1217222abSNico Weber //===-- asan_errors.cpp -----------------------------------------*- C++ -*-===// 2217222abSNico Weber // 3217222abSNico Weber // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4217222abSNico Weber // See https://llvm.org/LICENSE.txt for license information. 5217222abSNico Weber // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6217222abSNico Weber // 7217222abSNico Weber //===----------------------------------------------------------------------===// 8217222abSNico Weber // 9217222abSNico Weber // This file is a part of AddressSanitizer, an address sanity checker. 10217222abSNico Weber // 11217222abSNico Weber // ASan implementation for error structures. 12217222abSNico Weber //===----------------------------------------------------------------------===// 13217222abSNico Weber 14217222abSNico Weber #include "asan_errors.h" 15217222abSNico Weber #include "asan_descriptions.h" 16217222abSNico Weber #include "asan_mapping.h" 17217222abSNico Weber #include "asan_report.h" 18217222abSNico Weber #include "asan_stack.h" 19217222abSNico Weber #include "sanitizer_common/sanitizer_stackdepot.h" 20217222abSNico Weber 21217222abSNico Weber namespace __asan { 22217222abSNico Weber 23217222abSNico Weber static void OnStackUnwind(const SignalContext &sig, 24217222abSNico Weber const void *callback_context, 25217222abSNico Weber BufferedStackTrace *stack) { 26217222abSNico Weber bool fast = common_flags()->fast_unwind_on_fatal; 27217222abSNico Weber #if SANITIZER_FREEBSD || SANITIZER_NETBSD 28217222abSNico Weber // On FreeBSD the slow unwinding that leverages _Unwind_Backtrace() 29217222abSNico Weber // yields the call stack of the signal's handler and not of the code 30217222abSNico Weber // that raised the signal (as it does on Linux). 31217222abSNico Weber fast = true; 32217222abSNico Weber #endif 33217222abSNico Weber // Tests and maybe some users expect that scariness is going to be printed 34217222abSNico Weber // just before the stack. As only asan has scariness score we have no 35217222abSNico Weber // corresponding code in the sanitizer_common and we use this callback to 36217222abSNico Weber // print it. 37217222abSNico Weber static_cast<const ScarinessScoreBase *>(callback_context)->Print(); 38d39e7e2cSVitaly Buka stack->Unwind(StackTrace::GetNextInstructionPc(sig.pc), sig.bp, sig.context, 39d39e7e2cSVitaly Buka fast); 40217222abSNico Weber } 41217222abSNico Weber 42217222abSNico Weber void ErrorDeadlySignal::Print() { 43217222abSNico Weber ReportDeadlySignal(signal, tid, &OnStackUnwind, &scariness); 44217222abSNico Weber } 45217222abSNico Weber 46217222abSNico Weber void ErrorDoubleFree::Print() { 47217222abSNico Weber Decorator d; 48217222abSNico Weber Printf("%s", d.Error()); 49629b40daSMartin Liska Report("ERROR: AddressSanitizer: attempting %s on %p in thread %s:\n", 50629b40daSMartin Liska scariness.GetDescription(), (void *)addr_description.addr, 51217222abSNico Weber AsanThreadIdAndName(tid).c_str()); 52217222abSNico Weber Printf("%s", d.Default()); 53217222abSNico Weber scariness.Print(); 54217222abSNico Weber GET_STACK_TRACE_FATAL(second_free_stack->trace[0], 55217222abSNico Weber second_free_stack->top_frame_bp); 56217222abSNico Weber stack.Print(); 57217222abSNico Weber addr_description.Print(); 58217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), &stack); 59217222abSNico Weber } 60217222abSNico Weber 61217222abSNico Weber void ErrorNewDeleteTypeMismatch::Print() { 62217222abSNico Weber Decorator d; 63217222abSNico Weber Printf("%s", d.Error()); 64629b40daSMartin Liska Report("ERROR: AddressSanitizer: %s on %p in thread %s:\n", 65629b40daSMartin Liska scariness.GetDescription(), (void *)addr_description.addr, 66217222abSNico Weber AsanThreadIdAndName(tid).c_str()); 67217222abSNico Weber Printf("%s object passed to delete has wrong type:\n", d.Default()); 68217222abSNico Weber if (delete_size != 0) { 69217222abSNico Weber Printf( 70217222abSNico Weber " size of the allocated type: %zd bytes;\n" 71217222abSNico Weber " size of the deallocated type: %zd bytes.\n", 72217222abSNico Weber addr_description.chunk_access.chunk_size, delete_size); 73217222abSNico Weber } 74217222abSNico Weber const uptr user_alignment = 75217222abSNico Weber addr_description.chunk_access.user_requested_alignment; 76217222abSNico Weber if (delete_alignment != user_alignment) { 77217222abSNico Weber char user_alignment_str[32]; 78217222abSNico Weber char delete_alignment_str[32]; 79217222abSNico Weber internal_snprintf(user_alignment_str, sizeof(user_alignment_str), 80217222abSNico Weber "%zd bytes", user_alignment); 81217222abSNico Weber internal_snprintf(delete_alignment_str, sizeof(delete_alignment_str), 82217222abSNico Weber "%zd bytes", delete_alignment); 83217222abSNico Weber static const char *kDefaultAlignment = "default-aligned"; 84217222abSNico Weber Printf( 85217222abSNico Weber " alignment of the allocated type: %s;\n" 86217222abSNico Weber " alignment of the deallocated type: %s.\n", 87217222abSNico Weber user_alignment > 0 ? user_alignment_str : kDefaultAlignment, 88217222abSNico Weber delete_alignment > 0 ? delete_alignment_str : kDefaultAlignment); 89217222abSNico Weber } 90217222abSNico Weber CHECK_GT(free_stack->size, 0); 91217222abSNico Weber scariness.Print(); 92217222abSNico Weber GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); 93217222abSNico Weber stack.Print(); 94217222abSNico Weber addr_description.Print(); 95217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), &stack); 96217222abSNico Weber Report( 97217222abSNico Weber "HINT: if you don't care about these errors you may set " 98217222abSNico Weber "ASAN_OPTIONS=new_delete_type_mismatch=0\n"); 99217222abSNico Weber } 100217222abSNico Weber 101217222abSNico Weber void ErrorFreeNotMalloced::Print() { 102217222abSNico Weber Decorator d; 103217222abSNico Weber Printf("%s", d.Error()); 104217222abSNico Weber Report( 105217222abSNico Weber "ERROR: AddressSanitizer: attempting free on address " 106217222abSNico Weber "which was not malloc()-ed: %p in thread %s\n", 107629b40daSMartin Liska (void *)addr_description.Address(), AsanThreadIdAndName(tid).c_str()); 108217222abSNico Weber Printf("%s", d.Default()); 109217222abSNico Weber CHECK_GT(free_stack->size, 0); 110217222abSNico Weber scariness.Print(); 111217222abSNico Weber GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); 112217222abSNico Weber stack.Print(); 113217222abSNico Weber addr_description.Print(); 114217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), &stack); 115217222abSNico Weber } 116217222abSNico Weber 117217222abSNico Weber void ErrorAllocTypeMismatch::Print() { 118217222abSNico Weber static const char *alloc_names[] = {"INVALID", "malloc", "operator new", 119217222abSNico Weber "operator new []"}; 120217222abSNico Weber static const char *dealloc_names[] = {"INVALID", "free", "operator delete", 121217222abSNico Weber "operator delete []"}; 122217222abSNico Weber CHECK_NE(alloc_type, dealloc_type); 123217222abSNico Weber Decorator d; 124217222abSNico Weber Printf("%s", d.Error()); 125217222abSNico Weber Report("ERROR: AddressSanitizer: %s (%s vs %s) on %p\n", 126217222abSNico Weber scariness.GetDescription(), alloc_names[alloc_type], 127629b40daSMartin Liska dealloc_names[dealloc_type], (void *)addr_description.Address()); 128217222abSNico Weber Printf("%s", d.Default()); 129217222abSNico Weber CHECK_GT(dealloc_stack->size, 0); 130217222abSNico Weber scariness.Print(); 131217222abSNico Weber GET_STACK_TRACE_FATAL(dealloc_stack->trace[0], dealloc_stack->top_frame_bp); 132217222abSNico Weber stack.Print(); 133217222abSNico Weber addr_description.Print(); 134217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), &stack); 135217222abSNico Weber Report( 136217222abSNico Weber "HINT: if you don't care about these errors you may set " 137217222abSNico Weber "ASAN_OPTIONS=alloc_dealloc_mismatch=0\n"); 138217222abSNico Weber } 139217222abSNico Weber 140217222abSNico Weber void ErrorMallocUsableSizeNotOwned::Print() { 141217222abSNico Weber Decorator d; 142217222abSNico Weber Printf("%s", d.Error()); 143217222abSNico Weber Report( 144217222abSNico Weber "ERROR: AddressSanitizer: attempting to call malloc_usable_size() for " 145217222abSNico Weber "pointer which is not owned: %p\n", 146629b40daSMartin Liska (void *)addr_description.Address()); 147217222abSNico Weber Printf("%s", d.Default()); 148217222abSNico Weber stack->Print(); 149217222abSNico Weber addr_description.Print(); 150217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 151217222abSNico Weber } 152217222abSNico Weber 153217222abSNico Weber void ErrorSanitizerGetAllocatedSizeNotOwned::Print() { 154217222abSNico Weber Decorator d; 155217222abSNico Weber Printf("%s", d.Error()); 156217222abSNico Weber Report( 157217222abSNico Weber "ERROR: AddressSanitizer: attempting to call " 158217222abSNico Weber "__sanitizer_get_allocated_size() for pointer which is not owned: %p\n", 159629b40daSMartin Liska (void *)addr_description.Address()); 160217222abSNico Weber Printf("%s", d.Default()); 161217222abSNico Weber stack->Print(); 162217222abSNico Weber addr_description.Print(); 163217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 164217222abSNico Weber } 165217222abSNico Weber 166217222abSNico Weber void ErrorCallocOverflow::Print() { 167217222abSNico Weber Decorator d; 168217222abSNico Weber Printf("%s", d.Error()); 169217222abSNico Weber Report( 170217222abSNico Weber "ERROR: AddressSanitizer: calloc parameters overflow: count * size " 171217222abSNico Weber "(%zd * %zd) cannot be represented in type size_t (thread %s)\n", 172217222abSNico Weber count, size, AsanThreadIdAndName(tid).c_str()); 173217222abSNico Weber Printf("%s", d.Default()); 174217222abSNico Weber stack->Print(); 175217222abSNico Weber PrintHintAllocatorCannotReturnNull(); 176217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 177217222abSNico Weber } 178217222abSNico Weber 179217222abSNico Weber void ErrorReallocArrayOverflow::Print() { 180217222abSNico Weber Decorator d; 181217222abSNico Weber Printf("%s", d.Error()); 182217222abSNico Weber Report( 183217222abSNico Weber "ERROR: AddressSanitizer: reallocarray parameters overflow: count * size " 184217222abSNico Weber "(%zd * %zd) cannot be represented in type size_t (thread %s)\n", 185217222abSNico Weber count, size, AsanThreadIdAndName(tid).c_str()); 186217222abSNico Weber Printf("%s", d.Default()); 187217222abSNico Weber stack->Print(); 188217222abSNico Weber PrintHintAllocatorCannotReturnNull(); 189217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 190217222abSNico Weber } 191217222abSNico Weber 192217222abSNico Weber void ErrorPvallocOverflow::Print() { 193217222abSNico Weber Decorator d; 194217222abSNico Weber Printf("%s", d.Error()); 195217222abSNico Weber Report( 196217222abSNico Weber "ERROR: AddressSanitizer: pvalloc parameters overflow: size 0x%zx " 197217222abSNico Weber "rounded up to system page size 0x%zx cannot be represented in type " 198217222abSNico Weber "size_t (thread %s)\n", 199217222abSNico Weber size, GetPageSizeCached(), AsanThreadIdAndName(tid).c_str()); 200217222abSNico Weber Printf("%s", d.Default()); 201217222abSNico Weber stack->Print(); 202217222abSNico Weber PrintHintAllocatorCannotReturnNull(); 203217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 204217222abSNico Weber } 205217222abSNico Weber 206217222abSNico Weber void ErrorInvalidAllocationAlignment::Print() { 207217222abSNico Weber Decorator d; 208217222abSNico Weber Printf("%s", d.Error()); 209217222abSNico Weber Report( 210217222abSNico Weber "ERROR: AddressSanitizer: invalid allocation alignment: %zd, " 211217222abSNico Weber "alignment must be a power of two (thread %s)\n", 212217222abSNico Weber alignment, AsanThreadIdAndName(tid).c_str()); 213217222abSNico Weber Printf("%s", d.Default()); 214217222abSNico Weber stack->Print(); 215217222abSNico Weber PrintHintAllocatorCannotReturnNull(); 216217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 217217222abSNico Weber } 218217222abSNico Weber 219217222abSNico Weber void ErrorInvalidAlignedAllocAlignment::Print() { 220217222abSNico Weber Decorator d; 221217222abSNico Weber Printf("%s", d.Error()); 222217222abSNico Weber #if SANITIZER_POSIX 223217222abSNico Weber Report("ERROR: AddressSanitizer: invalid alignment requested in " 224217222abSNico Weber "aligned_alloc: %zd, alignment must be a power of two and the " 225217222abSNico Weber "requested size 0x%zx must be a multiple of alignment " 226217222abSNico Weber "(thread %s)\n", alignment, size, AsanThreadIdAndName(tid).c_str()); 227217222abSNico Weber #else 228217222abSNico Weber Report("ERROR: AddressSanitizer: invalid alignment requested in " 229217222abSNico Weber "aligned_alloc: %zd, the requested size 0x%zx must be a multiple of " 230217222abSNico Weber "alignment (thread %s)\n", alignment, size, 231217222abSNico Weber AsanThreadIdAndName(tid).c_str()); 232217222abSNico Weber #endif 233217222abSNico Weber Printf("%s", d.Default()); 234217222abSNico Weber stack->Print(); 235217222abSNico Weber PrintHintAllocatorCannotReturnNull(); 236217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 237217222abSNico Weber } 238217222abSNico Weber 239217222abSNico Weber void ErrorInvalidPosixMemalignAlignment::Print() { 240217222abSNico Weber Decorator d; 241217222abSNico Weber Printf("%s", d.Error()); 242217222abSNico Weber Report( 243217222abSNico Weber "ERROR: AddressSanitizer: invalid alignment requested in posix_memalign: " 244217222abSNico Weber "%zd, alignment must be a power of two and a multiple of sizeof(void*) " 245217222abSNico Weber "== %zd (thread %s)\n", 246c0fa6322SVitaly Buka alignment, sizeof(void *), AsanThreadIdAndName(tid).c_str()); 247217222abSNico Weber Printf("%s", d.Default()); 248217222abSNico Weber stack->Print(); 249217222abSNico Weber PrintHintAllocatorCannotReturnNull(); 250217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 251217222abSNico Weber } 252217222abSNico Weber 253217222abSNico Weber void ErrorAllocationSizeTooBig::Print() { 254217222abSNico Weber Decorator d; 255217222abSNico Weber Printf("%s", d.Error()); 256217222abSNico Weber Report( 257217222abSNico Weber "ERROR: AddressSanitizer: requested allocation size 0x%zx (0x%zx after " 258217222abSNico Weber "adjustments for alignment, red zones etc.) exceeds maximum supported " 259217222abSNico Weber "size of 0x%zx (thread %s)\n", 260217222abSNico Weber user_size, total_size, max_size, AsanThreadIdAndName(tid).c_str()); 261217222abSNico Weber Printf("%s", d.Default()); 262217222abSNico Weber stack->Print(); 263217222abSNico Weber PrintHintAllocatorCannotReturnNull(); 264217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 265217222abSNico Weber } 266217222abSNico Weber 267217222abSNico Weber void ErrorRssLimitExceeded::Print() { 268217222abSNico Weber Decorator d; 269217222abSNico Weber Printf("%s", d.Error()); 270217222abSNico Weber Report( 271217222abSNico Weber "ERROR: AddressSanitizer: specified RSS limit exceeded, currently set to " 272217222abSNico Weber "soft_rss_limit_mb=%zd\n", common_flags()->soft_rss_limit_mb); 273217222abSNico Weber Printf("%s", d.Default()); 274217222abSNico Weber stack->Print(); 275217222abSNico Weber PrintHintAllocatorCannotReturnNull(); 276217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 277217222abSNico Weber } 278217222abSNico Weber 279217222abSNico Weber void ErrorOutOfMemory::Print() { 280217222abSNico Weber Decorator d; 281217222abSNico Weber Printf("%s", d.Error()); 282e1d84c42SLeonard Chan ERROR_OOM("allocator is trying to allocate 0x%zx bytes\n", requested_size); 283217222abSNico Weber Printf("%s", d.Default()); 284217222abSNico Weber stack->Print(); 285217222abSNico Weber PrintHintAllocatorCannotReturnNull(); 286217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 287217222abSNico Weber } 288217222abSNico Weber 289217222abSNico Weber void ErrorStringFunctionMemoryRangesOverlap::Print() { 290217222abSNico Weber Decorator d; 291217222abSNico Weber char bug_type[100]; 292217222abSNico Weber internal_snprintf(bug_type, sizeof(bug_type), "%s-param-overlap", function); 293217222abSNico Weber Printf("%s", d.Error()); 294217222abSNico Weber Report( 295217222abSNico Weber "ERROR: AddressSanitizer: %s: memory ranges [%p,%p) and [%p, %p) " 296217222abSNico Weber "overlap\n", 297629b40daSMartin Liska bug_type, (void *)addr1_description.Address(), 298629b40daSMartin Liska (void *)(addr1_description.Address() + length1), 299629b40daSMartin Liska (void *)addr2_description.Address(), 300629b40daSMartin Liska (void *)(addr2_description.Address() + length2)); 301217222abSNico Weber Printf("%s", d.Default()); 302217222abSNico Weber scariness.Print(); 303217222abSNico Weber stack->Print(); 304217222abSNico Weber addr1_description.Print(); 305217222abSNico Weber addr2_description.Print(); 306217222abSNico Weber ReportErrorSummary(bug_type, stack); 307217222abSNico Weber } 308217222abSNico Weber 309217222abSNico Weber void ErrorStringFunctionSizeOverflow::Print() { 310217222abSNico Weber Decorator d; 311217222abSNico Weber Printf("%s", d.Error()); 312217222abSNico Weber Report("ERROR: AddressSanitizer: %s: (size=%zd)\n", 313217222abSNico Weber scariness.GetDescription(), size); 314217222abSNico Weber Printf("%s", d.Default()); 315217222abSNico Weber scariness.Print(); 316217222abSNico Weber stack->Print(); 317217222abSNico Weber addr_description.Print(); 318217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 319217222abSNico Weber } 320217222abSNico Weber 321217222abSNico Weber void ErrorBadParamsToAnnotateContiguousContainer::Print() { 322217222abSNico Weber Report( 323217222abSNico Weber "ERROR: AddressSanitizer: bad parameters to " 324217222abSNico Weber "__sanitizer_annotate_contiguous_container:\n" 325217222abSNico Weber " beg : %p\n" 326217222abSNico Weber " end : %p\n" 327217222abSNico Weber " old_mid : %p\n" 328217222abSNico Weber " new_mid : %p\n", 329629b40daSMartin Liska (void *)beg, (void *)end, (void *)old_mid, (void *)new_mid); 330217222abSNico Weber stack->Print(); 331217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), stack); 332217222abSNico Weber } 333217222abSNico Weber 3341c5ad6d2SAdvenam Tacet void ErrorBadParamsToAnnotateDoubleEndedContiguousContainer::Print() { 3351c5ad6d2SAdvenam Tacet Report( 3361c5ad6d2SAdvenam Tacet "ERROR: AddressSanitizer: bad parameters to " 3371c5ad6d2SAdvenam Tacet "__sanitizer_annotate_double_ended_contiguous_container:\n" 3381c5ad6d2SAdvenam Tacet " storage_beg : %p\n" 3391c5ad6d2SAdvenam Tacet " storage_end : %p\n" 3401c5ad6d2SAdvenam Tacet " old_container_beg : %p\n" 3411c5ad6d2SAdvenam Tacet " old_container_end : %p\n" 3421c5ad6d2SAdvenam Tacet " new_container_beg : %p\n" 3431c5ad6d2SAdvenam Tacet " new_container_end : %p\n", 3441c5ad6d2SAdvenam Tacet (void *)storage_beg, (void *)storage_end, (void *)old_container_beg, 3451c5ad6d2SAdvenam Tacet (void *)old_container_end, (void *)new_container_beg, 3461c5ad6d2SAdvenam Tacet (void *)new_container_end); 3471c5ad6d2SAdvenam Tacet stack->Print(); 3481c5ad6d2SAdvenam Tacet ReportErrorSummary(scariness.GetDescription(), stack); 3491c5ad6d2SAdvenam Tacet } 3501c5ad6d2SAdvenam Tacet 351*c76045d9STacet void ErrorBadParamsToCopyContiguousContainerAnnotations::Print() { 352*c76045d9STacet Report( 353*c76045d9STacet "ERROR: AddressSanitizer: bad parameters to " 354*c76045d9STacet "__sanitizer_copy_contiguous_container_annotations:\n" 355*c76045d9STacet " src_storage_beg : %p\n" 356*c76045d9STacet " src_storage_end : %p\n" 357*c76045d9STacet " dst_storage_beg : %p\n" 358*c76045d9STacet " new_storage_end : %p\n", 359*c76045d9STacet (void *)old_storage_beg, (void *)old_storage_end, (void *)new_storage_beg, 360*c76045d9STacet (void *)new_storage_end); 361*c76045d9STacet stack->Print(); 362*c76045d9STacet ReportErrorSummary(scariness.GetDescription(), stack); 363*c76045d9STacet } 364*c76045d9STacet 365217222abSNico Weber void ErrorODRViolation::Print() { 366217222abSNico Weber Decorator d; 367217222abSNico Weber Printf("%s", d.Error()); 368217222abSNico Weber Report("ERROR: AddressSanitizer: %s (%p):\n", scariness.GetDescription(), 369629b40daSMartin Liska (void *)global1.beg); 370217222abSNico Weber Printf("%s", d.Default()); 371e0dadf3dSVitaly Buka InternalScopedString g1_loc; 372e0dadf3dSVitaly Buka InternalScopedString g2_loc; 373ee7d41d1SFangrui Song PrintGlobalLocation(&g1_loc, global1, /*print_module_name=*/true); 374ee7d41d1SFangrui Song PrintGlobalLocation(&g2_loc, global2, /*print_module_name=*/true); 375217222abSNico Weber Printf(" [1] size=%zd '%s' %s\n", global1.size, 376217222abSNico Weber MaybeDemangleGlobalName(global1.name), g1_loc.data()); 377217222abSNico Weber Printf(" [2] size=%zd '%s' %s\n", global2.size, 378217222abSNico Weber MaybeDemangleGlobalName(global2.name), g2_loc.data()); 379217222abSNico Weber if (stack_id1 && stack_id2) { 380217222abSNico Weber Printf("These globals were registered at these points:\n"); 381217222abSNico Weber Printf(" [1]:\n"); 382217222abSNico Weber StackDepotGet(stack_id1).Print(); 383217222abSNico Weber Printf(" [2]:\n"); 384217222abSNico Weber StackDepotGet(stack_id2).Print(); 385217222abSNico Weber } 386217222abSNico Weber Report( 387217222abSNico Weber "HINT: if you don't care about these errors you may set " 388217222abSNico Weber "ASAN_OPTIONS=detect_odr_violation=0\n"); 389e0dadf3dSVitaly Buka InternalScopedString error_msg; 3905b7dfa96SVitaly Buka error_msg.AppendF("%s: global '%s' at %s", scariness.GetDescription(), 391217222abSNico Weber MaybeDemangleGlobalName(global1.name), g1_loc.data()); 392217222abSNico Weber ReportErrorSummary(error_msg.data()); 393217222abSNico Weber } 394217222abSNico Weber 395217222abSNico Weber void ErrorInvalidPointerPair::Print() { 396217222abSNico Weber Decorator d; 397217222abSNico Weber Printf("%s", d.Error()); 398217222abSNico Weber Report("ERROR: AddressSanitizer: %s: %p %p\n", scariness.GetDescription(), 399629b40daSMartin Liska (void *)addr1_description.Address(), 400629b40daSMartin Liska (void *)addr2_description.Address()); 401217222abSNico Weber Printf("%s", d.Default()); 402217222abSNico Weber GET_STACK_TRACE_FATAL(pc, bp); 403217222abSNico Weber stack.Print(); 404217222abSNico Weber addr1_description.Print(); 405217222abSNico Weber addr2_description.Print(); 406217222abSNico Weber ReportErrorSummary(scariness.GetDescription(), &stack); 407217222abSNico Weber } 408217222abSNico Weber 409217222abSNico Weber static bool AdjacentShadowValuesAreFullyPoisoned(u8 *s) { 410217222abSNico Weber return s[-1] > 127 && s[1] > 127; 411217222abSNico Weber } 412217222abSNico Weber 413217222abSNico Weber ErrorGeneric::ErrorGeneric(u32 tid, uptr pc_, uptr bp_, uptr sp_, uptr addr, 414217222abSNico Weber bool is_write_, uptr access_size_) 415217222abSNico Weber : ErrorBase(tid), 416217222abSNico Weber addr_description(addr, access_size_, /*shouldLockThreadRegistry=*/false), 417217222abSNico Weber pc(pc_), 418217222abSNico Weber bp(bp_), 419217222abSNico Weber sp(sp_), 420217222abSNico Weber access_size(access_size_), 421217222abSNico Weber is_write(is_write_), 422217222abSNico Weber shadow_val(0) { 423217222abSNico Weber scariness.Clear(); 424217222abSNico Weber if (access_size) { 425217222abSNico Weber if (access_size <= 9) { 426217222abSNico Weber char desr[] = "?-byte"; 427217222abSNico Weber desr[0] = '0' + access_size; 428217222abSNico Weber scariness.Scare(access_size + access_size / 2, desr); 429217222abSNico Weber } else if (access_size >= 10) { 430217222abSNico Weber scariness.Scare(15, "multi-byte"); 431217222abSNico Weber } 432217222abSNico Weber is_write ? scariness.Scare(20, "write") : scariness.Scare(1, "read"); 433217222abSNico Weber 434217222abSNico Weber // Determine the error type. 435217222abSNico Weber bug_descr = "unknown-crash"; 436217222abSNico Weber if (AddrIsInMem(addr)) { 437217222abSNico Weber u8 *shadow_addr = (u8 *)MemToShadow(addr); 438217222abSNico Weber // If we are accessing 16 bytes, look at the second shadow byte. 439ad56941aSKirill Stoimenov if (*shadow_addr == 0 && access_size > ASAN_SHADOW_GRANULARITY) 440ad56941aSKirill Stoimenov shadow_addr++; 441217222abSNico Weber // If we are in the partial right redzone, look at the next shadow byte. 442217222abSNico Weber if (*shadow_addr > 0 && *shadow_addr < 128) shadow_addr++; 443217222abSNico Weber bool far_from_bounds = false; 444217222abSNico Weber shadow_val = *shadow_addr; 445217222abSNico Weber int bug_type_score = 0; 446217222abSNico Weber // For use-after-frees reads are almost as bad as writes. 447217222abSNico Weber int read_after_free_bonus = 0; 448217222abSNico Weber switch (shadow_val) { 449217222abSNico Weber case kAsanHeapLeftRedzoneMagic: 450217222abSNico Weber case kAsanArrayCookieMagic: 451217222abSNico Weber bug_descr = "heap-buffer-overflow"; 452217222abSNico Weber bug_type_score = 10; 453217222abSNico Weber far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 454217222abSNico Weber break; 455217222abSNico Weber case kAsanHeapFreeMagic: 456217222abSNico Weber bug_descr = "heap-use-after-free"; 457217222abSNico Weber bug_type_score = 20; 458217222abSNico Weber if (!is_write) read_after_free_bonus = 18; 459217222abSNico Weber break; 460217222abSNico Weber case kAsanStackLeftRedzoneMagic: 461217222abSNico Weber bug_descr = "stack-buffer-underflow"; 462217222abSNico Weber bug_type_score = 25; 463217222abSNico Weber far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 464217222abSNico Weber break; 465217222abSNico Weber case kAsanInitializationOrderMagic: 466217222abSNico Weber bug_descr = "initialization-order-fiasco"; 467217222abSNico Weber bug_type_score = 1; 468217222abSNico Weber break; 469217222abSNico Weber case kAsanStackMidRedzoneMagic: 470217222abSNico Weber case kAsanStackRightRedzoneMagic: 471217222abSNico Weber bug_descr = "stack-buffer-overflow"; 472217222abSNico Weber bug_type_score = 25; 473217222abSNico Weber far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 474217222abSNico Weber break; 475217222abSNico Weber case kAsanStackAfterReturnMagic: 476217222abSNico Weber bug_descr = "stack-use-after-return"; 477217222abSNico Weber bug_type_score = 30; 478217222abSNico Weber if (!is_write) read_after_free_bonus = 18; 479217222abSNico Weber break; 480217222abSNico Weber case kAsanUserPoisonedMemoryMagic: 481217222abSNico Weber bug_descr = "use-after-poison"; 482217222abSNico Weber bug_type_score = 20; 483217222abSNico Weber break; 484217222abSNico Weber case kAsanContiguousContainerOOBMagic: 485217222abSNico Weber bug_descr = "container-overflow"; 486217222abSNico Weber bug_type_score = 10; 487217222abSNico Weber break; 488217222abSNico Weber case kAsanStackUseAfterScopeMagic: 489217222abSNico Weber bug_descr = "stack-use-after-scope"; 490217222abSNico Weber bug_type_score = 10; 491217222abSNico Weber break; 492217222abSNico Weber case kAsanGlobalRedzoneMagic: 493217222abSNico Weber bug_descr = "global-buffer-overflow"; 494217222abSNico Weber bug_type_score = 10; 495217222abSNico Weber far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 496217222abSNico Weber break; 497217222abSNico Weber case kAsanIntraObjectRedzone: 498217222abSNico Weber bug_descr = "intra-object-overflow"; 499217222abSNico Weber bug_type_score = 10; 500217222abSNico Weber break; 501217222abSNico Weber case kAsanAllocaLeftMagic: 502217222abSNico Weber case kAsanAllocaRightMagic: 503217222abSNico Weber bug_descr = "dynamic-stack-buffer-overflow"; 504217222abSNico Weber bug_type_score = 25; 505217222abSNico Weber far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 506217222abSNico Weber break; 507217222abSNico Weber } 508217222abSNico Weber scariness.Scare(bug_type_score + read_after_free_bonus, bug_descr); 509217222abSNico Weber if (far_from_bounds) scariness.Scare(10, "far-from-bounds"); 510217222abSNico Weber } 511217222abSNico Weber } 512217222abSNico Weber } 513217222abSNico Weber 514217222abSNico Weber static void PrintContainerOverflowHint() { 515217222abSNico Weber Printf("HINT: if you don't care about these errors you may set " 516217222abSNico Weber "ASAN_OPTIONS=detect_container_overflow=0.\n" 517217222abSNico Weber "If you suspect a false positive see also: " 518217222abSNico Weber "https://github.com/google/sanitizers/wiki/" 519217222abSNico Weber "AddressSanitizerContainerOverflow.\n"); 520217222abSNico Weber } 521217222abSNico Weber 522217222abSNico Weber static void PrintShadowByte(InternalScopedString *str, const char *before, 523217222abSNico Weber u8 byte, const char *after = "\n") { 524217222abSNico Weber PrintMemoryByte(str, before, byte, /*in_shadow*/true, after); 525217222abSNico Weber } 526217222abSNico Weber 527217222abSNico Weber static void PrintLegend(InternalScopedString *str) { 5285b7dfa96SVitaly Buka str->AppendF( 529217222abSNico Weber "Shadow byte legend (one shadow byte represents %d " 530217222abSNico Weber "application bytes):\n", 531ad56941aSKirill Stoimenov (int)ASAN_SHADOW_GRANULARITY); 532217222abSNico Weber PrintShadowByte(str, " Addressable: ", 0); 5335b7dfa96SVitaly Buka str->AppendF(" Partially addressable: "); 534ad56941aSKirill Stoimenov for (u8 i = 1; i < ASAN_SHADOW_GRANULARITY; i++) 535ad56941aSKirill Stoimenov PrintShadowByte(str, "", i, " "); 5365b7dfa96SVitaly Buka str->AppendF("\n"); 537217222abSNico Weber PrintShadowByte(str, " Heap left redzone: ", 538217222abSNico Weber kAsanHeapLeftRedzoneMagic); 539217222abSNico Weber PrintShadowByte(str, " Freed heap region: ", kAsanHeapFreeMagic); 540217222abSNico Weber PrintShadowByte(str, " Stack left redzone: ", 541217222abSNico Weber kAsanStackLeftRedzoneMagic); 542217222abSNico Weber PrintShadowByte(str, " Stack mid redzone: ", 543217222abSNico Weber kAsanStackMidRedzoneMagic); 544217222abSNico Weber PrintShadowByte(str, " Stack right redzone: ", 545217222abSNico Weber kAsanStackRightRedzoneMagic); 546217222abSNico Weber PrintShadowByte(str, " Stack after return: ", 547217222abSNico Weber kAsanStackAfterReturnMagic); 548217222abSNico Weber PrintShadowByte(str, " Stack use after scope: ", 549217222abSNico Weber kAsanStackUseAfterScopeMagic); 550217222abSNico Weber PrintShadowByte(str, " Global redzone: ", kAsanGlobalRedzoneMagic); 551217222abSNico Weber PrintShadowByte(str, " Global init order: ", 552217222abSNico Weber kAsanInitializationOrderMagic); 553217222abSNico Weber PrintShadowByte(str, " Poisoned by user: ", 554217222abSNico Weber kAsanUserPoisonedMemoryMagic); 555217222abSNico Weber PrintShadowByte(str, " Container overflow: ", 556217222abSNico Weber kAsanContiguousContainerOOBMagic); 557217222abSNico Weber PrintShadowByte(str, " Array cookie: ", 558217222abSNico Weber kAsanArrayCookieMagic); 559217222abSNico Weber PrintShadowByte(str, " Intra object redzone: ", 560217222abSNico Weber kAsanIntraObjectRedzone); 561217222abSNico Weber PrintShadowByte(str, " ASan internal: ", kAsanInternalHeapMagic); 562217222abSNico Weber PrintShadowByte(str, " Left alloca redzone: ", kAsanAllocaLeftMagic); 563217222abSNico Weber PrintShadowByte(str, " Right alloca redzone: ", kAsanAllocaRightMagic); 564217222abSNico Weber } 565217222abSNico Weber 566217222abSNico Weber static void PrintShadowBytes(InternalScopedString *str, const char *before, 567217222abSNico Weber u8 *bytes, u8 *guilty, uptr n) { 568217222abSNico Weber Decorator d; 56913a442caSMartin Liska if (before) 5705b7dfa96SVitaly Buka str->AppendF("%s%p:", before, 571178554f3SFlorian Mayer (void *)ShadowToMem(reinterpret_cast<uptr>(bytes))); 572217222abSNico Weber for (uptr i = 0; i < n; i++) { 573217222abSNico Weber u8 *p = bytes + i; 574217222abSNico Weber const char *before = 575217222abSNico Weber p == guilty ? "[" : (p - 1 == guilty && i != 0) ? "" : " "; 576217222abSNico Weber const char *after = p == guilty ? "]" : ""; 577217222abSNico Weber PrintShadowByte(str, before, *p, after); 578217222abSNico Weber } 5795b7dfa96SVitaly Buka str->AppendF("\n"); 580217222abSNico Weber } 581217222abSNico Weber 582217222abSNico Weber static void PrintShadowMemoryForAddress(uptr addr) { 583217222abSNico Weber if (!AddrIsInMem(addr)) return; 584217222abSNico Weber uptr shadow_addr = MemToShadow(addr); 585217222abSNico Weber const uptr n_bytes_per_row = 16; 586217222abSNico Weber uptr aligned_shadow = shadow_addr & ~(n_bytes_per_row - 1); 587e0dadf3dSVitaly Buka InternalScopedString str; 5885b7dfa96SVitaly Buka str.AppendF("Shadow bytes around the buggy address:\n"); 589217222abSNico Weber for (int i = -5; i <= 5; i++) { 590217222abSNico Weber uptr row_shadow_addr = aligned_shadow + i * n_bytes_per_row; 591217222abSNico Weber // Skip rows that would be outside the shadow range. This can happen when 592217222abSNico Weber // the user address is near the bottom, top, or shadow gap of the address 593217222abSNico Weber // space. 594217222abSNico Weber if (!AddrIsInShadow(row_shadow_addr)) continue; 595217222abSNico Weber const char *prefix = (i == 0) ? "=>" : " "; 596217222abSNico Weber PrintShadowBytes(&str, prefix, (u8 *)row_shadow_addr, (u8 *)shadow_addr, 597217222abSNico Weber n_bytes_per_row); 598217222abSNico Weber } 599217222abSNico Weber if (flags()->print_legend) PrintLegend(&str); 600217222abSNico Weber Printf("%s", str.data()); 601217222abSNico Weber } 602217222abSNico Weber 603217222abSNico Weber void ErrorGeneric::Print() { 604217222abSNico Weber Decorator d; 605217222abSNico Weber Printf("%s", d.Error()); 606217222abSNico Weber uptr addr = addr_description.Address(); 607217222abSNico Weber Report("ERROR: AddressSanitizer: %s on address %p at pc %p bp %p sp %p\n", 608629b40daSMartin Liska bug_descr, (void *)addr, (void *)pc, (void *)bp, (void *)sp); 609217222abSNico Weber Printf("%s", d.Default()); 610217222abSNico Weber 611217222abSNico Weber Printf("%s%s of size %zu at %p thread %s%s\n", d.Access(), 612217222abSNico Weber access_size ? (is_write ? "WRITE" : "READ") : "ACCESS", access_size, 613217222abSNico Weber (void *)addr, AsanThreadIdAndName(tid).c_str(), d.Default()); 614217222abSNico Weber 615217222abSNico Weber scariness.Print(); 616217222abSNico Weber GET_STACK_TRACE_FATAL(pc, bp); 617217222abSNico Weber stack.Print(); 618217222abSNico Weber 619217222abSNico Weber // Pass bug_descr because we have a special case for 620217222abSNico Weber // initialization-order-fiasco 621217222abSNico Weber addr_description.Print(bug_descr); 622217222abSNico Weber if (shadow_val == kAsanContiguousContainerOOBMagic) 623217222abSNico Weber PrintContainerOverflowHint(); 624217222abSNico Weber ReportErrorSummary(bug_descr, &stack); 625217222abSNico Weber PrintShadowMemoryForAddress(addr); 626217222abSNico Weber } 627217222abSNico Weber 628217222abSNico Weber } // namespace __asan 629