diff options
| author | Julian Lettner <jlettner@apple.com> | 2019-10-10 17:19:58 +0000 |
|---|---|---|
| committer | Julian Lettner <jlettner@apple.com> | 2019-10-10 17:19:58 +0000 |
| commit | 6fa614831f7986043e08b25951fe7407b07e60bf (patch) | |
| tree | a0cc4cffd4f9f7a256c77285a9c73746ad9f6d10 /lib/sanitizer_common/sanitizer_common.h | |
| parent | 637654f8efbe34a83e792b1f38393fc723f14074 (diff) | |
| download | compiler-rt-6fa614831f7986043e08b25951fe7407b07e60bf.tar.gz | |
Reland "[ASan] Do not misrepresent high value address dereferences as null dereferences"
Updated: Removed offending TODO comment.
Dereferences with addresses above the 48-bit hardware addressable range
produce "invalid instruction" (instead of "invalid access") hardware
exceptions (there is no hardware address decoding logic for those bits),
and the address provided by this exception is the address of the
instruction (not the faulting address). The kernel maps the "invalid
instruction" to SEGV, but fails to provide the real fault address.
Because of this ASan lies and says that those cases are null
dereferences. This downgrades the severity of a found bug in terms of
security. In the ASan signal handler, we can not provide the real
faulting address, but at least we can try not to lie.
rdar://50366151
Reviewed By: vitalybuka
Differential Revision: https://reviews.llvm.org/D68676
llvm-svn: 374265
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@374384 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/sanitizer_common/sanitizer_common.h')
| -rw-r--r-- | lib/sanitizer_common/sanitizer_common.h | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/sanitizer_common/sanitizer_common.h b/lib/sanitizer_common/sanitizer_common.h index ad056df38..87b8f02b5 100644 --- a/lib/sanitizer_common/sanitizer_common.h +++ b/lib/sanitizer_common/sanitizer_common.h @@ -881,6 +881,11 @@ struct SignalContext { bool is_memory_access; enum WriteFlag { UNKNOWN, READ, WRITE } write_flag; + // In some cases the kernel cannot provide the true faulting address; `addr` + // will be zero then. This field allows to distinguish between these cases + // and dereferences of null. + bool is_true_faulting_addr; + // VS2013 doesn't implement unrestricted unions, so we need a trivial default // constructor SignalContext() = default; @@ -893,7 +898,8 @@ struct SignalContext { context(context), addr(GetAddress()), is_memory_access(IsMemoryAccess()), - write_flag(GetWriteFlag()) { + write_flag(GetWriteFlag()), + is_true_faulting_addr(IsTrueFaultingAddress()) { InitPcSpBp(); } @@ -914,6 +920,7 @@ struct SignalContext { uptr GetAddress() const; WriteFlag GetWriteFlag() const; bool IsMemoryAccess() const; + bool IsTrueFaultingAddress() const; }; void InitializePlatformEarly(); |