-
Notifications
You must be signed in to change notification settings - Fork 11.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ASan][libc++] Annotating std::basic_string
with all allocators
#75845
Merged
AdvenamTacet
merged 7 commits into
llvm:main
from
trail-of-forks:string-annotations-all-allocators
Jan 13, 2024
Merged
[ASan][libc++] Annotating std::basic_string
with all allocators
#75845
AdvenamTacet
merged 7 commits into
llvm:main
from
trail-of-forks:string-annotations-all-allocators
Jan 13, 2024
Commits on Jan 11, 2024
-
[ASan][libc++] Annotating
std::basic_string
with all allocatorsThis commit turns on ASan annotations in `std::basic_string` for all allocators by default. Originally suggested here: https://reviews.llvm.org/D146214 This commit is part of our efforts to support container annotations with (almost) every allocator. Annotating `std::basic_string` with default allocator is implemented in llvm#72677. Support in ASan API exests since llvm@dd1b7b7. This patch removes the check in std::basic_string annotation member function (__annotate_contiguous_container) to support different allocators. You can turn off annotations for a specific allocator based on changes from llvm@2fa1bec. This PR is a part of a series of patches extending AddressSanitizer C++ container overflow detection capabilities by adding annotations, similar to those existing in `std::vector` and `std::deque` collections. These enhancements empower ASan to effectively detect instances where the instrumented program attempts to access memory within a collection's internal allocation that remains unused. This includes cases where access occurs before or after the stored elements in `std::deque`, or between the `std::basic_string`'s size (including the null terminator) and capacity bounds. The introduction of these annotations was spurred by a real-world software bug discovered by Trail of Bits, involving an out-of-bounds memory access during the comparison of two strings using the `std::equals` function. This function was taking iterators (`iter1_begin`, `iter1_end`, `iter2_begin`) to perform the comparison, using a custom comparison function. When the `iter1` object exceeded the length of `iter2`, an out-of-bounds read could occur on the `iter2` object. Container sanitization, upon enabling these annotations, would effectively identify and flag this potential vulnerability. If you have any questions, please email: - advenam.tacet@trailofbits.com - disconnect3d@trailofbits.com
Advenam Tacet committedJan 11, 2024 Configuration menu - View commit details
-
Copy full SHA for 7af271d - Browse repository at this point
Copy the full SHA 7af271dView commit details -
This commit addresses some comments from a code review: - add size check, - add coments with context to a test, - add comments explaining what happens in the test, - remove volatile, - split an if to constexpr if and normal if.
Advenam Tacet committedJan 11, 2024 Configuration menu - View commit details
-
Copy full SHA for 1eea92e - Browse repository at this point
Copy the full SHA 1eea92eView commit details -
Advenam Tacet committed
Jan 11, 2024 Configuration menu - View commit details
-
Copy full SHA for 428a15f - Browse repository at this point
Copy the full SHA 428a15fView commit details
Commits on Jan 12, 2024
-
Advenam Tacet committed
Jan 12, 2024 Configuration menu - View commit details
-
Copy full SHA for a73df63 - Browse repository at this point
Copy the full SHA a73df63View commit details -
Co-authored-by: Louis Dionne <ldionne.2@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for d6a2fcc - Browse repository at this point
Copy the full SHA d6a2fccView commit details -
Co-authored-by: Louis Dionne <ldionne.2@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 55980f5 - Browse repository at this point
Copy the full SHA 55980f5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 200aaf2 - Browse repository at this point
Copy the full SHA 200aaf2View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.