diff options
author | Dmitry Mikulin <dmitry.mikulin@sony.com> | 2017-09-27 23:32:01 +0000 |
---|---|---|
committer | Dmitry Mikulin <dmitry.mikulin@sony.com> | 2017-09-27 23:32:01 +0000 |
commit | bc4debffe955e4713a448c4ee5e321f58c9915d1 (patch) | |
tree | baa2762b0667283dbe69b58052350d84676d1b36 /lib | |
parent | 5b19f39ab3109f32ced2a4dc95f0624211b1231e (diff) |
ASan allocates a global data initialization array at the tail end of each
compunit's .data section. This vector is not poisoned. Because of this the
first symbol of the following section has no left red zone. As a result, ASan
cannot detect underflow for such symbols.
Poison ASan allocated metadata, it should not be accessible to user code.
This fix does not eliminate the problem with missing left red zones but it
reduces the set of vulnerable symbols from first symbols in each input data
section to first symbols in the output section of the binary.
Differential Revision: https://reviews.llvm.org/D38056
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@314365 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib')
-rw-r--r-- | lib/asan/asan_globals.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/asan/asan_globals.cc b/lib/asan/asan_globals.cc index eebada804..ed1e4c614 100644 --- a/lib/asan/asan_globals.cc +++ b/lib/asan/asan_globals.cc @@ -384,6 +384,10 @@ void __asan_register_globals(__asan_global *globals, uptr n) { } RegisterGlobal(&globals[i]); } + + // Poison the metadata. It should not be accessible to user code. + PoisonShadow(reinterpret_cast<uptr>(globals), n * sizeof(__asan_global), + kAsanGlobalRedzoneMagic); } // Unregister an array of globals. |