the beginning of the fake frame when reporting an use-after-return error.
Fixes http://code.google.com/p/address-sanitizer/issues/detail?id=126
llvm-svn: 168040
CHECK(fake_frame->descr != 0);
CHECK(fake_frame->size_minus_one == size - 1);
PoisonShadow(ptr, size, kAsanStackAfterReturnMagic);
+ CHECK(size >= SHADOW_GRANULARITY);
+ // Poison the leftmost shadow byte with a special value so that we can find
+ // the beginning of the fake frame when reporting an error.
+ PoisonShadow(ptr, SHADOW_GRANULARITY, kAsanStackAfterReturnLeftMagic);
}
} // namespace __asan
const int kAsanStackAfterReturnMagic = 0xf5;
const int kAsanInitializationOrderMagic = 0xf6;
const int kAsanUserPoisonedMemoryMagic = 0xf7;
+const int kAsanStackAfterReturnLeftMagic = 0xf8;
const int kAsanGlobalRedzoneMagic = 0xf9;
const int kAsanInternalHeapMagic = 0xfe;
bug_descr = "stack-buffer-overflow";
break;
case kAsanStackAfterReturnMagic:
+ case kAsanStackAfterReturnLeftMagic:
bug_descr = "stack-use-after-return";
break;
case kAsanUserPoisonedMemoryMagic:
u8 *shadow_bottom = (u8*)MemToShadow(bottom);
while (shadow_ptr >= shadow_bottom &&
- *shadow_ptr != kAsanStackLeftRedzoneMagic) {
+ *shadow_ptr != kAsanStackLeftRedzoneMagic &&
+ *shadow_ptr != kAsanStackAfterReturnLeftMagic) {
shadow_ptr--;
}
while (shadow_ptr >= shadow_bottom &&
- *shadow_ptr == kAsanStackLeftRedzoneMagic) {
+ (*shadow_ptr == kAsanStackLeftRedzoneMagic ||
+ *shadow_ptr == kAsanStackAfterReturnLeftMagic)) {
shadow_ptr--;
}