left/right is a weird way to refer to address ordering.
Reviewed By: eugenis, vitalybuka
Differential Revision: https://reviews.llvm.org/D132622
HWASAN_FLAG(bool, free_checks_tail_magic, 1,
"If set, free() will check the magic values "
- "to the right of the allocated object "
+ "after the allocated object "
"if the allocation size is not a divident of the granule size")
HWASAN_FLAG(
int, max_free_fill_size, 0,
whence = "inside";
} else if (candidate == left) {
offset = untagged_addr - chunk.End();
- whence = "to the right of";
+ whence = "after";
} else {
offset = chunk.Beg() - untagged_addr;
- whence = "to the left of";
+ whence = "before";
}
Printf("%s", d.Error());
Printf("\nCause: heap-buffer-overflow\n");
Printf("%s", d.Default());
Printf("%s", d.Location());
- Printf("%p is located %zd bytes %s %zd-byte region [%p,%p)\n",
+ Printf("%p is located %zd bytes %s a %zd-byte region [%p,%p)\n",
untagged_addr, offset, whence, chunk.UsedSize(), chunk.Beg(),
chunk.End());
Printf("%s", d.Allocation());
Printf("%s", d.Location());
if (sym->SymbolizeData(mem, &info) && info.start) {
Printf(
- "%p is located %zd bytes to the %s of %zd-byte global variable "
+ "%p is located %zd bytes %s a %zd-byte global variable "
"%s [%p,%p) in %s\n",
untagged_addr,
candidate == left ? untagged_addr - (info.start + info.size)
: info.start - untagged_addr,
- candidate == left ? "right" : "left", info.size, info.name,
+ candidate == left ? "after" : "before", info.size, info.name,
info.start, info.start + info.size, module_name);
} else {
uptr size = GetGlobalSizeFromDescriptor(mem);
if (size == 0)
// We couldn't find the size of the global from the descriptors.
Printf(
- "%p is located to the %s of a global variable in "
+ "%p is located %s a global variable in "
"\n #0 0x%x (%s+0x%x)\n",
- untagged_addr, candidate == left ? "right" : "left", mem,
+ untagged_addr, candidate == left ? "after" : "before", mem,
module_name, module_address);
else
Printf(
- "%p is located to the %s of a %zd-byte global variable in "
+ "%p is located %s a %zd-byte global variable in "
"\n #0 0x%x (%s+0x%x)\n",
- untagged_addr, candidate == left ? "right" : "left", size, mem,
+ untagged_addr, candidate == left ? "after" : "before", size, mem,
module_name, module_address);
}
Printf("%s", d.Default());
Printf("%s", d.Error());
Printf("\nCause: use-after-free\n");
Printf("%s", d.Location());
- Printf("%p is located %zd bytes inside of %zd-byte region [%p,%p)\n",
+ Printf("%p is located %zd bytes inside a %zd-byte region [%p,%p)\n",
untagged_addr, untagged_addr - UntagAddr(har.tagged_addr),
har.requested_size, UntagAddr(har.tagged_addr),
UntagAddr(har.tagged_addr) + har.requested_size);
s.append("%s ", actual_expected[i] != tail[i] ? "^^" : " ");
s.append("\nThis error occurs when a buffer overflow overwrites memory\n"
- "to the right of a heap object, but within the %zd-byte granule, e.g.\n"
+ "after a heap object, but within the %zd-byte granule, e.g.\n"
" char *x = new char[20];\n"
" x[25] = 42;\n"
"%s does not detect such bugs in uninstrumented code at the time of write,"
continue
self.print('')
self.print('Potentially referenced stack object:')
- self.print(' %d bytes inside variable "%s" in stack frame of function "%s"' % (obj_offset, local[2], local[0]))
+ self.print(' %d bytes inside a variable "%s" in stack frame of function "%s"' % (obj_offset, local[2], local[0]))
self.print(' at %s' % (local[1],))
return True
return False
int main(int argc, char **argv) {
// CHECK: Cause: global-overflow
- // RSYM: is located 0 bytes to the right of 4-byte global variable f.x {{.*}} in {{.*}}global-with-reduction.c.tmp
- // RNOSYM: is located to the right of a 4-byte global variable in
+ // RSYM: is located 0 bytes after a 4-byte global variable f.x {{.*}} in {{.*}}global-with-reduction.c.tmp
+ // RNOSYM: is located after a 4-byte global variable in
// RNOSYM-NEXT: #0 0x{{.*}} ({{.*}}global-with-reduction.c.tmp+{{.*}})
- // LSYM: is located 4 bytes to the left of 4-byte global variable f.x {{.*}} in {{.*}}global-with-reduction.c.tmp
- // LNOSYM: is located to the left of a 4-byte global variable in
+ // LSYM: is located 4 bytes before a 4-byte global variable f.x {{.*}} in {{.*}}global-with-reduction.c.tmp
+ // LNOSYM: is located before a 4-byte global variable in
// LNOSYM-NEXT: #0 0x{{.*}} ({{.*}}global-with-reduction.c.tmp+{{.*}})
// CHECK-NOT: can not describe
f()[atoi(argv[1])] = 1;
int main(int argc, char **argv) {
// CHECK: Cause: global-overflow
- // RSYM: is located 0 bytes to the right of 4-byte global variable x {{.*}} in {{.*}}global.c.tmp
- // RNOSYM: is located to the right of a 4-byte global variable in
+ // RSYM: is located 0 bytes after a 4-byte global variable x {{.*}} in {{.*}}global.c.tmp
+ // RNOSYM: is located after a 4-byte global variable in
// RNOSYM-NEXT: #0 0x{{.*}} ({{.*}}global.c.tmp+{{.*}})
- // LSYM: is located 4 bytes to the left of 4-byte global variable x {{.*}} in {{.*}}global.c.tmp
- // LNOSYM: is located to the left of a 4-byte global variable in
+ // LSYM: is located 4 bytes before a 4-byte global variable x {{.*}} in {{.*}}global.c.tmp
+ // LNOSYM: is located before a 4-byte global variable in
// LNOSYM-NEXT: #0 0x{{.*}} ({{.*}}global.c.tmp+{{.*}})
// CHECK-NOT: can not describe
(&x)[atoi(argv[1])] = 1;
char *volatile x = (char *)malloc(size);
memset(x + read_offset, 0, 26);
// CHECK5: Invalid access starting at offset 5
- // CHECK5: is located 5 bytes inside 10-byte region
+ // CHECK5: is located 5 bytes inside a 10-byte region
// CHECK7: Invalid access starting at offset 3
- // CHECK7: is located 7 bytes inside 10-byte region
+ // CHECK7: is located 7 bytes inside a 10-byte region
// CHECK8: Invalid access starting at offset 12
- // CHECK8: is located 8 bytes inside 20-byte region
- // CHECK32: is located 12 bytes to the right of 20-byte region
+ // CHECK8: is located 8 bytes inside a 20-byte region
+ // CHECK32: is located 12 bytes after a 20-byte region
free(x);
}
// CHECK40: allocated heap chunk; size: 32 offset: 8
// CHECK40: Cause: heap-buffer-overflow
-// CHECK40: is located 10 bytes to the right of 30-byte region
+// CHECK40: is located 10 bytes after a 30-byte region
//
// CHECK80: allocated heap chunk; size: 32 offset: 16
// CHECK80: Cause: heap-buffer-overflow
-// CHECK80: is located 50 bytes to the right of 30-byte region
+// CHECK80: is located 50 bytes after a 30-byte region
//
// CHECKm30: Cause: heap-buffer-overflow
-// CHECKm30: is located 30 bytes to the left of 30-byte region
+// CHECKm30: is located 30 bytes before a 30-byte region
//
// CHECKMm30: is a large allocated heap chunk; size: 1003520 offset: -30
// CHECKMm30: Cause: heap-buffer-overflow
-// CHECKMm30: is located 30 bytes to the left of 1000000-byte region
+// CHECKMm30: is located 30 bytes before a 1000000-byte region
//
// CHECKM: is a large allocated heap chunk; size: 1003520 offset: 1000000
// CHECKM: Cause: heap-buffer-overflow
-// CHECKM: is located 0 bytes to the right of 1000000-byte region
+// CHECKM: is located 0 bytes after a 1000000-byte region
//
// CHECK31: tags: [[TAG:..]]/0e([[TAG]]) (ptr/mem)
// CHECK31-NOT: Invalid access starting at offset
// CHECK31: Cause: heap-buffer-overflow
-// CHECK31: is located 1 bytes to the right of 30-byte region
+// CHECK31: is located 1 bytes after a 30-byte region
// CHECK31: Memory tags around the buggy address
// CHECK31: [0e]
// CHECK31: Tags for short granules around the buggy address
//
// CHECK20-NOT: Invalid access starting at offset
// CHECK20: Cause: heap-buffer-overflow
-// CHECK20: is located 10 bytes to the right of 20-byte region [0x{{.*}}0,0x{{.*}}4)
+// CHECK20: is located 10 bytes after a 20-byte region [0x{{.*}}0,0x{{.*}}4)
free(x);
}
int main(int argc, char **argv) {
// CHECK: Cause: global-overflow
- // CHECK: is located 0 bytes to the right of 4-byte global variable x {{.*}} in {{.*}}lto.c.tmp
+ // CHECK: is located 0 bytes after a 4-byte global variable x {{.*}} in {{.*}}lto.c.tmp
// CHECK-NOT: can not describe
(&x)[atoi(argv[1])] = 1;
}
char * volatile p = (char*)malloc(10);
#ifdef MALLOC
// MALLOC: READ of size 1 at
- // MALLOC: is located 6 bytes to the right of 10-byte region
+ // MALLOC: is located 6 bytes after a 10-byte region
// MALLOC: allocated here:
char volatile x = p[16];
#endif
free(p);
#ifdef FREE
// FREE: READ of size 1 at
- // FREE: is located 0 bytes inside of 10-byte region
+ // FREE: is located 0 bytes inside a 10-byte region
// FREE: freed by thread T0 here:
// FREE: previously allocated here:
char volatile y = p[0];
// Offset is 5 or 11 depending on left/right alignment.
// CHECK: is a small unallocated heap chunk; size: 32 offset: {{5|11}}
// CHECK: Cause: use-after-free
- // CHECK: is located 5 bytes inside of 10-byte region
+ // CHECK: is located 5 bytes inside a 10-byte region
//
// CHECK: freed by thread {{.*}} here:
// CHECK: #0 {{.*}} in {{.*}}free{{.*}} {{.*}}hwasan_allocation_functions.cpp
// CHECK: ERROR: HWAddressSanitizer: invalid-free on address {{.*}} at pc {{[0x]+}}[[PC:.*]] on thread T{{[0-9]+}}
// CHECK: #0 {{[0x]+}}{{.*}}[[PC]] in {{.*}}free
// CHECK: #1 {{.*}} in main {{.*}}wild-free-close.c:[[@LINE-3]]
- // CHECK: is located 8 bytes to the left of 1-byte region [{{[0x]+}}{{.*}}[[ADDR]]
+ // CHECK: is located 8 bytes before a 1-byte region [{{[0x]+}}{{.*}}[[ADDR]]
// CHECK-NOT: Segmentation fault
// CHECK-NOT: SIGSEGV
return 0;
projects / platform / upstream / llvm.git / commitdiff