*Test code, asan_memcpy.cpp:*
*#include <stdio.h>#include <stdlib.h>int main(){ int *array = (int
*)malloc(sizeof(int) * 100); printf("Now should be an error:
memcpy-param-overlap\n"); memcpy(array, array+1, sizeof(int)*8);
return 0;}*
*Android.mk*
*include $(CLEAR_VARS)LOCAL_SRC_FILES := asan_memcpy.cppLOCAL_MODULE_TAGS
:= engLOCAL_ADDRESS_SANITIZER:=trueLOCAL_MODULE := asan_memcpyinclude
$(BUILD_EXECUTABLE)*
*Run asanwrapper asan_memcpy in adb shell, no error that Asan detected. The
disassemable of asan_memcpy as below:*
*000006cc <main>:#include <stdio.h>#include <stdlib.h>int main(){ 6cc:
b5b0 push {r4, r5, r7, lr} 6ce: af02 add r7,
sp, #8 6d0: b0c4 sub sp, #272 ; 0x110 6d2:
466c mov r4, sp 6d4: f024 041f bic.w r4, r4,
#31 6d8: 46a5 mov sp, r4 6da: 488a ldr
r0, [pc, #552] ; (904 <main+0x238>) 6dc: 498a ldr r1,
[pc, #552] ; (908 <main+0x23c>) 6de: 4479 add r1,
pc 6e0: 5840 ldr r0, [r0, r1] 6e2: 6800
ldr r0, [r0, #0] 6e4: 9043 str r0, [sp, #268] ;
0x10c 6e6: a818 add r0, sp, #96 ; 0x60 6e8: f100
0220 add.w r2, r0, #32 6ec: 4613 mov r3, r2 6ee:
f100 0c60 add.w ip, r0, #96 ; 0x60 6f2: 4686
mov lr, r0 6f4: f648 24b3 movw r4, #35507 ;
0x8ab3 6f8: f2c4 14b5 movt r4, #16821 ; 0x41b5 6fc:
9418 str r4, [sp, #96] ; 0x60 6fe: 4c83
ldr r4, [pc, #524] ; (90c <main+0x240>) 700: 440c add
r4, r1 702: 9419 str r4, [sp, #100] ; 0x64 704:
4c82 ldr r4, [pc, #520] ; (910 <main+0x244>) 706:
5861 ldr r1, [r4, r1] 708: 911a str r1,
[sp, #104] ; 0x68 70a: 08c0 lsrs r0, r0, #3 70c:
4601 mov r1, r0 70e: f04f 34f1 mov.w r4,
#4059165169 ; 0xf1f1f1f1 712: 6004 str r4, [r0, #0] 714:
f24f 4404 movw r4, #62468 ; 0xf404 718: f2cf 44f4
movt r4, #62708 ; 0xf4f4 71c: 6044 str r4, [r0,
#4] 71e: f04f 35f2 mov.w r5, #4076008178 ; 0xf2f2f2f2 722:
6085 str r5, [r0, #8] 724: 60c4 str r4,
[r0, #12] 726: f04f 34f3 mov.w r4, #4092851187 ;
0xf3f3f3f3 72a: 6104 str r4, [r0, #16] 72c:
4610 mov r0, r2 72e: 08d2 lsrs r2, r2,
#3 730: 7812 ldrb r2, [r2, #0] 732: 2a00
cmp r2, #0 734: f8cd e05c str.w lr, [sp, #92] ; 0x5c 738:
f8cd c058 str.w ip, [sp, #88] ; 0x58 73c: 9015
str r0, [sp, #84] ; 0x54 73e: 9314 str r3, [sp,
#80] ; 0x50 740: 9113 str r1, [sp, #76] ; 0x4c 742:
9212 str r2, [sp, #72] ; 0x48 744: d00c
beq.n 760 <main+0x94> 746: e7ff b.n 748
<main+0x7c> 748: 9815 ldr r0, [sp, #84] ; 0x54 74a:
f000 0107 and.w r1, r0, #7 74e: 3103 adds r1,
#3 750: 9a12 ldr r2, [sp, #72] ; 0x48 752:
b253 sxtb r3, r2 754: 4299 cmp r1, r3 756:
db03 blt.n 760 <main+0x94> 758: e7ff b.n 75a
<main+0x8e> 75a: 9815 ldr r0, [sp, #84] ; 0x54 75c:
f7ff ef20 blx 5a0 <__asan_report_store4@plt> 760:
2000 movs r0, #0 762: 9914 ldr r1, [sp,
#80] ; 0x50 764: 6008 str r0, [r1, #0] 766: f44f
70c8 mov.w r0, #400 ; 0x190 int *array = (int
*)malloc(sizeof(int) * 100); 76a: f7ff ef20 blx 5ac
<malloc@plt> 76e: 9916 ldr r1, [sp, #88] ; 0x58 770:
9a16 ldr r2, [sp, #88] ; 0x58 772: 08d3
lsrs r3, r2, #3 774: 781b ldrb r3, [r3, #0] 776:
2b00 cmp r3, #0 778: 9011 str r0, [sp,
#68] ; 0x44 77a: 9110 str r1, [sp, #64] ; 0x40 77c:
930f str r3, [sp, #60] ; 0x3c 77e: d00c
beq.n 79a <main+0xce> 780: e7ff b.n 782
<main+0xb6> 782: 9810 ldr r0, [sp, #64] ; 0x40 784:
f000 0107 and.w r1, r0, #7 788: 3103 adds r1,
#3 78a: 9a0f ldr r2, [sp, #60] ; 0x3c 78c:
b253 sxtb r3, r2 78e: 4299 cmp r1, r3 790:
db03 blt.n 79a <main+0xce> 792: e7ff b.n 794
<main+0xc8> 794: 9810 ldr r0, [sp, #64] ; 0x40 796:
f7ff ef04 blx 5a0 <__asan_report_store4@plt> 79a:
9811 ldr r0, [sp, #68] ; 0x44 79c: 9916
ldr r1, [sp, #88] ; 0x58 79e: 6008 str r0, [r1,
#0] printf("Now should be an error: memcpy-param-overlap\n"); 7a0:
4a5c ldr r2, [pc, #368] ; (914 <main+0x248>) 7a2:
4b5d ldr r3, [pc, #372] ; (918 <main+0x24c>) 7a4:
447b add r3, pc 7a6: 18d0 adds r0, r2,
r3 7a8: f7ff ef06 blx 5b8 <printf@plt> memcpy(array,
array+1, sizeof(int)*8); 7ac: 9916 ldr r1, [sp, #88] ;
0x58 7ae: 9a16 ldr r2, [sp, #88] ; 0x58 7b0:
08d3 lsrs r3, r2, #3 7b2: 781b ldrb r3, [r3,
#0] 7b4: 2b00 cmp r3, #0 7b6: 900e str
r0, [sp, #56] ; 0x38 7b8: 910d str r1, [sp, #52] ;
0x34 7ba: 930c str r3, [sp, #48] ; 0x30 7bc:
d00c beq.n 7d8 <main+0x10c> 7be: e7ff b.n 7c0
<main+0xf4> 7c0: 980d ldr r0, [sp, #52] ; 0x34 7c2:
f000 0107 and.w r1, r0, #7 7c6: 3103 adds r1,
#3 7c8: 9a0c ldr r2, [sp, #48] ; 0x30 7ca:
b253 sxtb r3, r2 7cc: 4299 cmp r1, r3 7ce:
db03 blt.n 7d8 <main+0x10c> 7d0: e7ff b.n 7d2
<main+0x106> 7d2: 980d ldr r0, [sp, #52] ; 0x34 7d4:
f7ff eef6 blx 5c4 <__asan_report_load4@plt> 7d8:
9816 ldr r0, [sp, #88] ; 0x58 7da: 6801
ldr r1, [r0, #0] 7dc: 460a mov r2, r1 7de:
460b mov r3, r1 7e0: f101 0c04 add.w ip, r1,
#4 7e4: 46e6 mov lr, ip 7e6: 08cc lsrs r4,
r1, #3 7e8: 7824 ldrb r4, [r4, #0] 7ea: 2c00
cmp r4, #0 7ec: 910b str r1, [sp, #44] ; 0x2c 7ee:
920a str r2, [sp, #40] ; 0x28 7f0: 9309
str r3, [sp, #36] ; 0x24 7f2: f8cd e020 str.w lr, [sp,
#32] 7f6: f8cd c01c str.w ip, [sp, #28] 7fa: 9406
str r4, [sp, #24] 7fc: d00c beq.n 818
<main+0x14c> 7fe: e7ff b.n 800 <main+0x134> 800:
980b ldr r0, [sp, #44] ; 0x2c 802: f000 0107
and.w r1, r0, #7 806: 9a06 ldr r2, [sp, #24] 808:
b253 sxtb r3, r2 80a: 4299 cmp r1, r3 80c:
db04 blt.n 818 <main+0x14c> 80e: e7ff b.n 810
<main+0x144> 810: 2120 movs r1, #32 812: 980b
ldr r0, [sp, #44] ; 0x2c 814: f7ff eedc blx 5d0
<__asan_report_store_n@plt> 818: 980a ldr r0, [sp, #40]
; 0x28 81a: f100 011f add.w r1, r0, #31 81e: 460a
mov r2, r1 820: 08c9 lsrs r1, r1, #3 822:
7809 ldrb r1, [r1, #0] 824: 2900 cmp r1,
#0 826: 9205 str r2, [sp, #20] 828: 9104
str r1, [sp, #16] 82a: d00c beq.n 846
<main+0x17a> 82c: e7ff b.n 82e <main+0x162> 82e:
9805 ldr r0, [sp, #20] 830: f000 0107 and.w r1,
r0, #7 834: 9a04 ldr r2, [sp, #16] 836: b253
sxtb r3, r2 838: 4299 cmp r1, r3 83a: db04
blt.n 846 <main+0x17a> 83c: e7ff b.n 83e
<main+0x172> 83e: 2120 movs r1, #32 840: 9805
ldr r0, [sp, #20] 842: f7ff eec6 blx 5d0
<__asan_report_store_n@plt> 846: 9808 ldr r0, [sp,
#32] 848: 9908 ldr r1, [sp, #32] 84a: 08ca
lsrs r2, r1, #3 84c: 7812 ldrb r2, [r2, #0] 84e:
2a00 cmp r2, #0 850: 9003 str r0, [sp,
#12] 852: 9202 str r2, [sp, #8] 854: d00c
beq.n 870 <main+0x1a4> 856: e7ff b.n 858
<main+0x18c> 858: 9803 ldr r0, [sp, #12] 85a: f000
0107 and.w r1, r0, #7 85e: 9a02 ldr r2, [sp,
#8] 860: b253 sxtb r3, r2 862: 4299 cmp
r1, r3 864: db04 blt.n 870 <main+0x1a4> 866:
e7ff b.n 868 <main+0x19c> 868: 2120 movs r1,
#32 86a: 9803 ldr r0, [sp, #12] 86c: f7ff eeb6
blx 5dc <__asan_report_load_n@plt> 870: 9808 ldr r0,
[sp, #32] 872: f100 011f add.w r1, r0, #31 876: 460a
mov r2, r1 878: 08c9 lsrs r1, r1, #3 87a:
7809 ldrb r1, [r1, #0] 87c: 2900 cmp r1,
#0 87e: 9201 str r2, [sp, #4] 880: 9100
str r1, [sp, #0] 882: d00c beq.n 89e <main+0x1d2> 884:
e7ff b.n 886 <main+0x1ba> 886: 9801 ldr r0,
[sp, #4] 888: f000 0107 and.w r1, r0, #7 88c: 9a00
ldr r2, [sp, #0] 88e: b253 sxtb r3, r2 890:
4299 cmp r1, r3 892: db04 blt.n 89e
<main+0x1d2> 894: e7ff b.n 896 <main+0x1ca> 896:
2120 movs r1, #32 898: 9801 ldr r0, [sp,
#4] 89a: f7ff eea0 blx 5dc <__asan_report_load_n@plt> 89e:
9807 ldr r0, [sp, #28] 8a0: f960 0a8f vld1.32
{d16-d17}, [r0] 8a4: 9909 ldr r1, [sp, #36] ;
0x24 8a6: f941 0a8f vst1.32 {d16-d17}, [r1] 8aa: f101 0210
add.w r2, r1, #16 8ae: f100 0310 add.w r3, r0, #16 8b2: f963
0a8f vld1.32 {d16-d17}, [r3] 8b6: f942 0a8f vst1.32
{d16-d17}, [r2] 8ba: f243 620e movw r2, #13838 ;
0x360e 8be: f2c4 52e0 movt r2, #17888 ; 0x45e0 return
0; 8c2: 9b17 ldr r3, [sp, #92] ; 0x5c 8c4:
601a str r2, [r3, #0] 8c6: efc0 0050 vmov.i32
q8, #0 ; 0x00000000 8ca: 9a13 ldr r2, [sp, #76] ;
0x4c 8cc: f942 0a8f vst1.32 {d16-d17}, [r2] 8d0: f04f 0c00
mov.w ip, #0 8d4: f8c2 c010 str.w ip, [r2, #16] 8d8: f8df
c028 ldr.w ip, [pc, #40] ; 904 <main+0x238> 8dc: f8df
e03c ldr.w lr, [pc, #60] ; 91c <main+0x250> 8e0:
44fe add lr, pc 8e2: f85c c00e ldr.w ip, [ip,
lr] 8e6: f8dc c000 ldr.w ip, [ip] 8ea: f8dd e10c ldr.w
lr, [sp, #268] ; 0x10c 8ee: 45f4 cmp ip, lr 8f0:
d105 bne.n 8fe <main+0x232> 8f2: e7ff b.n 8f4
<main+0x228> 8f4: 2000 movs r0, #0 8f6: f1a7 0408
sub.w r4, r7, #8 8fa: 46a5 mov sp, r4 8fc:
bdb0 pop {r4, r5, r7, pc} 8fe: f7ff ee74 blx 5e8
<__stack_chk_fail@plt> 902: bf00 nop 904: fff4
ffff ; <UNDEFINED> instruction: 0xfff4ffff 908:
18e2 adds r2, r4, r3 90a: 0000 movs r0,
r0 90c: ea84 ffff ; <UNDEFINED> instruction:
0xea84ffff 910: fff0 ffff ; <UNDEFINED>
instruction: 0xfff0ffff 914: ea1c ffff ;
<UNDEFINED> instruction: 0xea1cffff 918: 181c adds r4, r3,
r0 91a: 0000 movs r0, r0 91c: 16e0 asrs r0,
r4, #27*
*I thought memcpy disassemable should have "blx 32c <memcpy@plt>" line,
so it can call the interceptors in libasan_preload.so, but now seems we got
some buildin functions in Clang?* *The same happened at memmove, that the
interceptors not working now.*
--
You received this message because you are subscribed to the Google Groups
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
