Page MenuHomePhabricator

[3/3][ASan] integration test for std::deque and std::basic_string annotations
Needs ReviewPublic

Authored by AdvenamTacet on Sep 21 2022, 6:29 PM.

Details

Reviewers
None
Group Reviewers
Restricted Project
Summary

This commit is a part of patches extending AddressSanitizer C++
container overflow detection capabilities by adding annotations,
similar to those existing in std::vector, to std::string and
std::deque collections. These changes allow ASan to detect cases
when the instrumented program accesses memory which is internally
allocated by the collection but is still not in-use (accesses
before or after the stored elements for std::deque, or between
the size and capacity bounds for std::string).

Trail of Bits developed this as part of a research project where
we tried to find bugs using the oss-fuzz (using llvm-14 with our
modifications) harnesses. Now, we want to upstream the llvm-16
port of this work.

One integration test for std::deque and std::basic_string,
which checks whether a std::basic_string can be stored
in a std::deque collection with annotation.

That test requires both std::basic_string and
std::deque annotations.

Structure of our patches:
[1a/3][ASan][compiler-rt] API for double ended containers
[1b/3][ASan][compiler-rt] API for annotating objects memory
[2a/3][ASan][libcxx] std::deque annotations
[2b/3][ASan][libcxx] std::basic_string annotations
[3/3][ASan] integration test for std::deque and std::basic_string annotations

1a -> 2a -

\
 --> 3
/

1b -> 2b -

If you have any questions, please email:

  • advenam.tacet@trailofbits.com
  • disconnect3d@trailofbits.com

Diff Detail