projects / platform / upstream / llvm.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 69b0ed9) | patch
[hwasan] Do not use short granule tags as poison tags.
authorFlorian Mayer <fmayer@google.com>
Tue, 15 Jun 2021 12:12:02 +0000 (13:12 +0100)
committerFlorian Mayer <fmayer@google.com>
Thu, 17 Jun 2021 10:59:37 +0000 (11:59 +0100)
commit18070723ef5cfd7d58bc296fedb67b5e3a88908f
tree78b8cae66ac1cab47abb8f7c5e1759c6a4c70fc1tree | snapshot
parent69b0ed9a0a6aeab0b1c93d0a76c66a63c1d6f410commit | diff
[hwasan] Do not use short granule tags as poison tags.

Short granule tags as poison cause a UaF to read the referenced
memory to retrieve the tag, and means we do not detect the UaF
if the last granule's tag is still around.

This only increases the change of not catching a UaF from
0.39 % (1 / 256) to 0.42 % (1 / (256 - 17)).

Reviewed By: eugenis

Differential Revision: https://reviews.llvm.org/D104304
compiler-rt/lib/hwasan/hwasan_allocator.cpp diff | blob | history
Domain: System / Toolchain;