Hi,

02 Дек 2016 г. 7:30 пользователь "steven shi" <shijunj...@gmail.com>
написал:
>
> Hello,
> With the experts' help in this community, I've enabled the Asan for
global and stack buffer in my bare-mental platform firmware, thanks a lot.
> But I find the current Asan doesn't support to protect the structure
inner elements, E.g. the global_array[11] in below code. Unfortunately,
most of important data are defined through structure in my firmware, and if
the Asan doesn't support to protect structure inner elements, most of my
data memory access will not be protected by Asan. So, could we let Asan
support structure inner elements?
>
> Well, I understand it is not safe to just instrument red-zone between
structure inner elements like current Asan does on global variable.  We
also need to handle the sizeof(), offsetof() macro, the alignment pragma,
and maybe others. Could we extend Asan scope beyond IR to Clang front-end
to do some source-to-source conversion to handle these issue? E.g. for no
alignment enforced structure,  replace the structure inner elements with
red-zone instrumented version, and let the sizeof() be-aware of the size
change. Is it possible?

Won't this break separate sanitization? E.g. if I have libfoo.so that has
struct Foo as part of its ABI and I want to test it with ASan, I'll need to
recompile not only libfoo.so, but all dependent libraries too to make sure
they caught up the changed layout of struct Foo. This sounds like a bad
idea for me.
Or maybe I've just missed something?

>
> #include <stdio.h>
>
> #pragma pack (1)
> typedef struct {
>   int  Name;
>   int  Version;
> } HEADER;
> #pragma pack ()
>
> typedef struct {
>   HEADER  Header;
>   int     global_array[11];
>   int     Tailer;
> } TABLE;
>
>
> TABLE Table;
>
> int main(int argc, char **argv) {
>   int Num;
>   void *ptr;
>
>   Num = 11;
>   Table.global_array[Num] = 0x87654321; // redzones is only rounded up to
bound of the structure outermost which cause miss structure inner field
buffer overflow here
>   printf("Table.global_array[%d]=0x%x\n", Num, Table.global_array[Num]);
>
>   Table.global_array[0] = 0x12345678;
>   ptr = &Table;
>   ptr += sizeof(Table.Header); // Could we let the "sizeof" be Asan aware
to support RedZone instrumentation in structure inner field?
>   printf("*ptr=0x%x\n", *(unsigned int *)ptr);
>   return 1;
> }
>
> --
> You received this message because you are subscribed to the Google Groups
"address-sanitizer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to address-sanitizer+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to address-sanitizer+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to