-
Notifications
You must be signed in to change notification settings - Fork 1k
AddressSanitizerUseAfterScope
Stack-use-after-scope bug appears when a stack object is used outside the scope it was defined. Example (see also AddressSanitizerExampleUseAfterScope):
void f() {
int *p;
if (b) {
int x[10];
p = x;
}
*p = 1;
}
This check is enabled by default in AddressSanitizer. It can be disabled with the clang flag -fno-sanitize-address-use-after-scope.
AddressSanitizer detects this kind of bugs by marking memory used by local variables as good when control reached variable definitions. Then it marks memory as bad when control reaches the end of the scope of definition. Implementation relies on @llvm.lifetime.start and @llvm.lifetime.end.
Example above we will be changed into a code similar to the following:
void f() {
int *p;
if (b) {
__asan_unpoison_stack_memory(x);
int x[10];
p = x;
__asan_poison_stack_memory(x);
}
*p = 1;
__asan_unpoison_stack_memory(frame);
}
Before a function returned, its stack memory need to be unpoisoned to avoid false reports for non-instrumented code.
Memory consumption is the same as with default set of AddressSanitizerFlags.
TODO
TODO