On Wed, May 17, 2017 at 1:24 PM, Maxim Ostapenko
<m.ostape...@samsung.com> wrote:
> Hi,
>
> this patch implements dynamic allocas/VLAs sanitization in ASan. Basically,
> this is implemented at compiler part in the following way:
>
> 1) For each __builtin_alloca{_with_align} increase its size and alignment to
> contain ASan redzones.
> 2) Poison redzones by calling __asan_alloca_poison(alloc_addr, size) ASan
> runtime library function.
> 3) Remember last allocated address into separate variable called
> 'last_alloca_addr'. This will be used to implement unpoisoning stuff.
> 4) On each stackrestore/return perform dynamic stack unpoisoning by calling
> __asan_allocas_unpoison(last_alloca_addr, restored_sp) library function.
>
> With this patch I was able to find two bugs in GCC itself [1], [2] as well
> as catch a bug in Radare2 [3] initially found by Clang + LibFuzzer.
> I've also managed to build Chromium but didn't find any errors there.
>
> Does this patch looks sensible for GCC? Any feedback/suggestions would be
> greatly appreciated.
>
> Thanks,
> -Maxim
>
> [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=72765
> [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80798
> [3] https://github.com/radare/radare2/issues/6918Cc-ed sanitizer maintainers.
