> Can you please be more verbose
Right, I should have been.
So as you can see from the asm log in the bug description, prologue
writes shadow bytes corresponding to words at frame_shadow_base + { 0,
4, 8, 12, 16, 24, 28}. Epilogue should clear those but instead it zeros
out frame_shadow_base + { 0, 4, 8, 12, 16, 40, 44}, thus causing words
at frame_shadow_base + {24, 28} to remain poisoned and causing false
Asan errors later.
The reason as I see it is that we change the address of shadow_mem in
asan_emit_stack_protection twice: once in asan_clear_shadow
tmp = expand_simple_binop (Pmode, PLUS, addr, gen_int_mode (4,
Pmode), addr,
true, OPTAB_LIB_WIDEN);
if (tmp != addr)
emit_move_insn (addr, tmp);
and asan_emit_stack_protection itself:
if (last_size)
{
shadow_mem = adjust_address (shadow_mem, VOIDmode,
(last_offset - prev_offset)
>> ASAN_SHADOW_SHIFT);
This would translate into
add r4, r4, #4
and
add r3, r4, #24
in the asm. The shadow_mem will thus have the next block offset added to
it _twice_ and will point to invalid position.
My simple fix uses a temp register in asan_clear_shadow to avoid
spoiling the shadow_mem inside the loop.
I'm not yet a gcc guru so I wanted some experienced person to say
whether I'm doing something completely wrong here.
BTW I forgot to mention that Asan tests pass both on ARM and on x86_64.
> Also, you are missing a ChangeLog entry.
Attached.
-Y
2013-09-30 Yury Gribov <y.gri...@samsung.com>
PR sanitizer/58543
* asan.c: Use new temporary for iteration in asan_clear_shadow.
