Re: AddressSanitizer and issue suppression

Some time ago I've been thinking about adding a flag for each interceptor that disables checks in that interceptor similar to replace_intrin flag. Using suppressions for that sounds more flexible, but we must make sure the users do not try to suppress errors in instrumented code. (For example we

Re: AddressSanitizer's allocator

On Fri, Sep 26, 2014 at 12:29 PM, Jonas Wagner jonas.wag...@epfl.ch wrote: Thanks a lot for all these replies! They really help me understand the design. When I measured performance of sanitizer allocator against tcmalloc on a large real application that calls malloc a lot, sanitizer

Re: Keep global variables metadata in redzone

This approach has a serious drawback: because you're going to keep data in the redzones, all your globals will be moved from .bss to .data. This may increase the amount of memory used by the program. I've considered a somewhat similar solution for the -gc-section problem (see

Re: Keep global variables metadata in redzone

Here's some experimental data. I've compiled sqlite3.c, which is a 128KLOC file from Chromium. The resulting IR file contained 3470 __asan_gen_* variables, including 2418 string literals and 1052 __asan_global_source_location structs. There were 1069 records in the array of __asan_global

Re: How to check error log of ASAN in Linux for an xyz.o file?

If I'm understanding you correctly, by xyz.o you're referring to an executable, not an object file, correct? We don't have per-object file logs. Normally ASan won't write anything to the log unless an error happens. You can add verbosity=1 to your ASAN_OPTIONS to enforce the log creation. On Thu,

Re: How to check error log of ASAN in Linux for an xyz.o file?

There's plenty of information directly readable from this report. As one can see, the bug is at line 4 of example_GlobalOutOfBounds.cc (that's stack frame #0). The program is reading 4 bytes behind the global variable called "global_array" of size 400. The shadow dump won't tell you more in this

Re: How to check error log of ASAN in Linux for an xyz.o file?

Consider ./xyz is the name of your executable file, which has been compiled and linked with -fsanitize=address. Please note that you don't need to export ASAN_OPTIONS when compiling the binary (that's how I understood your first letter). Then you can invoke it as follows: $

Re: How to check error log of ASAN in Linux for an xyz.o file?

May I ask you to post the actual report you want to analyze? sent from phone On Sep 17, 2016 9:43 AM, "Karthigaasri Thirunavukkarasu" < karthigaasri...@gmail.com> wrote: > Thank you again for your valuable insight...Can you help me with how to > analyse the error that is being reported by ASAN

Re: Making adaptive redzones less aggressive

On Sat, Jul 15, 2017 at 4:39 PM, Yuri Gribov wrote: > Hi all, > > From reading the original feature request in > https://github.com/google/sanitizers/issues/8 it seems that adaptive > redzones were mainly meant for catching overflows in arrays of large > objects e.g. > >

Re: Clang and Address Sanitizer

Most certainly the access to global_array[200] ends up touching a valid location in g[], and the access to g[200] lands somewhere in a region that has a shadow value of 0. Unfortunately ASan can only detect a buffer overflow if the memory access touches unaddressable memory (i.e. that with

Re: Clang and Address Sanitizer

sue which is not handled by address sanitizer ? > > On 02-May-2017 5:45 pm, "'Alexander Potapenko' via address-sanitizer" > <address-sanitizer@googlegroups.com> wrote: >> >> Most certainly the access to global_array[200] ends up touching a >> valid locat

Re: ASAN on embedded platform (Cortex-M) ?

On Tue, Mar 19, 2019 at 2:06 PM Thomas Legrand wrote: > > Hello, > > > > I’m totally new to ASAN, I’m using latest GCC ARM compiler for embedded > projects. > > I was wondering if someone already tried to use ASAN on embedded platforms > like Cortex-M ? No idea, but at least it's not officially

Re: Suppression of stack-buffer-overflow

Hi Michael, This report is already severe enough to stop by and fix it. A write overflowing a stack buffer can be potentially exploited to gain control of your program, not to mention the possible stability issues caused by accidentally overwriting other variables and/or stack pointer. HTH, Alex

Re: ASAN - How to suppress strlen Error ?

You can check out ASan documentation on issue suppression: https://clang.llvm.org/docs/AddressSanitizer.html#suppressing-reports-in-external-libraries But instead I would make sure the string in question is NULL-terminated. Calling strlen() on non-terminated string may cause your code crash in

Re: ASAN read-only poisoned by user shadow byte

On Thu, Dec 12, 2019 at 2:12 PM Andrea Fioraldi wrote: > > Hi Glider, thank you for the quick answer. > I've some doubt, correct me if I'm wrong. > > > No, right now it's not possible. ASan instrumentation doesn't distinguish > > between a read and a write. > > if ((addr >> 3) + offset)

Re: Over write store instruction and purpose of -fsanitize=address

Hi Fakharu, you don't mention the compiler you want to modify, but I advise you to use Clang. The instrumentation is implemented in AddressSanitizer.cpp (https://llvm.org/doxygen/AddressSanitizer_8cpp_source.html), and the function that actually adds instrumentation is called