diff --git a/compiler-rt/lib/hwasan/hwasan_report.cpp b/compiler-rt/lib/hwasan/hwasan_report.cpp --- a/compiler-rt/lib/hwasan/hwasan_report.cpp +++ b/compiler-rt/lib/hwasan/hwasan_report.cpp @@ -702,17 +702,15 @@ tag_t mem_tag = *tag_ptr; Printf("%s", d.Access()); - Printf("%s of size %zu at %p tags: %02x/%02x (ptr/mem) in thread T%zd\n", - is_store ? "WRITE" : "READ", access_size, untagged_addr, ptr_tag, - mem_tag, t->unique_id()); if (mem_tag && mem_tag < kShadowAlignment) { tag_t *granule_ptr = reinterpret_cast((untagged_addr + offset) & ~(kShadowAlignment - 1)); // If offset is 0, (untagged_addr + offset) is not aligned to granules. // This is the offset of the leftmost accessed byte within the bad granule. u8 in_granule_offset = (untagged_addr + offset) & (kShadowAlignment - 1); + tag_t short_tag = granule_ptr[kShadowAlignment - 1]; // The first mismatch was a short granule that matched the ptr_tag. - if (granule_ptr[kShadowAlignment - 1] == ptr_tag) { + if (short_tag == ptr_tag) { // If the access starts after the end of the short granule, then the first // bad byte is the first byte of the access; otherwise it is the first // byte past the end of the short granule @@ -720,6 +718,15 @@ offset += mem_tag - in_granule_offset; } } + Printf( + "%s of size %zu at %p tags: %02x/%02x/%02x (ptr/mem/short) " + "in thread T%zd\n", + is_store ? "WRITE" : "READ", access_size, untagged_addr, ptr_tag, + mem_tag, short_tag, t->unique_id()); + } else { + Printf("%s of size %zu at %p tags: %02x/%02x (ptr/mem) in thread T%zd\n", + is_store ? "WRITE" : "READ", access_size, untagged_addr, ptr_tag, + mem_tag, t->unique_id()); } if (offset != 0) Printf("Invalid access starting at offset %zu\n", offset); diff --git a/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c b/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c --- a/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c +++ b/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c @@ -57,7 +57,7 @@ // CHECKM: Cause: heap-buffer-overflow // CHECKM: is located 0 bytes to the right of 1000000-byte region // -// CHECK31: tags: [[TAG:..]]/0e (ptr/mem) +// CHECK31: tags: [[TAG:..]]/0e/[[TAG]] (ptr/mem/short) // CHECK31-NOT: Invalid access starting at offset // CHECK31: Cause: heap-buffer-overflow // CHECK31: is located 1 bytes to the right of 30-byte region