1 //===-- asan_errors.cc ------------------------------------------*- C++ -*-===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file is a part of AddressSanitizer, an address sanity checker.
11 //
12 // ASan implementation for error structures.
13 //===----------------------------------------------------------------------===//
14
15 #include "asan_errors.h"
16 #include "asan_descriptions.h"
17 #include "asan_mapping.h"
18 #include "asan_report.h"
19 #include "asan_stack.h"
20 #include "sanitizer_common/sanitizer_stackdepot.h"
21
22 namespace __asan {
23
OnStackUnwind(const SignalContext & sig,const void * callback_context,BufferedStackTrace * stack)24 static void OnStackUnwind(const SignalContext &sig,
25 const void *callback_context,
26 BufferedStackTrace *stack) {
27 bool fast = common_flags()->fast_unwind_on_fatal;
28 #if SANITIZER_FREEBSD || SANITIZER_NETBSD
29 // On FreeBSD the slow unwinding that leverages _Unwind_Backtrace()
30 // yields the call stack of the signal's handler and not of the code
31 // that raised the signal (as it does on Linux).
32 fast = true;
33 #endif
34 // Tests and maybe some users expect that scariness is going to be printed
35 // just before the stack. As only asan has scariness score we have no
36 // corresponding code in the sanitizer_common and we use this callback to
37 // print it.
38 static_cast<const ScarinessScoreBase *>(callback_context)->Print();
39 GetStackTrace(stack, kStackTraceMax, sig.pc, sig.bp, sig.context, fast);
40 }
41
Print()42 void ErrorDeadlySignal::Print() {
43 ReportDeadlySignal(signal, tid, &OnStackUnwind, &scariness);
44 }
45
Print()46 void ErrorDoubleFree::Print() {
47 Decorator d;
48 Printf("%s", d.Error());
49 Report(
50 "ERROR: AddressSanitizer: attempting %s on %p in thread %s:\n",
51 scariness.GetDescription(), addr_description.addr,
52 AsanThreadIdAndName(tid).c_str());
53 Printf("%s", d.Default());
54 scariness.Print();
55 GET_STACK_TRACE_FATAL(second_free_stack->trace[0],
56 second_free_stack->top_frame_bp);
57 stack.Print();
58 addr_description.Print();
59 ReportErrorSummary(scariness.GetDescription(), &stack);
60 }
61
Print()62 void ErrorNewDeleteTypeMismatch::Print() {
63 Decorator d;
64 Printf("%s", d.Error());
65 Report(
66 "ERROR: AddressSanitizer: %s on %p in thread %s:\n",
67 scariness.GetDescription(), addr_description.addr,
68 AsanThreadIdAndName(tid).c_str());
69 Printf("%s object passed to delete has wrong type:\n", d.Default());
70 if (delete_size != 0) {
71 Printf(
72 " size of the allocated type: %zd bytes;\n"
73 " size of the deallocated type: %zd bytes.\n",
74 addr_description.chunk_access.chunk_size, delete_size);
75 }
76 const uptr user_alignment =
77 addr_description.chunk_access.user_requested_alignment;
78 if (delete_alignment != user_alignment) {
79 char user_alignment_str[32];
80 char delete_alignment_str[32];
81 internal_snprintf(user_alignment_str, sizeof(user_alignment_str),
82 "%zd bytes", user_alignment);
83 internal_snprintf(delete_alignment_str, sizeof(delete_alignment_str),
84 "%zd bytes", delete_alignment);
85 static const char *kDefaultAlignment = "default-aligned";
86 Printf(
87 " alignment of the allocated type: %s;\n"
88 " alignment of the deallocated type: %s.\n",
89 user_alignment > 0 ? user_alignment_str : kDefaultAlignment,
90 delete_alignment > 0 ? delete_alignment_str : kDefaultAlignment);
91 }
92 CHECK_GT(free_stack->size, 0);
93 scariness.Print();
94 GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);
95 stack.Print();
96 addr_description.Print();
97 ReportErrorSummary(scariness.GetDescription(), &stack);
98 Report(
99 "HINT: if you don't care about these errors you may set "
100 "ASAN_OPTIONS=new_delete_type_mismatch=0\n");
101 }
102
Print()103 void ErrorFreeNotMalloced::Print() {
104 Decorator d;
105 Printf("%s", d.Error());
106 Report(
107 "ERROR: AddressSanitizer: attempting free on address "
108 "which was not malloc()-ed: %p in thread %s\n",
109 addr_description.Address(), AsanThreadIdAndName(tid).c_str());
110 Printf("%s", d.Default());
111 CHECK_GT(free_stack->size, 0);
112 scariness.Print();
113 GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);
114 stack.Print();
115 addr_description.Print();
116 ReportErrorSummary(scariness.GetDescription(), &stack);
117 }
118
Print()119 void ErrorAllocTypeMismatch::Print() {
120 static const char *alloc_names[] = {"INVALID", "malloc", "operator new",
121 "operator new []"};
122 static const char *dealloc_names[] = {"INVALID", "free", "operator delete",
123 "operator delete []"};
124 CHECK_NE(alloc_type, dealloc_type);
125 Decorator d;
126 Printf("%s", d.Error());
127 Report("ERROR: AddressSanitizer: %s (%s vs %s) on %p\n",
128 scariness.GetDescription(), alloc_names[alloc_type],
129 dealloc_names[dealloc_type], addr_description.Address());
130 Printf("%s", d.Default());
131 CHECK_GT(dealloc_stack->size, 0);
132 scariness.Print();
133 GET_STACK_TRACE_FATAL(dealloc_stack->trace[0], dealloc_stack->top_frame_bp);
134 stack.Print();
135 addr_description.Print();
136 ReportErrorSummary(scariness.GetDescription(), &stack);
137 Report(
138 "HINT: if you don't care about these errors you may set "
139 "ASAN_OPTIONS=alloc_dealloc_mismatch=0\n");
140 }
141
Print()142 void ErrorMallocUsableSizeNotOwned::Print() {
143 Decorator d;
144 Printf("%s", d.Error());
145 Report(
146 "ERROR: AddressSanitizer: attempting to call malloc_usable_size() for "
147 "pointer which is not owned: %p\n",
148 addr_description.Address());
149 Printf("%s", d.Default());
150 stack->Print();
151 addr_description.Print();
152 ReportErrorSummary(scariness.GetDescription(), stack);
153 }
154
Print()155 void ErrorSanitizerGetAllocatedSizeNotOwned::Print() {
156 Decorator d;
157 Printf("%s", d.Error());
158 Report(
159 "ERROR: AddressSanitizer: attempting to call "
160 "__sanitizer_get_allocated_size() for pointer which is not owned: %p\n",
161 addr_description.Address());
162 Printf("%s", d.Default());
163 stack->Print();
164 addr_description.Print();
165 ReportErrorSummary(scariness.GetDescription(), stack);
166 }
167
Print()168 void ErrorCallocOverflow::Print() {
169 Decorator d;
170 Printf("%s", d.Error());
171 Report(
172 "ERROR: AddressSanitizer: calloc parameters overflow: count * size "
173 "(%zd * %zd) cannot be represented in type size_t (thread %s)\n",
174 count, size, AsanThreadIdAndName(tid).c_str());
175 Printf("%s", d.Default());
176 stack->Print();
177 PrintHintAllocatorCannotReturnNull();
178 ReportErrorSummary(scariness.GetDescription(), stack);
179 }
180
Print()181 void ErrorPvallocOverflow::Print() {
182 Decorator d;
183 Printf("%s", d.Error());
184 Report(
185 "ERROR: AddressSanitizer: pvalloc parameters overflow: size 0x%zx "
186 "rounded up to system page size 0x%zx cannot be represented in type "
187 "size_t (thread %s)\n",
188 size, GetPageSizeCached(), AsanThreadIdAndName(tid).c_str());
189 Printf("%s", d.Default());
190 stack->Print();
191 PrintHintAllocatorCannotReturnNull();
192 ReportErrorSummary(scariness.GetDescription(), stack);
193 }
194
Print()195 void ErrorInvalidAllocationAlignment::Print() {
196 Decorator d;
197 Printf("%s", d.Error());
198 Report(
199 "ERROR: AddressSanitizer: invalid allocation alignment: %zd, "
200 "alignment must be a power of two (thread %s)\n",
201 alignment, AsanThreadIdAndName(tid).c_str());
202 Printf("%s", d.Default());
203 stack->Print();
204 PrintHintAllocatorCannotReturnNull();
205 ReportErrorSummary(scariness.GetDescription(), stack);
206 }
207
Print()208 void ErrorInvalidAlignedAllocAlignment::Print() {
209 Decorator d;
210 Printf("%s", d.Error());
211 #if SANITIZER_POSIX
212 Report("ERROR: AddressSanitizer: invalid alignment requested in "
213 "aligned_alloc: %zd, alignment must be a power of two and the "
214 "requested size 0x%zx must be a multiple of alignment "
215 "(thread %s)\n", alignment, size, AsanThreadIdAndName(tid).c_str());
216 #else
217 Report("ERROR: AddressSanitizer: invalid alignment requested in "
218 "aligned_alloc: %zd, the requested size 0x%zx must be a multiple of "
219 "alignment (thread %s)\n", alignment, size,
220 AsanThreadIdAndName(tid).c_str());
221 #endif
222 Printf("%s", d.Default());
223 stack->Print();
224 PrintHintAllocatorCannotReturnNull();
225 ReportErrorSummary(scariness.GetDescription(), stack);
226 }
227
Print()228 void ErrorInvalidPosixMemalignAlignment::Print() {
229 Decorator d;
230 Printf("%s", d.Error());
231 Report(
232 "ERROR: AddressSanitizer: invalid alignment requested in posix_memalign: "
233 "%zd, alignment must be a power of two and a multiple of sizeof(void*) "
234 "== %zd (thread %s)\n",
235 alignment, sizeof(void*), AsanThreadIdAndName(tid).c_str()); // NOLINT
236 Printf("%s", d.Default());
237 stack->Print();
238 PrintHintAllocatorCannotReturnNull();
239 ReportErrorSummary(scariness.GetDescription(), stack);
240 }
241
Print()242 void ErrorAllocationSizeTooBig::Print() {
243 Decorator d;
244 Printf("%s", d.Error());
245 Report(
246 "ERROR: AddressSanitizer: requested allocation size 0x%zx (0x%zx after "
247 "adjustments for alignment, red zones etc.) exceeds maximum supported "
248 "size of 0x%zx (thread %s)\n",
249 user_size, total_size, max_size, AsanThreadIdAndName(tid).c_str());
250 Printf("%s", d.Default());
251 stack->Print();
252 PrintHintAllocatorCannotReturnNull();
253 ReportErrorSummary(scariness.GetDescription(), stack);
254 }
255
Print()256 void ErrorRssLimitExceeded::Print() {
257 Decorator d;
258 Printf("%s", d.Error());
259 Report(
260 "ERROR: AddressSanitizer: specified RSS limit exceeded, currently set to "
261 "soft_rss_limit_mb=%zd\n", common_flags()->soft_rss_limit_mb);
262 Printf("%s", d.Default());
263 stack->Print();
264 PrintHintAllocatorCannotReturnNull();
265 ReportErrorSummary(scariness.GetDescription(), stack);
266 }
267
Print()268 void ErrorOutOfMemory::Print() {
269 Decorator d;
270 Printf("%s", d.Error());
271 Report(
272 "ERROR: AddressSanitizer: allocator is out of memory trying to allocate "
273 "0x%zx bytes\n", requested_size);
274 Printf("%s", d.Default());
275 stack->Print();
276 PrintHintAllocatorCannotReturnNull();
277 ReportErrorSummary(scariness.GetDescription(), stack);
278 }
279
Print()280 void ErrorStringFunctionMemoryRangesOverlap::Print() {
281 Decorator d;
282 char bug_type[100];
283 internal_snprintf(bug_type, sizeof(bug_type), "%s-param-overlap", function);
284 Printf("%s", d.Error());
285 Report(
286 "ERROR: AddressSanitizer: %s: memory ranges [%p,%p) and [%p, %p) "
287 "overlap\n",
288 bug_type, addr1_description.Address(),
289 addr1_description.Address() + length1, addr2_description.Address(),
290 addr2_description.Address() + length2);
291 Printf("%s", d.Default());
292 scariness.Print();
293 stack->Print();
294 addr1_description.Print();
295 addr2_description.Print();
296 ReportErrorSummary(bug_type, stack);
297 }
298
Print()299 void ErrorStringFunctionSizeOverflow::Print() {
300 Decorator d;
301 Printf("%s", d.Error());
302 Report("ERROR: AddressSanitizer: %s: (size=%zd)\n",
303 scariness.GetDescription(), size);
304 Printf("%s", d.Default());
305 scariness.Print();
306 stack->Print();
307 addr_description.Print();
308 ReportErrorSummary(scariness.GetDescription(), stack);
309 }
310
Print()311 void ErrorBadParamsToAnnotateContiguousContainer::Print() {
312 Report(
313 "ERROR: AddressSanitizer: bad parameters to "
314 "__sanitizer_annotate_contiguous_container:\n"
315 " beg : %p\n"
316 " end : %p\n"
317 " old_mid : %p\n"
318 " new_mid : %p\n",
319 beg, end, old_mid, new_mid);
320 uptr granularity = SHADOW_GRANULARITY;
321 if (!IsAligned(beg, granularity))
322 Report("ERROR: beg is not aligned by %d\n", granularity);
323 stack->Print();
324 ReportErrorSummary(scariness.GetDescription(), stack);
325 }
326
Print()327 void ErrorODRViolation::Print() {
328 Decorator d;
329 Printf("%s", d.Error());
330 Report("ERROR: AddressSanitizer: %s (%p):\n", scariness.GetDescription(),
331 global1.beg);
332 Printf("%s", d.Default());
333 InternalScopedString g1_loc(256), g2_loc(256);
334 PrintGlobalLocation(&g1_loc, global1);
335 PrintGlobalLocation(&g2_loc, global2);
336 Printf(" [1] size=%zd '%s' %s\n", global1.size,
337 MaybeDemangleGlobalName(global1.name), g1_loc.data());
338 Printf(" [2] size=%zd '%s' %s\n", global2.size,
339 MaybeDemangleGlobalName(global2.name), g2_loc.data());
340 if (stack_id1 && stack_id2) {
341 Printf("These globals were registered at these points:\n");
342 Printf(" [1]:\n");
343 StackDepotGet(stack_id1).Print();
344 Printf(" [2]:\n");
345 StackDepotGet(stack_id2).Print();
346 }
347 Report(
348 "HINT: if you don't care about these errors you may set "
349 "ASAN_OPTIONS=detect_odr_violation=0\n");
350 InternalScopedString error_msg(256);
351 error_msg.append("%s: global '%s' at %s", scariness.GetDescription(),
352 MaybeDemangleGlobalName(global1.name), g1_loc.data());
353 ReportErrorSummary(error_msg.data());
354 }
355
Print()356 void ErrorInvalidPointerPair::Print() {
357 Decorator d;
358 Printf("%s", d.Error());
359 Report("ERROR: AddressSanitizer: %s: %p %p\n", scariness.GetDescription(),
360 addr1_description.Address(), addr2_description.Address());
361 Printf("%s", d.Default());
362 GET_STACK_TRACE_FATAL(pc, bp);
363 stack.Print();
364 addr1_description.Print();
365 addr2_description.Print();
366 ReportErrorSummary(scariness.GetDescription(), &stack);
367 }
368
AdjacentShadowValuesAreFullyPoisoned(u8 * s)369 static bool AdjacentShadowValuesAreFullyPoisoned(u8 *s) {
370 return s[-1] > 127 && s[1] > 127;
371 }
372
ErrorGeneric(u32 tid,uptr pc_,uptr bp_,uptr sp_,uptr addr,bool is_write_,uptr access_size_)373 ErrorGeneric::ErrorGeneric(u32 tid, uptr pc_, uptr bp_, uptr sp_, uptr addr,
374 bool is_write_, uptr access_size_)
375 : ErrorBase(tid),
376 addr_description(addr, access_size_, /*shouldLockThreadRegistry=*/false),
377 pc(pc_),
378 bp(bp_),
379 sp(sp_),
380 access_size(access_size_),
381 is_write(is_write_),
382 shadow_val(0) {
383 scariness.Clear();
384 if (access_size) {
385 if (access_size <= 9) {
386 char desr[] = "?-byte";
387 desr[0] = '0' + access_size;
388 scariness.Scare(access_size + access_size / 2, desr);
389 } else if (access_size >= 10) {
390 scariness.Scare(15, "multi-byte");
391 }
392 is_write ? scariness.Scare(20, "write") : scariness.Scare(1, "read");
393
394 // Determine the error type.
395 bug_descr = "unknown-crash";
396 if (AddrIsInMem(addr)) {
397 u8 *shadow_addr = (u8 *)MemToShadow(addr);
398 // If we are accessing 16 bytes, look at the second shadow byte.
399 if (*shadow_addr == 0 && access_size > SHADOW_GRANULARITY) shadow_addr++;
400 // If we are in the partial right redzone, look at the next shadow byte.
401 if (*shadow_addr > 0 && *shadow_addr < 128) shadow_addr++;
402 bool far_from_bounds = false;
403 shadow_val = *shadow_addr;
404 int bug_type_score = 0;
405 // For use-after-frees reads are almost as bad as writes.
406 int read_after_free_bonus = 0;
407 switch (shadow_val) {
408 case kAsanHeapLeftRedzoneMagic:
409 case kAsanArrayCookieMagic:
410 bug_descr = "heap-buffer-overflow";
411 bug_type_score = 10;
412 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
413 break;
414 case kAsanHeapFreeMagic:
415 bug_descr = "heap-use-after-free";
416 bug_type_score = 20;
417 if (!is_write) read_after_free_bonus = 18;
418 break;
419 case kAsanStackLeftRedzoneMagic:
420 bug_descr = "stack-buffer-underflow";
421 bug_type_score = 25;
422 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
423 break;
424 case kAsanInitializationOrderMagic:
425 bug_descr = "initialization-order-fiasco";
426 bug_type_score = 1;
427 break;
428 case kAsanStackMidRedzoneMagic:
429 case kAsanStackRightRedzoneMagic:
430 bug_descr = "stack-buffer-overflow";
431 bug_type_score = 25;
432 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
433 break;
434 case kAsanStackAfterReturnMagic:
435 bug_descr = "stack-use-after-return";
436 bug_type_score = 30;
437 if (!is_write) read_after_free_bonus = 18;
438 break;
439 case kAsanUserPoisonedMemoryMagic:
440 bug_descr = "use-after-poison";
441 bug_type_score = 20;
442 break;
443 case kAsanContiguousContainerOOBMagic:
444 bug_descr = "container-overflow";
445 bug_type_score = 10;
446 break;
447 case kAsanStackUseAfterScopeMagic:
448 bug_descr = "stack-use-after-scope";
449 bug_type_score = 10;
450 break;
451 case kAsanGlobalRedzoneMagic:
452 bug_descr = "global-buffer-overflow";
453 bug_type_score = 10;
454 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
455 break;
456 case kAsanIntraObjectRedzone:
457 bug_descr = "intra-object-overflow";
458 bug_type_score = 10;
459 break;
460 case kAsanAllocaLeftMagic:
461 case kAsanAllocaRightMagic:
462 bug_descr = "dynamic-stack-buffer-overflow";
463 bug_type_score = 25;
464 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
465 break;
466 }
467 scariness.Scare(bug_type_score + read_after_free_bonus, bug_descr);
468 if (far_from_bounds) scariness.Scare(10, "far-from-bounds");
469 }
470 }
471 }
472
PrintContainerOverflowHint()473 static void PrintContainerOverflowHint() {
474 Printf("HINT: if you don't care about these errors you may set "
475 "ASAN_OPTIONS=detect_container_overflow=0.\n"
476 "If you suspect a false positive see also: "
477 "https://github.com/google/sanitizers/wiki/"
478 "AddressSanitizerContainerOverflow.\n");
479 }
480
PrintShadowByte(InternalScopedString * str,const char * before,u8 byte,const char * after="\\n")481 static void PrintShadowByte(InternalScopedString *str, const char *before,
482 u8 byte, const char *after = "\n") {
483 PrintMemoryByte(str, before, byte, /*in_shadow*/true, after);
484 }
485
PrintLegend(InternalScopedString * str)486 static void PrintLegend(InternalScopedString *str) {
487 str->append(
488 "Shadow byte legend (one shadow byte represents %d "
489 "application bytes):\n",
490 (int)SHADOW_GRANULARITY);
491 PrintShadowByte(str, " Addressable: ", 0);
492 str->append(" Partially addressable: ");
493 for (u8 i = 1; i < SHADOW_GRANULARITY; i++) PrintShadowByte(str, "", i, " ");
494 str->append("\n");
495 PrintShadowByte(str, " Heap left redzone: ",
496 kAsanHeapLeftRedzoneMagic);
497 PrintShadowByte(str, " Freed heap region: ", kAsanHeapFreeMagic);
498 PrintShadowByte(str, " Stack left redzone: ",
499 kAsanStackLeftRedzoneMagic);
500 PrintShadowByte(str, " Stack mid redzone: ",
501 kAsanStackMidRedzoneMagic);
502 PrintShadowByte(str, " Stack right redzone: ",
503 kAsanStackRightRedzoneMagic);
504 PrintShadowByte(str, " Stack after return: ",
505 kAsanStackAfterReturnMagic);
506 PrintShadowByte(str, " Stack use after scope: ",
507 kAsanStackUseAfterScopeMagic);
508 PrintShadowByte(str, " Global redzone: ", kAsanGlobalRedzoneMagic);
509 PrintShadowByte(str, " Global init order: ",
510 kAsanInitializationOrderMagic);
511 PrintShadowByte(str, " Poisoned by user: ",
512 kAsanUserPoisonedMemoryMagic);
513 PrintShadowByte(str, " Container overflow: ",
514 kAsanContiguousContainerOOBMagic);
515 PrintShadowByte(str, " Array cookie: ",
516 kAsanArrayCookieMagic);
517 PrintShadowByte(str, " Intra object redzone: ",
518 kAsanIntraObjectRedzone);
519 PrintShadowByte(str, " ASan internal: ", kAsanInternalHeapMagic);
520 PrintShadowByte(str, " Left alloca redzone: ", kAsanAllocaLeftMagic);
521 PrintShadowByte(str, " Right alloca redzone: ", kAsanAllocaRightMagic);
522 PrintShadowByte(str, " Shadow gap: ", kAsanShadowGap);
523 }
524
PrintShadowBytes(InternalScopedString * str,const char * before,u8 * bytes,u8 * guilty,uptr n)525 static void PrintShadowBytes(InternalScopedString *str, const char *before,
526 u8 *bytes, u8 *guilty, uptr n) {
527 Decorator d;
528 if (before) str->append("%s%p:", before, bytes);
529 for (uptr i = 0; i < n; i++) {
530 u8 *p = bytes + i;
531 const char *before =
532 p == guilty ? "[" : (p - 1 == guilty && i != 0) ? "" : " ";
533 const char *after = p == guilty ? "]" : "";
534 PrintShadowByte(str, before, *p, after);
535 }
536 str->append("\n");
537 }
538
PrintShadowMemoryForAddress(uptr addr)539 static void PrintShadowMemoryForAddress(uptr addr) {
540 if (!AddrIsInMem(addr)) return;
541 uptr shadow_addr = MemToShadow(addr);
542 const uptr n_bytes_per_row = 16;
543 uptr aligned_shadow = shadow_addr & ~(n_bytes_per_row - 1);
544 InternalScopedString str(4096 * 8);
545 str.append("Shadow bytes around the buggy address:\n");
546 for (int i = -5; i <= 5; i++) {
547 uptr row_shadow_addr = aligned_shadow + i * n_bytes_per_row;
548 // Skip rows that would be outside the shadow range. This can happen when
549 // the user address is near the bottom, top, or shadow gap of the address
550 // space.
551 if (!AddrIsInShadow(row_shadow_addr)) continue;
552 const char *prefix = (i == 0) ? "=>" : " ";
553 PrintShadowBytes(&str, prefix, (u8 *)row_shadow_addr, (u8 *)shadow_addr,
554 n_bytes_per_row);
555 }
556 if (flags()->print_legend) PrintLegend(&str);
557 Printf("%s", str.data());
558 }
559
Print()560 void ErrorGeneric::Print() {
561 Decorator d;
562 Printf("%s", d.Error());
563 uptr addr = addr_description.Address();
564 Report("ERROR: AddressSanitizer: %s on address %p at pc %p bp %p sp %p\n",
565 bug_descr, (void *)addr, pc, bp, sp);
566 Printf("%s", d.Default());
567
568 Printf("%s%s of size %zu at %p thread %s%s\n", d.Access(),
569 access_size ? (is_write ? "WRITE" : "READ") : "ACCESS", access_size,
570 (void *)addr, AsanThreadIdAndName(tid).c_str(), d.Default());
571
572 scariness.Print();
573 GET_STACK_TRACE_FATAL(pc, bp);
574 stack.Print();
575
576 // Pass bug_descr because we have a special case for
577 // initialization-order-fiasco
578 addr_description.Print(bug_descr);
579 if (shadow_val == kAsanContiguousContainerOOBMagic)
580 PrintContainerOverflowHint();
581 ReportErrorSummary(bug_descr, &stack);
582 PrintShadowMemoryForAddress(addr);
583 }
584
585 } // namespace __asan
586