[Bug sanitizer/105396] missed stack-buffer-overflow by -O0

jakub at gcc dot gnu.org via Gcc-bugs Tue, 26 Apr 2022 07:39:37 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105396


--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
So, the bug is clearly in asan_redzone_buffer::emit_redzone_byte.
The off == offset case is handled correctly, but the other case is valid only
if the gap is bigger such that we need to flush in between.

--- gcc/asan.cc.jj      2022-02-19 09:03:50.000000000 +0100
+++ gcc/asan.cc 2022-04-26 16:36:55.717551793 +0200
@@ -1502,6 +1502,15 @@ asan_redzone_buffer::emit_redzone_byte (
       m_shadow_bytes.safe_push (value);
       flush_if_full ();
     }
+  else if (offset < m_prev_offset + ASAN_SHADOW_GRANULARITY * RZ_BUFFER_SIZE
+          && !m_shadow_bytes.is_empty ())
+    {
+      /* Shadow memory byte with a small gap.  */
+      for (; off < offset; off += ASAN_SHADOW_GRANULARITY)
+       m_shadow_bytes.safe_push (0);
+      m_shadow_bytes.safe_push (value);
+      flush_if_full ();
+    }
   else
     {
       if (!m_shadow_bytes.is_empty ())

fixes this.

[Bug sanitizer/105396] missed stack-buffer-overflow by -O0

Reply via email to