Issue 66 in address-sanitizer: "heap-use-after-free" is printed for buffer overflow bugs.
address-...@googlecode.com
Owner: konstant...@gmail.com
Labels: Type-Defect Priority-Medium
New issue 66 by konstant...@gmail.com: "heap-use-after-free" is printed for
buffer overflow bugs.
http://code.google.com/p/address-sanitizer/issues/detail?id=66
In some cases asan mistakenly reports "heap-use-after-free" instead
of "heap-buffer-overflow".
./bin_linux/asan_test64 --gtest_filter=*BufferOverflowAfterManeFrees
--gtest_also_run_disabled_tests
==11906== ERROR: AddressSanitizer heap-use-after-free
...
0x7fa16a0b0080 is located 0 bytes to the right of 8192-byte region
[0x7fa16a0ae080,0x7fa16a0b0080)
allocated by thread T0 here:
address-...@googlecode.com
Comment #1 on issue 66 by konstant...@gmail.com: "heap-use-after-free" is
http://code.google.com/p/address-sanitizer/issues/detail?id=66
This fix is simple (below), but it may have non-zero performance cost.
Will check next week.
===================================================================
--- asan_allocator.cc (revision 155126)
+++ asan_allocator.cc (working copy)
@@ -498,6 +498,7 @@
CHECK(m->chunk_state == CHUNK_QUARANTINE);
m->chunk_state = CHUNK_AVAILABLE;
+ PoisonShadow((uintptr_t)m, m->Size(), kAsanHeapLeftRedzoneMagic);
CHECK(m->alloc_tid >= 0);
CHECK(m->free_tid >= 0);
address-...@googlecode.com
Status: Fixed
Comment #2 on issue 66 by konstant...@gmail.com: "heap-use-after-free" is
printed for buffer overflow bugs.
http://code.google.com/p/address-sanitizer/issues/detail?id=66
This change slows down the stress test by 5%:
(ASAN_OPTIONS=quarantine_size=1 ./bin_linux/asan_test64
--gtest_filter=AddressSanitizer.MallocStressTest)
This translates to a tolerable extra slowdown on usual programs.
LLVM r155344.