ASan allocates a global data initialization array at the tail end of each

compunit's .data section. This vector is not poisoned. Because of this the first symbol of the following section has no left red zone. As a result, ASan cannot detect underflow for such symbols. Poison ASan allocated metadata, it should not be accessible to user code. This fix does not eliminate the problem with missing left red zones but it reduces the set of vulnerable symbols from first symbols in each input data section to first symbols in the output section of the binary. Differential Revision: https://reviews.llvm.org/D38056 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@314365 91177308-0d34-0410-b5e6-96231b3b80d8
author: Dmitry Mikulin <dmitry.mikulin@sony.com> 2017-09-27 23:32:01 +0000
committer: Dmitry Mikulin <dmitry.mikulin@sony.com> 2017-09-27 23:32:01 +0000
commit: bc4debffe955e4713a448c4ee5e321f58c9915d1 (patch)
tree: baa2762b0667283dbe69b58052350d84676d1b36 /lib
parent: 5b19f39ab3109f32ced2a4dc95f0624211b1231e (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/asan/asan_globals.cc b/lib/asan/asan_globals.cc
index eebada804..ed1e4c614 100644
--- a/lib/asan/asan_globals.cc
+++ b/lib/asan/asan_globals.cc
@@ -384,6 +384,10 @@ void __asan_register_globals(__asan_global *globals, uptr n) {
     }
     RegisterGlobal(&globals[i]);
   }
+
+  // Poison the metadata. It should not be accessible to user code.
+  PoisonShadow(reinterpret_cast<uptr>(globals), n * sizeof(__asan_global),
+               kAsanGlobalRedzoneMagic);
 }
 
 // Unregister an array of globals.
author	Dmitry Mikulin <dmitry.mikulin@sony.com>	2017-09-27 23:32:01 +0000
committer	Dmitry Mikulin <dmitry.mikulin@sony.com>	2017-09-27 23:32:01 +0000
commit	bc4debffe955e4713a448c4ee5e321f58c9915d1 (patch)
tree	baa2762b0667283dbe69b58052350d84676d1b36 /lib
parent	5b19f39ab3109f32ced2a4dc95f0624211b1231e (diff)