Index: lib/asan/asan_errors.h =================================================================== --- lib/asan/asan_errors.h +++ lib/asan/asan_errors.h @@ -16,9 +16,20 @@ #include "asan_descriptions.h" #include "asan_scariness_score.h" +#include "sanitizer_common/sanitizer_common.h" namespace __asan { +static inline void PrintMemoryByte(InternalScopedString *str, + const char *before, u8 byte, bool in_shadow, + const char *after = "\n") { + Decorator d; + str->append("%s%s%x%x%s%s", before, + in_shadow ? d.ShadowByte(byte) : d.MemoryByte(), byte >> 4, + byte & 15, in_shadow ? d.EndShadowByte() : d.EndMemoryByte(), + after); +} + struct ErrorBase { ScarinessScore scariness; }; @@ -40,6 +51,45 @@ void Print(); }; +struct ErrorDeadlySignal : ErrorBase { + u32 tid; + uptr addr, pc, bp, sp; + int signo; + SignalContext::WriteFlag write_flag; + bool is_memory_access; + // ErrorDeadlySignal never owns the context. + void *context; + + ErrorDeadlySignal(int signo_, const SignalContext &sig, u32 tid_) + : tid(tid_), + addr(sig.addr), + pc(sig.pc), + bp(sig.bp), + sp(sig.sp), + signo(signo_), + write_flag(sig.write_flag), + is_memory_access(sig.is_memory_access), + context(sig.context) + { + if (is_memory_access) { + if (addr < GetPageSizeCached()) { + scariness.Scare(10, "null-deref"); + } else if (addr == pc) { + scariness.Scare(60, "wild-jump"); + } else if (write_flag == SignalContext::WRITE) { + scariness.Scare(30, "wild-addr-write"); + } else if (write_flag == SignalContext::READ) { + scariness.Scare(20, "wild-addr-read"); + } else { + scariness.Scare(25, "wild-addr"); + } + } else { + scariness.Scare(10, "signal"); + } + } + void Print(); +}; + struct ErrorDoubleFree : ErrorBase { u32 tid; HeapAddressDescription addr_description; @@ -57,6 +107,7 @@ enum ErrorKind { kErrorKindInvalid = 0, kErrorKindStackOverflow, + kErrorKindDeadlySignal, kErrorKindDoubleFree, }; @@ -64,12 +115,16 @@ ErrorKind kind; union { ErrorStackOverflow stack_overflow; + ErrorDeadlySignal deadly_signal; ErrorDoubleFree double_free; }; ErrorDescription() { internal_memset(this, 0, sizeof(*this)); } ErrorDescription(const ErrorStackOverflow &e) // NOLINT : kind(kErrorKindStackOverflow), stack_overflow(e) {} + ErrorDescription(const ErrorDeadlySignal &e) // NOLINT + : kind(kErrorKindDeadlySignal), + deadly_signal(e) {} ErrorDescription(const ErrorDoubleFree &e) // NOLINT : kind(kErrorKindDoubleFree), double_free(e) {} @@ -80,6 +135,9 @@ case kErrorKindStackOverflow: stack_overflow.Print(); return; + case kErrorKindDeadlySignal: + deadly_signal.Print(); + return; case kErrorKindDoubleFree: double_free.Print(); return; Index: lib/asan/asan_errors.cc =================================================================== --- lib/asan/asan_errors.cc +++ lib/asan/asan_errors.cc @@ -13,6 +13,7 @@ //===----------------------------------------------------------------------===// #include "asan_errors.h" +#include #include "asan_descriptions.h" #include "asan_stack.h" @@ -34,6 +35,62 @@ ReportErrorSummary("stack-overflow", &stack); } +static void MaybeDumpInstructionBytes(uptr pc) { + if (!flags()->dump_instruction_bytes || (pc < GetPageSizeCached())) return; + InternalScopedString str(1024); + str.append("First 16 instruction bytes at pc: "); + if (IsAccessibleMemoryRange(pc, 16)) { + for (int i = 0; i < 16; ++i) { + PrintMemoryByte(&str, "", ((u8 *)pc)[i], /*in_shadow*/ false, " "); + } + str.append("\n"); + } else { + str.append("unaccessible\n"); + } + Report("%s", str.data()); +} + +void ErrorDeadlySignal::Print() { + Decorator d; + Printf("%s", d.Warning()); + const char *description = nullptr; + switch (signo) { + case SIGFPE: + description = "FPE"; + break; + case SIGILL: + description = "ILL"; + break; + default: + description = "SEGV"; + break; + } + + Report( + "ERROR: AddressSanitizer: %s on unknown address %p (pc %p bp %p sp %p " + "T%d)\n", + description, (void *)addr, (void *)pc, (void *)bp, (void *)sp, tid); + Printf("%s", d.EndWarning()); + if (pc < GetPageSizeCached()) Report("Hint: pc points to the zero page.\n"); + if (is_memory_access) { + const char *access_type = + write_flag == SignalContext::WRITE + ? "WRITE" + : (write_flag == SignalContext::READ ? "READ" : "UNKNOWN"); + Report("The signal is caused by a %s memory access.\n", access_type); + if (addr < GetPageSizeCached()) + Report("Hint: address points to the zero page.\n"); + } + scariness.Print(); + BufferedStackTrace stack; + GetStackTraceWithPcBpAndContext(&stack, kStackTraceMax, pc, bp, context, + common_flags()->fast_unwind_on_fatal); + stack.Print(); + MaybeDumpInstructionBytes(pc); + Printf("AddressSanitizer can not provide additional info.\n"); + ReportErrorSummary(description, &stack); +} + void ErrorDoubleFree::Print() { Decorator d; Printf("%s", d.Warning()); Index: lib/asan/asan_posix.cc =================================================================== --- lib/asan/asan_posix.cc +++ lib/asan/asan_posix.cc @@ -84,12 +84,8 @@ // unaligned memory access. if (IsStackAccess && (code == si_SEGV_MAPERR || code == si_SEGV_ACCERR)) ReportStackOverflow(sig); - else if (signo == SIGFPE) - ReportDeadlySignal("FPE", sig); - else if (signo == SIGILL) - ReportDeadlySignal("ILL", sig); else - ReportDeadlySignal("SEGV", sig); + ReportDeadlySignal(signo, sig); } // ---------------------- TSD ---------------- {{{1 Index: lib/asan/asan_report.h =================================================================== --- lib/asan/asan_report.h +++ lib/asan/asan_report.h @@ -51,7 +51,7 @@ void ReportGenericError(uptr pc, uptr bp, uptr sp, uptr addr, bool is_write, uptr access_size, u32 exp, bool fatal); void ReportStackOverflow(const SignalContext &sig); -void ReportDeadlySignal(const char *description, const SignalContext &sig); +void ReportDeadlySignal(int signo, const SignalContext &sig); void ReportNewDeleteSizeMismatch(uptr addr, uptr alloc_size, uptr delete_size, BufferedStackTrace *free_stack); void ReportDoubleFree(uptr addr, BufferedStackTrace *free_stack); Index: lib/asan/asan_report.cc =================================================================== --- lib/asan/asan_report.cc +++ lib/asan/asan_report.cc @@ -69,15 +69,6 @@ // ---------------------- Helper functions ----------------------- {{{1 -static void PrintMemoryByte(InternalScopedString *str, const char *before, - u8 byte, bool in_shadow, const char *after = "\n") { - Decorator d; - str->append("%s%s%x%x%s%s", before, - in_shadow ? d.ShadowByte(byte) : d.MemoryByte(), - byte >> 4, byte & 15, - in_shadow ? d.EndShadowByte() : d.EndMemoryByte(), after); -} - static void PrintShadowByte(InternalScopedString *str, const char *before, u8 byte, const char *after = "\n") { PrintMemoryByte(str, before, byte, /*in_shadow*/true, after); @@ -137,22 +128,6 @@ PrintShadowByte(str, " Right alloca redzone: ", kAsanAllocaRightMagic); } -void MaybeDumpInstructionBytes(uptr pc) { - if (!flags()->dump_instruction_bytes || (pc < GetPageSizeCached())) - return; - InternalScopedString str(1024); - str.append("First 16 instruction bytes at pc: "); - if (IsAccessibleMemoryRange(pc, 16)) { - for (int i = 0; i < 16; ++i) { - PrintMemoryByte(&str, "", ((u8 *)pc)[i], /*in_shadow*/false, " "); - } - str.append("\n"); - } else { - str.append("unaccessible\n"); - } - Report("%s", str.data()); -} - static void PrintShadowMemoryForAddress(uptr addr) { if (!AddrIsInMem(addr)) return; uptr shadow_addr = MemToShadow(addr); @@ -346,46 +321,10 @@ in_report.ReportError(error); } -void ReportDeadlySignal(const char *description, const SignalContext &sig) { +void ReportDeadlySignal(int signo, const SignalContext &sig) { ScopedInErrorReport in_report(/*report*/ nullptr, /*fatal*/ true); - Decorator d; - Printf("%s", d.Warning()); - Report( - "ERROR: AddressSanitizer: %s on unknown address %p" - " (pc %p bp %p sp %p T%d)\n", - description, (void *)sig.addr, (void *)sig.pc, (void *)sig.bp, - (void *)sig.sp, GetCurrentTidOrInvalid()); - Printf("%s", d.EndWarning()); - ScarinessScore SS; - if (sig.pc < GetPageSizeCached()) - Report("Hint: pc points to the zero page.\n"); - if (sig.is_memory_access) { - const char *access_type = - sig.write_flag == SignalContext::WRITE - ? "WRITE" - : (sig.write_flag == SignalContext::READ ? "READ" : "UNKNOWN"); - Report("The signal is caused by a %s memory access.\n", access_type); - if (sig.addr < GetPageSizeCached()) { - Report("Hint: address points to the zero page.\n"); - SS.Scare(10, "null-deref"); - } else if (sig.addr == sig.pc) { - SS.Scare(60, "wild-jump"); - } else if (sig.write_flag == SignalContext::WRITE) { - SS.Scare(30, "wild-addr-write"); - } else if (sig.write_flag == SignalContext::READ) { - SS.Scare(20, "wild-addr-read"); - } else { - SS.Scare(25, "wild-addr"); - } - } else { - SS.Scare(10, "signal"); - } - SS.Print(); - GET_STACK_TRACE_SIGNAL(sig); - stack.Print(); - MaybeDumpInstructionBytes(sig.pc); - Printf("AddressSanitizer can not provide additional info.\n"); - ReportErrorSummary(description, &stack); + ErrorDeadlySignal error{signo, sig, GetCurrentTidOrInvalid()}; // NOLINT + in_report.ReportError(error); } void ReportDoubleFree(uptr addr, BufferedStackTrace *free_stack) {