On Wed, May 17, 2017 at 1:24 PM, Maxim Ostapenko <m.ostape...@samsung.com> wrote: > Hi, > > this patch implements dynamic allocas/VLAs sanitization in ASan. Basically, > this is implemented at compiler part in the following way: > > 1) For each __builtin_alloca{_with_align} increase its size and alignment to > contain ASan redzones. > 2) Poison redzones by calling __asan_alloca_poison(alloc_addr, size) ASan > runtime library function. > 3) Remember last allocated address into separate variable called > 'last_alloca_addr'. This will be used to implement unpoisoning stuff. > 4) On each stackrestore/return perform dynamic stack unpoisoning by calling > __asan_allocas_unpoison(last_alloca_addr, restored_sp) library function. > > With this patch I was able to find two bugs in GCC itself [1], [2] as well > as catch a bug in Radare2 [3] initially found by Clang + LibFuzzer. > I've also managed to build Chromium but didn't find any errors there. > > Does this patch looks sensible for GCC? Any feedback/suggestions would be > greatly appreciated. > > Thanks, > -Maxim > > [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=72765 > [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80798 > [3] https://github.com/radare/radare2/issues/6918
Cc-ed sanitizer maintainers.