https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81619
Bug ID: 81619
Summary: pairs of mmap/munmap do not reset asan's
user-poisoning flags, leading to invalid error reports
Product: gcc
Version: 6.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: dvilleneuve at kronos dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
Created attachment 41863
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=41863&action=edit
small C program showing the problem on Linux
When using mmap/munmap from an application, memory returned by mmap is not seen
by the address sanitizer in a newly-initialized state: it might still be marked
with user-poisoning flags.
This is unlike using malloc/free pairs, where memory obtained from malloc,
although possibly reused after being freed, is correctly initialized.
By looking at the code for the sanitizer (gcc 6.3.0), I could figure out that
malloc/free do some reinitialization of memory flags. I could not find such
code for mmap/munmap.
A workaround in the application is to explicitly call
ASAN_UNPOISON_MEMORY_REGION prior to invoking munmap.
