Hello,
I'm porting the Asan RT lib to my firmware, and I meet a issue to block my
shadow memory checking work correctly. I have to update the Asan core logic
macro to let it works in my side, and I hope some expert could help me
understand below code correctly.
LLVM Asan use below macro to check whether the addr shadow memory is
poisoned or not. My issue is about the line 166 condition: (*size *>=
SHADOW_GRANULARITY || ...), and I have to update it as (s >=
SHADOW_GRANULARITY || ...). I think the "size" is just from hard code
INTERFACE function name definition (e.g. ASAN_MEMORY_ACCESS_CALLBACK(load,
false, 16)), and its values are one of {1,2,4,8,16}. So, for __asan_load8
and __asan_load16 with 8 granularity, the "size" will be 8 and 16, and (size
>= SHADOW_GRANULARITY) will always be true, isn't it wrong? My
understanding is we need check the addr shadow memory value here to make
sure the addr's shadow memory value is less than its covered
SHADOW_GRANULARITY bound. Appreciate any clarification about this code.
http://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/asan/asan_rtl.cc
line 161:
#define ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp_arg,
fatal) \
uptr sp =
MEM_TO_SHADOW(addr); \
uptr s = size <= SHADOW_GRANULARITY ? *reinterpret_cast<u8
*>(sp) \
: *reinterpret_cast<u16
*>(sp); \
if (UNLIKELY(s))
{ \
if (UNLIKELY(*size *>= SHADOW_GRANULARITY
|| \
((s8)((addr & (SHADOW_GRANULARITY - 1)) + size - 1))
>= \
(s8)s))
{ \
if (__asan_test_only_reported_buggy_pointer)
{ \
*__asan_test_only_reported_buggy_pointer =
addr; \
} else
{ \
GET_CALLER_PC_BP_SP; \
ReportGenericError(pc, bp, sp, addr, is_write, size,
exp_arg, \
fatal); \
} \
} \
}
My updated version:
#define ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp_arg,
fatal) \
uptr sp =
MEM_TO_SHADOW(addr); \
uptr s = size <= SHADOW_GRANULARITY ? *reinterpret_cast<u8
*>(sp) \
: *reinterpret_cast<u16
*>(sp); \
if (UNLIKELY(s))
{ \
if (UNLIKELY(*s*>= SHADOW_GRANULARITY
|| \
((s8)((addr & (SHADOW_GRANULARITY - 1)) + size - 1))
>= \
(s8)s))
{ \
if (__asan_test_only_reported_buggy_pointer)
{ \
*__asan_test_only_reported_buggy_pointer =
addr; \
} else
{ \
GET_CALLER_PC_BP_SP; \
ReportGenericError(pc, bp, sp, addr, is_write, size,
exp_arg, \
fatal); \
} \
} \
}
--
You received this message because you are subscribed to the Google Groups
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
