shylie/llvm-project
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
llvm-project/compiler-rt
History
Roman Vinogradov 2caba086ab
[ASan] Fix overflow and last byte handling in __asan_region_is_poisoned (#183900) 
__asan_region_is_poisoned() uses an exclusive end address
(end = beg + size) to validate the region [beg, end) and to compute
the aligned inner shadow region. This causes correctness issue
near memory range upper boundary and could trigger address space
overflow on 32-bit targets.

1. Incorrect handling of the last byte of a memory range

   The implementation checks AddrIsInMem(end) instead of the last
   application byte (end - 1). For regions ending at the last byte
   of Low/Mid/HighMem (e.g. __asan_region_is_poisoned(kHighMemEnd, 1)),
   this returns end (kHighMemEnd + 1) instead of the original 
   pointer. This behavior is inconsistent with the function’s 
   semantics and with __asan_address_is_poisoned().

2) address space overflow and invalid shadow range

If a region ends at the top of the virtual address space (kHighMemEnd),
   e.g. on 32-bit targets, end = beg + size could wrap to 0.
   This violated the invariant beg < end and could trigger
   the CHECK failure.

   Additionally, overflow in RoundUpTo alignment computations
   for aligned_b could produce an invalid shadow region spanning
   LowShadow to HighShadow across ShadowGap, leading mem_is_zero()
   to access unmapped memory and crash.

Fix by switching to an inclusive last byte:

  last = beg + size - 1

All checks are now performed on beg and last. The aligned inner 
shadow region is also computed from [beg, last]. Additional guard 
for aligned_b prevents the mapping to shadow if aligned_b is wrapped
(in this case the aligned inner region is also empty and doesn't 
require the shadow scan via mem_is_zero()).

This fixes incorrect return values at memory range ends and 
prevents overflow related crashes on 32-bit targets.

Test is extended to cover these boundary cases.

---------

Co-authored-by: Vitaly Buka <vitalybuka@gmail.com>
2026-03-18 09:43:19 -07:00
..
cmake
[compiler-rt] Update runtime build script to detect RPC XDR header for AIX (#186977)
2026-03-18 19:52:22 +05:30
docs
include
[ASan] Fix overflow and last byte handling in __asan_region_is_poisoned (#183900)
2026-03-18 09:43:19 -07:00
lib
[ASan] Fix overflow and last byte handling in __asan_region_is_poisoned (#183900)
2026-03-18 09:43:19 -07:00
test
[ASan] Fix overflow and last byte handling in __asan_region_is_poisoned (#183900)
2026-03-18 09:43:19 -07:00
tools
unittests
Rename config.host_os to config.target_os.
2025-07-17 11:12:29 -07:00
utils
www
[compiler-rt] [docs] Mention Windows as one of the supported OSes (#106874)
2024-09-03 10:57:43 +03:00
.clang-tidy
.gitignore
CMakeLists.txt
[compiler-rt] Add ASan/UBSan runtime support for Hexagon Linux (#183982)
2026-03-12 20:27:11 -05:00
CREDITS.TXT
LICENSE.TXT
Maintainers.md
[compiler-rt] Fix a few new lines in Maintaners.md
2024-12-10 11:11:45 -08:00
README.txt

README.txt 

Compiler-RT
================================

This directory and its subdirectories contain source code for the compiler
support routines.

Compiler-RT is open source software. You may freely distribute it under the
terms of the license agreement found in LICENSE.txt.

================================