On 07/05/2017 10:00 PM, Jonathan Wakely wrote: > This patch adds AddressSanitizer annotations to std::vector, so that > ASan can detect out-of-bounds accesses to the unused capacity of a > vector. e.g. > > std::vector<int> v(2); > int* p = v.data(); > v.pop_back(); > return p[1]; // ERROR > > This cannot be detected by Debug Mode, but with these annotations ASan > knows that only v.data()[0] is valid and will give an error. > > The annotations are only enabled for vector<T, std::allocator<T>> and > only when std::allocator's base class is either malloc_allocator or > new_allocator. For other allocators the memory might not come from the > freestore and so isn't tracked by ASan. > > Something similar has been on the google branches for some time: > https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=207517 > This patch is a complete rewrite from scratch, because the google code > was not exception safe. If an exception happened while appending > elements to a vector, so that the size didn't change, the google code > did not undo the annotation for the increased size. It also didn't > annotate before deallocating, to mark the unused capacity as valid > again. > > We can probably do similar annotations for std::deque, so that > partially filled pages are annotated. I also have a patch for > shared_ptr so that objects created by make_shared can be marked as > invalid after they're destroyed.
Could you share your plans on sanitization of other standard containers? My particular interest is in std::string which I'm working on now. Also, will you backport the feature to GCC7 and GCC6? > * config/allocator/malloc_allocator_base.h [__SANITIZE_ADDRESS__] > (_GLIBCXX_SANITIZE_STD_ALLOCATOR): Define. > * config/allocator/new_allocator_base.h [__SANITIZE_ADDRESS__] > (_GLIBCXX_SANITIZE_STD_ALLOCATOR): Define. > * include/bits/stl_vector.h [_GLIBCXX_SANITIZE_STD_ALLOCATOR] > (_Vector_impl::_Asan, _Vector_impl::_Asan::_Reinit) > (_Vector_impl::_Asan::_Grow, _GLIBCXX_ASAN_ANNOTATE_REINIT) > (_GLIBCXX_ASAN_ANNOTATE_GROW, _GLIBCXX_ASAN_ANNOTATE_GREW) > (_GLIBCXX_ASAN_ANNOTATE_SHRINK, _GLIBCXX_ASAN_ANNOTATE_BEFORE_DEALLOC): > Define annotation helper types and macros. > (vector::~vector, vector::push_back, vector::pop_back) > (vector::_M_erase_at_end): Add annotations. > * include/bits/vector.tcc (vector::reserve, vector::emplace_back) > (vector::insert, vector::_M_erase, vector::operator=) > (vector::_M_fill_assign, vector::_M_assign_aux) > (vector::_M_insert_rval, vector::_M_emplace_aux) > (vector::_M_insert_aux, vector::_M_realloc_insert) > (vector::_M_fill_insert, vector::_M_default_append) > (vector::_M_shrink_to_fit, vector::_M_range_insert): Annotate. > > Tested x86_64-linux (using -fsanitize=address, with some local patches > to the testsuite) and powerpc64le-linux. > > I plan to commit this to trunk tomorrow. >
