Lines Matching +full:frame +full:- +full:buffer
1 //===-- hwasan_report.cpp -------------------------------------------------===//
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
7 //===----------------------------------------------------------------------===//
12 //===----------------------------------------------------------------------===//
59 if (common_flags()->print_module_map >= 2 ||
60 (fatal && common_flags()->print_module_map))
70 error_message_ptr_->Append(msg);
93 void AppendToErrorMessageBuffer(const char *buffer) {
94 ScopedReport::MaybeAppendToErrorMessage(buffer);
108 "https://source.android.com/docs/security/test/memory-safety/"
109 "hwasan-reports\n");
114 // A RAII object that holds a copy of the current thread stack ring buffer.
115 // The actual stack buffer may change while we are iterating over it (for
124 StackAllocationsRingBuffer *rb = t->stack_allocations();
125 uptr size = rb->size() * sizeof(uptr);
129 thread_id_ = t->unique_id();
135 UnmapOrDie(rb->StartOfStorage(), rb->size() * sizeof(uptr));
174 for (uptr i = 0, size = rb->size(); i < size; i++) {
183 // Measure the number of heap ring buffer entries that would have matched
184 // if we had only one entry per address (e.g. if the ring buffer data was
192 // Measure the number of heap ring buffer entries that would have matched
195 return p & ((1ULL << 60) - 1);
207 uptr frames = Min((uptr)flags()->stack_history_size, sa->size());
219 uptr pc_mask = (1ULL << kRecordFPShift) - 1;
221 FrameInfo frame;
222 if (!Symbolizer::GetOrInit()->SymbolizeFrame(pc, &frame))
224 for (LocalInfo &local : frame.locals) {
235 // We only store bits 4-19 of FP (bits 0-3 are guaranteed to be zero).
247 local_beg -= kRecordFPModulus;
249 uptr offset = -1ull;
260 offset = untagged_addr - local_beg;
262 cause = "use-after-scope";
268 uptr new_offset = untagged_addr - local_end;
272 cause = "stack-buffer-overflow";
276 uptr new_offset = local_beg - untagged_addr;
280 cause = "stack-buffer-overflow";
301 StackTracePrinter::GetOrInit()->RenderSourceLocation(
303 common_flags()->symbolize_vs_style,
304 common_flags()->strip_path_prefix);
306 "%p is located %zd bytes %s a %zd-byte local variable %s "
314 frame.Clear();
329 uptr pc_mask = (1ULL << 48) - 1;
334 Symbolizer::GetOrInit()->SymbolizePC(pc));
335 const SymbolizedStack *frame = symbolized_stack.get();
336 if (frame) {
337 StackTracePrinter::GetOrInit()->RenderFrame(
338 &frame_desc, " %F %L", 0, frame->info.address, &frame->info,
339 common_flags()->symbolize_vs_style,
340 common_flags()->strip_path_prefix);
348 // necessary. This may return a false positive if tags 1-15 are used as a
353 if (*tag_ptr == 0 || *tag_ptr > kShadowAlignment - 1)
356 tag_t inline_tag = *reinterpret_cast<tag_t *>(mem + kShadowAlignment - 1);
362 // from the debug info - but we might be able to retrieve it from the
371 reinterpret_cast<const u8 *>(ehdr) + ehdr->e_phoff);
374 // position-independent code, but can be different on non-PIE executables,
379 ArrayRef<const ElfW(Phdr)>(phdr_begin, phdr_begin + ehdr->e_phnum)) {
382 load_bias = reinterpret_cast<ElfW(Addr)>(ehdr) - phdr.p_vaddr;
390 HwasanGlobalsFor(load_bias, phdr_begin, ehdr->e_phnum))
405 constexpr uptr kShortDumpOffset = (kShadowLines - kShortLines) / 2 * kDumpWidth;
410 addr -= kDumpWidth * (kShadowLines / 2);
419 uptr beg_row = center_row_beg - kDumpWidth * (num_rows / 2);
465 "HardwareAssistedAddressSanitizerDesign.html#short-granules for a "
471 return stack->size ? StackTrace::GetPreviousInstructionPc(stack->trace[0])
575 ~(kShadowAlignment - 1));
578 u8 in_granule_offset = (untagged_addr + offset) & (kShadowAlignment - 1);
579 tag_t short_tag = granule_ptr[kShadowAlignment - 1];
586 offset += mem_tag - in_granule_offset;
610 result.short_tags[i - kShortDumpOffset] =
611 *reinterpret_cast<tag_t *>(granule_addr + kShadowAlignment - 1);
619 uptr idx = addr - shadow.addr;
626 uptr idx = addr - shadow.addr - kShortDumpOffset;
653 t->AddrIsInStack(untagged_addr)) {
658 // Scan all threads' ring buffers to find if it's a heap-use-after-free.
661 if (FindHeapAllocation(t->heap_allocations(), tagged_addr, &har,
669 ha.free_thread_id = t->unique_id();
682 // Check if this looks like a heap buffer overflow by scanning
694 --left;
726 offset = untagged_addr - candidate.heap.begin;
729 offset = untagged_addr - candidate.heap.end;
732 offset = candidate.heap.begin - untagged_addr;
736 Printf("\nCause: heap-buffer-overflow\n");
739 Printf("%p is located %zd bytes %s a %zd-byte region [%p,%p)\n",
741 candidate.heap.end - candidate.heap.begin, candidate.heap.begin,
754 if (sym->GetModuleNameAndOffsetForPC(candidate.untagged_addr, &module_name,
757 Printf("\nCause: global-overflow\n");
761 if (sym->SymbolizeData(candidate.untagged_addr, &info) && info.start) {
763 "%p is located %zd bytes %s a %zd-byte global variable "
766 candidate.after ? untagged_addr - (info.start + info.size)
767 : info.start - untagged_addr,
781 "%p is located %s a %zd-byte global variable in "
808 untagged_addr - heap.begin, d.Default());
813 if (thread_id == t->unique_id())
814 t->Announce();
822 Printf("\nCause: stack tag-mismatch\n");
842 Printf("\nCause: use-after-free\n");
844 Printf("%p is located %zd bytes inside a %zd-byte region [%p,%p)\n",
845 untagged_addr, untagged_addr - UntagAddr(har.tagged_addr),
859 // in the thread's deallocation ring buffer.
861 flags()->heap_history_size);
877 if (flags()->print_live_threads_info) {
879 hwasanThreadList().VisitAllLiveThreads([&](Thread *t) { t->Announce(); });
904 : BaseReport(stack, flags()->halt_on_error, tagged_addr, 0) {}
914 const char *bug_type = "invalid-free";
918 SanitizerToolName, bug_type, untagged_addr, pc, thread->unique_id());
930 stack->Print();
942 : BaseReport(stack, flags()->halt_on_error, tagged_addr, 0),
944 tail_size(kShadowAlignment - (orig_size % kShadowAlignment)) {
954 actual_expected[tail_size - 1] = ptr_tag;
968 const char *bug_type = "allocation-tail-overwritten";
978 stack->Print();
989 for (uptr i = 0; i < kShadowAlignment - tail_size; i++) s.Append(".. ");
993 for (uptr i = 0; i < kShadowAlignment - tail_size; i++) s.Append(".. ");
997 for (uptr i = 0; i < kShadowAlignment - tail_size; i++) s.Append(" ");
1002 "\nThis error occurs when a buffer overflow overwrites memory\n"
1003 "after a heap object, but within the %zd-byte granule, e.g.\n"
1012 GetCurrentThread()->Announce();
1035 // TODO: when possible, try to print heap-use-after-free, etc.
1036 const char *bug_type = "tag-mismatch";
1053 mem_tag, short_tag, t->unique_id());
1057 mem_tag, t->unique_id());
1063 stack->Print();
1066 t->Announce();
1093 // See the frame breakdown defined in __hwasan_tag_mismatch (from
1095 void ReportRegisters(const uptr *frame, uptr pc) {
1104 frame[0], frame[1], frame[2], frame[3]);
1107 reinterpret_cast<const u8 *>(frame) + 256, frame[1], frame[2],
1108 frame[3]);
1111 frame[4], frame[5], frame[6], frame[7]);
1113 frame[8], frame[9], frame[10], frame[11]);
1115 frame[12], frame[13], frame[14], frame[15]);
1117 frame[16], frame[17], frame[18], frame[19]);
1119 frame[20], frame[21], frame[22], frame[23]);
1121 frame[24], frame[25], frame[26], frame[27]);
1125 Printf(" x28 %016llx x29 %016llx x30 %016llx sp %016llx\n", frame[28],
1126 frame[29], frame[30], reinterpret_cast<const u8 *>(frame) + 256);
1128 Printf(" x28 %016llx x29 %016llx x30 %016llx x31 %016llx\n", frame[28],
1129 frame[29], frame[30], frame[31]);