c88c183b0ed7740fca876342cf0474bStephen Hines error_msg.append("odr-violation: global '%s' at %s", 9896d1862363c88c183b0ed7740fca876342cf0474bStephen Hines MaybeDemangleGlobalName(g1->name), g1_loc.data()); 9906d1862363c88c183b0ed7740fca876342cf0474bStephen Hines ReportErrorSummary(error_msg.data()); 9912d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines} 9922d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines 9932d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// ----------------------- CheckForInvalidPointerPair ----------- {{{1 9942d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesstatic NOINLINE void 9952d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen HinesReportInvalidPointerPair(uptr pc, uptr bp, uptr sp, uptr a1, uptr a2) { 9962d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines ScopedInErrorReport in_report; 997cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar const char *bug_type = "invalid-pointer-pair"; 9982d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Decorator d; 9992d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Printf("%s", d.Warning()); 10002d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Report("ERROR: AddressSanitizer: invalid-pointer-pair: %p %p\n", a1, a2); 10012d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines Printf("%s", d.EndWarning()); 10022d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines GET_STACK_TRACE_FATAL(pc, bp); 10032d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack.Print(); 1004cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar DescribeAddress(a1, 1, bug_type); 1005cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar DescribeAddress(a2, 1, bug_type); 1006cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar ReportErrorSummary(bug_type, &stack); 10072d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines} 10082d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines 10092d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesstatic INLINE void CheckForInvalidPointerPair(void *p1, void *p2) { 10102d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines if (!flags()->detect_invalid_pointer_pairs) return; 10112d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines uptr a1 = reinterpret_cast<uptr>(p1); 10122d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines uptr a2 = reinterpret_cast<uptr>(p2); 10132d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines AsanChunkView chunk1 = FindHeapChunkByAddress(a1); 10142d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines AsanChunkView chunk2 = FindHeapChunkByAddress(a2); 1015c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bool valid1 = chunk1.IsAllocated(); 1016c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bool valid2 = chunk2.IsAllocated(); 1017c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar if (!valid1 || !valid2 || !chunk1.Eq(chunk2)) { 1018c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar GET_CALLER_PC_BP_SP; 10192d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines return ReportInvalidPointerPair(pc, bp, sp, a1, a2); 10202d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines } 10212d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines} 1022663c50134e01feefb6c5418c6ec7753be951c14fAlexey Samsonov// ----------------------- Mac-specific reports ----------------- {{{1 1023663c50134e01feefb6c5418c6ec7753be951c14fAlexey Samsonov 10246d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesvoid ReportMacMzReallocUnknown(uptr addr, uptr zone_ptr, const char *zone_name, 10256d1862363c88c183b0ed7740fca876342cf0474bStephen Hines BufferedStackTrace *stack) { 10269873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov ScopedInErrorReport in_report; 1027283c296b64bc55deec9698260b3427a9b050a925Kostya Serebryany Printf("mz_realloc(%p) -- attempting to realloc unallocated memory.\n" 1028663c50134e01feefb6c5418c6ec7753be951c14fAlexey Samsonov "This is an unrecoverable problem, exiting now.\n", 1029663c50134e01feefb6c5418c6ec7753be951c14fAlexey Samsonov addr); 1030663c50134e01feefb6c5418c6ec7753be951c14fAlexey Samsonov PrintZoneForPointer(addr, zone_ptr, zone_name); 10312d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack->Print(); 10329873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov DescribeHeapAddress(addr, 1); 1033663c50134e01feefb6c5418c6ec7753be951c14fAlexey Samsonov} 1034663c50134e01feefb6c5418c6ec7753be951c14fAlexey Samsonov 1035799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar// -------------- SuppressErrorReport -------------- {{{1 1036799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar// Avoid error reports duplicating for ASan recover mode. 1037799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainarstatic bool SuppressErrorReport(uptr pc) { 1038799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar if (!common_flags()->suppress_equal_pcs) return false; 1039799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar for (unsigned i = 0; i < kAsanBuggyPcPoolSize; i++) { 1040799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar uptr cmp = atomic_load_relaxed(&AsanBuggyPcPool[i]); 1041799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar if (cmp == 0 && atomic_compare_exchange_strong(&AsanBuggyPcPool[i], &cmp, 1042799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar pc, memory_order_relaxed)) 1043799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar return false; 1044799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar if (cmp == pc) return true; 1045799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar } 1046799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar Die(); 1047c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov} 1048c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov 1049c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainarstatic void PrintContainerOverflowHint() { 1050c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar Printf("HINT: if you don't care about these errors you may set " 1051c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar "ASAN_OPTIONS=detect_container_overflow=0.\n" 1052c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar "If you suspect a false positive see also: " 1053c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar "https://github.com/google/sanitizers/wiki/" 1054c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar "AddressSanitizerContainerOverflow.\n"); 1055c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar} 1056c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar 1057c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainarstatic bool AdjacentShadowValuesAreFullyPoisoned(u8 *s) { 1058c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar return s[-1] > 127 && s[1] > 127; 1059c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar} 1060c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar 1061799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainarvoid ReportGenericError(uptr pc, uptr bp, uptr sp, uptr addr, bool is_write, 1062799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar uptr access_size, u32 exp, bool fatal) { 1063799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar if (!fatal && SuppressErrorReport(pc)) return; 106486277eb844c4983c81de62d7c050e92fe7155788Stephen Hines ENABLE_FRAME_POINTER; 1065c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar ScarinessScore SS; 1066c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar 1067c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar if (access_size) { 1068c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar if (access_size <= 9) { 1069c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar char desr[] = "?-byte"; 1070c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar desr[0] = '0' + access_size; 1071c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar SS.Scare(access_size + access_size / 2, desr); 1072c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar } else if (access_size >= 10) { 1073c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar SS.Scare(15, "multi-byte"); 1074c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar } 1075c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar is_write ? SS.Scare(20, "write") : SS.Scare(1, "read"); 1076c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar } 107786277eb844c4983c81de62d7c050e92fe7155788Stephen Hines 10787c9150579ed0278492f51cc8434b1d63a44b9bd1Pirama Arumuga Nainar // Optimization experiments. 10797c9150579ed0278492f51cc8434b1d63a44b9bd1Pirama Arumuga Nainar // The experiments can be used to evaluate potential optimizations that remove 10807c9150579ed0278492f51cc8434b1d63a44b9bd1Pirama Arumuga Nainar // instrumentation (assess false negatives). Instead of completely removing 10817c9150579ed0278492f51cc8434b1d63a44b9bd1Pirama Arumuga Nainar // some instrumentation, compiler can emit special calls into runtime 10827c9150579ed0278492f51cc8434b1d63a44b9bd1Pirama Arumuga Nainar // (e.g. __asan_report_exp_load1 instead of __asan_report_load1) and pass 10837c9150579ed0278492f51cc8434b1d63a44b9bd1Pirama Arumuga Nainar // mask of experiments (exp). 10847c9150579ed0278492f51cc8434b1d63a44b9bd1Pirama Arumuga Nainar // The reaction to a non-zero value of exp is to be defined. 10857c9150579ed0278492f51cc8434b1d63a44b9bd1Pirama Arumuga Nainar (void)exp; 10867c9150579ed0278492f51cc8434b1d63a44b9bd1Pirama Arumuga Nainar 10879873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov // Determine the error type. 1088c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov const char *bug_descr = "unknown-crash"; 1089c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar u8 shadow_val = 0; 1090c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov if (AddrIsInMem(addr)) { 1091c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov u8 *shadow_addr = (u8*)MemToShadow(addr); 1092c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov // If we are accessing 16 bytes, look at the second shadow byte. 1093c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov if (*shadow_addr == 0 && access_size > SHADOW_GRANULARITY) 1094c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov shadow_addr++; 1095c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov // If we are in the partial right redzone, look at the next shadow byte. 1096c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov if (*shadow_addr > 0 && *shadow_addr < 128) 1097c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov shadow_addr++; 1098c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bool far_from_bounds = false; 1099c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar shadow_val = *shadow_addr; 1100c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar int bug_type_score = 0; 1101c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar // For use-after-frees reads are almost as bad as writes. 1102c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar int read_after_free_bonus = 0; 1103c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar switch (shadow_val) { 1104c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov case kAsanHeapLeftRedzoneMagic: 1105c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov case kAsanHeapRightRedzoneMagic: 11066d1862363c88c183b0ed7740fca876342cf0474bStephen Hines case kAsanArrayCookieMagic: 1107c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov bug_descr = "heap-buffer-overflow"; 1108c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bug_type_score = 10; 1109c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 1110c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov break; 1111c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov case kAsanHeapFreeMagic: 1112c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov bug_descr = "heap-use-after-free"; 1113c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bug_type_score = 20; 1114c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar if (!is_write) read_after_free_bonus = 18; 1115c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov break; 1116c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov case kAsanStackLeftRedzoneMagic: 1117c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov bug_descr = "stack-buffer-underflow"; 1118c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bug_type_score = 25; 1119c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 1120c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov break; 11213945c58f9db42671b1a3b865fde5008f09a3a40eKostya Serebryany case kAsanInitializationOrderMagic: 11223945c58f9db42671b1a3b865fde5008f09a3a40eKostya Serebryany bug_descr = "initialization-order-fiasco"; 1123c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bug_type_score = 1; 11243945c58f9db42671b1a3b865fde5008f09a3a40eKostya Serebryany break; 1125c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov case kAsanStackMidRedzoneMagic: 1126c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov case kAsanStackRightRedzoneMagic: 1127c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov case kAsanStackPartialRedzoneMagic: 1128c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov bug_descr = "stack-buffer-overflow"; 1129c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bug_type_score = 25; 1130c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 1131c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov break; 1132c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov case kAsanStackAfterReturnMagic: 1133c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov bug_descr = "stack-use-after-return"; 1134c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bug_type_score = 30; 1135c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar if (!is_write) read_after_free_bonus = 18; 1136c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov break; 1137c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov case kAsanUserPoisonedMemoryMagic: 1138c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov bug_descr = "use-after-poison"; 1139c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bug_type_score = 20; 1140c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov break; 11412d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines case kAsanContiguousContainerOOBMagic: 11422d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines bug_descr = "container-overflow"; 1143c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bug_type_score = 10; 11442d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines break; 1145d4b5db8cb8a7a13bb5cc1d4ce53e8e088303c854Alexey Samsonov case kAsanStackUseAfterScopeMagic: 1146d4b5db8cb8a7a13bb5cc1d4ce53e8e088303c854Alexey Samsonov bug_descr = "stack-use-after-scope"; 1147c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bug_type_score = 10; 1148d4b5db8cb8a7a13bb5cc1d4ce53e8e088303c854Alexey Samsonov break; 1149c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov case kAsanGlobalRedzoneMagic: 1150c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov bug_descr = "global-buffer-overflow"; 1151c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bug_type_score = 10; 1152c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 1153c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov break; 11546d1862363c88c183b0ed7740fca876342cf0474bStephen Hines case kAsanIntraObjectRedzone: 11556d1862363c88c183b0ed7740fca876342cf0474bStephen Hines bug_descr = "intra-object-overflow"; 1156c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bug_type_score = 10; 11576d1862363c88c183b0ed7740fca876342cf0474bStephen Hines break; 115886277eb844c4983c81de62d7c050e92fe7155788Stephen Hines case kAsanAllocaLeftMagic: 115986277eb844c4983c81de62d7c050e92fe7155788Stephen Hines case kAsanAllocaRightMagic: 116086277eb844c4983c81de62d7c050e92fe7155788Stephen Hines bug_descr = "dynamic-stack-buffer-overflow"; 1161c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar bug_type_score = 25; 1162c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 116386277eb844c4983c81de62d7c050e92fe7155788Stephen Hines break; 1164c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov } 1165c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar SS.Scare(bug_type_score + read_after_free_bonus, bug_descr); 1166c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar if (far_from_bounds) 1167c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar SS.Scare(10, "far-from-bounds"); 1168c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov } 11696d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 11706d1862363c88c183b0ed7740fca876342cf0474bStephen Hines ReportData report = { pc, sp, bp, addr, (bool)is_write, access_size, 11716d1862363c88c183b0ed7740fca876342cf0474bStephen Hines bug_descr }; 1172799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar ScopedInErrorReport in_report(&report, fatal); 11736d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 117458f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Decorator d; 117558f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.Warning()); 117669d8ede30a0ef32c74af7e4e795eb4b4e7fb1d36Kostya Serebryany Report("ERROR: AddressSanitizer: %s on address " 11776d1862363c88c183b0ed7740fca876342cf0474bStephen Hines "%p at pc %p bp %p sp %p\n", 1178c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov bug_descr, (void*)addr, pc, bp, sp); 117958f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s", d.EndWarning()); 1180c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov 118189c1384464848c1ad041becf8b97936fa10de21bAlexey Samsonov u32 curr_tid = GetCurrentTidOrInvalid(); 1182716e2f25123bf9b20fbc6b582803a3929b78b96dKostya Serebryany char tname[128]; 118358f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany Printf("%s%s of size %zu at %p thread T%d%s%s\n", 118458f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany d.Access(), 118558f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany access_size ? (is_write ? "WRITE" : "READ") : "ACCESS", 118658f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany access_size, (void*)addr, curr_tid, 118758f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany ThreadNameWithParenthesis(curr_tid, tname, sizeof(tname)), 118858f54555c2528f863e211a0679c2c423cfa55fb2Kostya Serebryany d.EndAccess()); 1189c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov 1190c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar SS.Print(); 1191a30c8f9eac981dcf137e84226810b760e35c7be1Kostya Serebryany GET_STACK_TRACE_FATAL(pc, bp); 11922d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines stack.Print(); 1193c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov 1194cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar DescribeAddress(addr, access_size, bug_descr); 1195c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar if (shadow_val == kAsanContiguousContainerOOBMagic) 1196c58a43648cd6121c51a2e795a28e2ef90d7813e6Pirama Arumuga Nainar PrintContainerOverflowHint(); 11972fb08720b11b4c339e191b90d85477c6a2dd74dbAlexey Samsonov ReportErrorSummary(bug_descr, &stack); 11989873792adb79e9daa1594564cbe5b2d680c5ed13Alexey Samsonov PrintShadowMemoryForAddress(addr); 1199c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov} 1200c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov 1201799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar} // namespace __asan 1202799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 1203799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar// --------------------------- Interface --------------------- {{{1 1204799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainarusing namespace __asan; // NOLINT 1205799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 1206799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainarvoid __asan_report_error(uptr pc, uptr bp, uptr sp, uptr addr, int is_write, 1207799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar uptr access_size, u32 exp) { 1208799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar ENABLE_FRAME_POINTER; 1209799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar bool fatal = flags()->halt_on_error; 1210799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar ReportGenericError(pc, bp, sp, addr, is_write, access_size, exp, fatal); 1211799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar} 1212799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar 1213c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonovvoid NOINLINE __asan_set_error_report_callback(void (*callback)(const char*)) { 1214799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar BlockingMutexLock l(&error_message_buf_mutex); 1215c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov error_report_callback = callback; 1216c98570beff64ec0a513dcc11a4662ffba70e43ddAlexey Samsonov} 1217f657a1977b6053c76ca8393f574da7593ea3ea12Alexey Samsonov 121817a7c6763224300f6740b5e7fae274734afec675Kostya Serebryanyvoid __asan_describe_address(uptr addr) { 12196d1862363c88c183b0ed7740fca876342cf0474bStephen Hines // Thread registry must be locked while we're describing an address. 12206d1862363c88c183b0ed7740fca876342cf0474bStephen Hines asanThreadRegistry().Lock(); 1221cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar DescribeAddress(addr, 1, ""); 12226d1862363c88c183b0ed7740fca876342cf0474bStephen Hines asanThreadRegistry().Unlock(); 12236d1862363c88c183b0ed7740fca876342cf0474bStephen Hines} 12246d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 12256d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesint __asan_report_present() { 12266d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return report_happened ? 1 : 0; 12276d1862363c88c183b0ed7740fca876342cf0474bStephen Hines} 12286d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 12296d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesuptr __asan_get_report_pc() { 12306d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return report_data.pc; 12316d1862363c88c183b0ed7740fca876342cf0474bStephen Hines} 12326d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 12336d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesuptr __asan_get_report_bp() { 12346d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return report_data.bp; 12356d1862363c88c183b0ed7740fca876342cf0474bStephen Hines} 12366d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 12376d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesuptr __asan_get_report_sp() { 12386d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return report_data.sp; 12396d1862363c88c183b0ed7740fca876342cf0474bStephen Hines} 12406d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 12416d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesuptr __asan_get_report_address() { 12426d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return report_data.addr; 12436d1862363c88c183b0ed7740fca876342cf0474bStephen Hines} 12446d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 12456d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesint __asan_get_report_access_type() { 12466d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return report_data.is_write ? 1 : 0; 12476d1862363c88c183b0ed7740fca876342cf0474bStephen Hines} 12486d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 12496d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesuptr __asan_get_report_access_size() { 12506d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return report_data.access_size; 12516d1862363c88c183b0ed7740fca876342cf0474bStephen Hines} 12526d1862363c88c183b0ed7740fca876342cf0474bStephen Hines 12536d1862363c88c183b0ed7740fca876342cf0474bStephen Hinesconst char *__asan_get_report_description() { 12546d1862363c88c183b0ed7740fca876342cf0474bStephen Hines return report_data.description; 125517a7c6763224300f6740b5e7fae274734afec675Kostya Serebryany} 125617a7c6763224300f6740b5e7fae274734afec675Kostya Serebryany 12572d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesextern "C" { 12582d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen HinesSANITIZER_INTERFACE_ATTRIBUTE 12592d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesvoid __sanitizer_ptr_sub(void *a, void *b) { 12602d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines CheckForInvalidPointerPair(a, b); 12612d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines} 12622d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen HinesSANITIZER_INTERFACE_ATTRIBUTE 12632d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesvoid __sanitizer_ptr_cmp(void *a, void *b) { 12642d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines CheckForInvalidPointerPair(a, b); 12652d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines} 1266799172d60d32feb1acba1a6867f3a9c39a999e5cPirama Arumuga Nainar} // extern "C" 12672d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines 12686a08d29b2020004b801ca69d8aea5872a7e67d72Alexey Samsonov#if !SANITIZER_SUPPORTS_WEAK_HOOKS 1269866334332ff8c2a1b7f3715224614b6b75a7578cAlexey Samsonov// Provide default implementation of __asan_on_error that does nothing 1270866334332ff8c2a1b7f3715224614b6b75a7578cAlexey Samsonov// and may be overriden by user. 12713c80c6c574850106481f82b9e23d1c728458d4a9Timur IskhodzhanovSANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE NOINLINE 1272866334332ff8c2a1b7f3715224614b6b75a7578cAlexey Samsonovvoid __asan_on_error() {} 12736a08d29b2020004b801ca69d8aea5872a7e67d72Alexey Samsonov#endif 1274