Hello, With the experts' help in this community, I've enabled the Asan for global and stack buffer in my bare-mental platform firmware, thanks a lot. But I find the current Asan doesn't support to protect the structure inner elements, E.g. the global_array[11] in below code. Unfortunately, most of important data are defined through structure in my firmware, and if the Asan doesn't support to protect structure inner elements, most of my data memory access will not be protected by Asan. So, could we let Asan support structure inner elements?
Well, I understand it is not safe to just instrument red-zone between structure inner elements like current Asan does on global variable. We also need to handle the sizeof(), offsetof() macro, the alignment pragma, and maybe others. Could we extend Asan scope beyond IR to Clang front-end to do some source-to-source conversion to handle these issue? E.g. for no alignment enforced structure, replace the structure inner elements with red-zone instrumented version, and let the sizeof() be-aware of the size change. Is it possible? #include <stdio.h> #pragma pack (1) typedef struct { int Name; int Version; } HEADER; #pragma pack () typedef struct { HEADER Header; int global_array[11]; int Tailer; } TABLE; TABLE Table; int main(int argc, char **argv) { int Num; void *ptr; Num = 11; Table.global_array[Num] = 0x87654321; // redzones is only rounded up to bound of the structure outermost which cause miss structure inner field buffer overflow here printf("Table.global_array[%d]=0x%x\n", Num, Table.global_array[Num]); Table.global_array[0] = 0x12345678; ptr = &Table; ptr += sizeof(Table.Header); // Could we let the "sizeof" be Asan aware to support RedZone instrumentation in structure inner field? printf("*ptr=0x%x\n", *(unsigned int *)ptr); return 1; } -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to address-sanitizer+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.