1 //===-- asan_errors.cc ------------------------------------------*- C++ -*-===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file is a part of AddressSanitizer, an address sanity checker. 11 // 12 // ASan implementation for error structures. 13 //===----------------------------------------------------------------------===// 14 15 #include "asan_errors.h" 16 #include "asan_descriptions.h" 17 #include "asan_mapping.h" 18 #include "asan_report.h" 19 #include "asan_stack.h" 20 #include "sanitizer_common/sanitizer_stackdepot.h" 21 22 namespace __asan { 23 24 static void OnStackUnwind(const SignalContext &sig, 25 const void *callback_context, 26 BufferedStackTrace *stack) { 27 bool fast = common_flags()->fast_unwind_on_fatal; 28 #if SANITIZER_FREEBSD || SANITIZER_NETBSD 29 // On FreeBSD the slow unwinding that leverages _Unwind_Backtrace() 30 // yields the call stack of the signal's handler and not of the code 31 // that raised the signal (as it does on Linux). 32 fast = true; 33 #endif 34 // Tests and maybe some users expect that scariness is going to be printed 35 // just before the stack. As only asan has scariness score we have no 36 // corresponding code in the sanitizer_common and we use this callback to 37 // print it. 38 static_cast<const ScarinessScoreBase *>(callback_context)->Print(); 39 GetStackTrace(stack, kStackTraceMax, sig.pc, sig.bp, sig.context, fast); 40 } 41 42 void ErrorDeadlySignal::Print() { 43 ReportDeadlySignal(signal, tid, &OnStackUnwind, &scariness); 44 } 45 46 void ErrorDoubleFree::Print() { 47 Decorator d; 48 Printf("%s", d.Error()); 49 Report( 50 "ERROR: AddressSanitizer: attempting %s on %p in thread %s:\n", 51 scariness.GetDescription(), addr_description.addr, 52 AsanThreadIdAndName(tid).c_str()); 53 Printf("%s", d.Default()); 54 scariness.Print(); 55 GET_STACK_TRACE_FATAL(second_free_stack->trace[0], 56 second_free_stack->top_frame_bp); 57 stack.Print(); 58 addr_description.Print(); 59 ReportErrorSummary(scariness.GetDescription(), &stack); 60 } 61 62 void ErrorNewDeleteTypeMismatch::Print() { 63 Decorator d; 64 Printf("%s", d.Error()); 65 Report( 66 "ERROR: AddressSanitizer: %s on %p in thread %s:\n", 67 scariness.GetDescription(), addr_description.addr, 68 AsanThreadIdAndName(tid).c_str()); 69 Printf("%s object passed to delete has wrong type:\n", d.Default()); 70 if (delete_size != 0) { 71 Printf( 72 " size of the allocated type: %zd bytes;\n" 73 " size of the deallocated type: %zd bytes.\n", 74 addr_description.chunk_access.chunk_size, delete_size); 75 } 76 const uptr user_alignment = 77 addr_description.chunk_access.user_requested_alignment; 78 if (delete_alignment != user_alignment) { 79 char user_alignment_str[32]; 80 char delete_alignment_str[32]; 81 internal_snprintf(user_alignment_str, sizeof(user_alignment_str), 82 "%zd bytes", user_alignment); 83 internal_snprintf(delete_alignment_str, sizeof(delete_alignment_str), 84 "%zd bytes", delete_alignment); 85 static const char *kDefaultAlignment = "default-aligned"; 86 Printf( 87 " alignment of the allocated type: %s;\n" 88 " alignment of the deallocated type: %s.\n", 89 user_alignment > 0 ? user_alignment_str : kDefaultAlignment, 90 delete_alignment > 0 ? delete_alignment_str : kDefaultAlignment); 91 } 92 CHECK_GT(free_stack->size, 0); 93 scariness.Print(); 94 GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); 95 stack.Print(); 96 addr_description.Print(); 97 ReportErrorSummary(scariness.GetDescription(), &stack); 98 Report( 99 "HINT: if you don't care about these errors you may set " 100 "ASAN_OPTIONS=new_delete_type_mismatch=0\n"); 101 } 102 103 void ErrorFreeNotMalloced::Print() { 104 Decorator d; 105 Printf("%s", d.Error()); 106 Report( 107 "ERROR: AddressSanitizer: attempting free on address " 108 "which was not malloc()-ed: %p in thread %s\n", 109 addr_description.Address(), AsanThreadIdAndName(tid).c_str()); 110 Printf("%s", d.Default()); 111 CHECK_GT(free_stack->size, 0); 112 scariness.Print(); 113 GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); 114 stack.Print(); 115 addr_description.Print(); 116 ReportErrorSummary(scariness.GetDescription(), &stack); 117 } 118 119 void ErrorAllocTypeMismatch::Print() { 120 static const char *alloc_names[] = {"INVALID", "malloc", "operator new", 121 "operator new []"}; 122 static const char *dealloc_names[] = {"INVALID", "free", "operator delete", 123 "operator delete []"}; 124 CHECK_NE(alloc_type, dealloc_type); 125 Decorator d; 126 Printf("%s", d.Error()); 127 Report("ERROR: AddressSanitizer: %s (%s vs %s) on %p\n", 128 scariness.GetDescription(), alloc_names[alloc_type], 129 dealloc_names[dealloc_type], addr_description.Address()); 130 Printf("%s", d.Default()); 131 CHECK_GT(dealloc_stack->size, 0); 132 scariness.Print(); 133 GET_STACK_TRACE_FATAL(dealloc_stack->trace[0], dealloc_stack->top_frame_bp); 134 stack.Print(); 135 addr_description.Print(); 136 ReportErrorSummary(scariness.GetDescription(), &stack); 137 Report( 138 "HINT: if you don't care about these errors you may set " 139 "ASAN_OPTIONS=alloc_dealloc_mismatch=0\n"); 140 } 141 142 void ErrorMallocUsableSizeNotOwned::Print() { 143 Decorator d; 144 Printf("%s", d.Error()); 145 Report( 146 "ERROR: AddressSanitizer: attempting to call malloc_usable_size() for " 147 "pointer which is not owned: %p\n", 148 addr_description.Address()); 149 Printf("%s", d.Default()); 150 stack->Print(); 151 addr_description.Print(); 152 ReportErrorSummary(scariness.GetDescription(), stack); 153 } 154 155 void ErrorSanitizerGetAllocatedSizeNotOwned::Print() { 156 Decorator d; 157 Printf("%s", d.Error()); 158 Report( 159 "ERROR: AddressSanitizer: attempting to call " 160 "__sanitizer_get_allocated_size() for pointer which is not owned: %p\n", 161 addr_description.Address()); 162 Printf("%s", d.Default()); 163 stack->Print(); 164 addr_description.Print(); 165 ReportErrorSummary(scariness.GetDescription(), stack); 166 } 167 168 void ErrorCallocOverflow::Print() { 169 Decorator d; 170 Printf("%s", d.Error()); 171 Report( 172 "ERROR: AddressSanitizer: calloc parameters overflow: count * size " 173 "(%zd * %zd) cannot be represented in type size_t (thread %s)\n", 174 count, size, AsanThreadIdAndName(tid).c_str()); 175 Printf("%s", d.Default()); 176 stack->Print(); 177 PrintHintAllocatorCannotReturnNull(); 178 ReportErrorSummary(scariness.GetDescription(), stack); 179 } 180 181 void ErrorPvallocOverflow::Print() { 182 Decorator d; 183 Printf("%s", d.Error()); 184 Report( 185 "ERROR: AddressSanitizer: pvalloc parameters overflow: size 0x%zx " 186 "rounded up to system page size 0x%zx cannot be represented in type " 187 "size_t (thread %s)\n", 188 size, GetPageSizeCached(), AsanThreadIdAndName(tid).c_str()); 189 Printf("%s", d.Default()); 190 stack->Print(); 191 PrintHintAllocatorCannotReturnNull(); 192 ReportErrorSummary(scariness.GetDescription(), stack); 193 } 194 195 void ErrorInvalidAllocationAlignment::Print() { 196 Decorator d; 197 Printf("%s", d.Error()); 198 Report( 199 "ERROR: AddressSanitizer: invalid allocation alignment: %zd, " 200 "alignment must be a power of two (thread %s)\n", 201 alignment, AsanThreadIdAndName(tid).c_str()); 202 Printf("%s", d.Default()); 203 stack->Print(); 204 PrintHintAllocatorCannotReturnNull(); 205 ReportErrorSummary(scariness.GetDescription(), stack); 206 } 207 208 void ErrorInvalidAlignedAllocAlignment::Print() { 209 Decorator d; 210 Printf("%s", d.Error()); 211 #if SANITIZER_POSIX 212 Report("ERROR: AddressSanitizer: invalid alignment requested in " 213 "aligned_alloc: %zd, alignment must be a power of two and the " 214 "requested size 0x%zx must be a multiple of alignment " 215 "(thread %s)\n", alignment, size, AsanThreadIdAndName(tid).c_str()); 216 #else 217 Report("ERROR: AddressSanitizer: invalid alignment requested in " 218 "aligned_alloc: %zd, the requested size 0x%zx must be a multiple of " 219 "alignment (thread %s)\n", alignment, size, 220 AsanThreadIdAndName(tid).c_str()); 221 #endif 222 Printf("%s", d.Default()); 223 stack->Print(); 224 PrintHintAllocatorCannotReturnNull(); 225 ReportErrorSummary(scariness.GetDescription(), stack); 226 } 227 228 void ErrorInvalidPosixMemalignAlignment::Print() { 229 Decorator d; 230 Printf("%s", d.Error()); 231 Report( 232 "ERROR: AddressSanitizer: invalid alignment requested in posix_memalign: " 233 "%zd, alignment must be a power of two and a multiple of sizeof(void*) " 234 "== %zd (thread %s)\n", 235 alignment, sizeof(void*), AsanThreadIdAndName(tid).c_str()); // NOLINT 236 Printf("%s", d.Default()); 237 stack->Print(); 238 PrintHintAllocatorCannotReturnNull(); 239 ReportErrorSummary(scariness.GetDescription(), stack); 240 } 241 242 void ErrorAllocationSizeTooBig::Print() { 243 Decorator d; 244 Printf("%s", d.Error()); 245 Report( 246 "ERROR: AddressSanitizer: requested allocation size 0x%zx (0x%zx after " 247 "adjustments for alignment, red zones etc.) exceeds maximum supported " 248 "size of 0x%zx (thread %s)\n", 249 user_size, total_size, max_size, AsanThreadIdAndName(tid).c_str()); 250 Printf("%s", d.Default()); 251 stack->Print(); 252 PrintHintAllocatorCannotReturnNull(); 253 ReportErrorSummary(scariness.GetDescription(), stack); 254 } 255 256 void ErrorRssLimitExceeded::Print() { 257 Decorator d; 258 Printf("%s", d.Error()); 259 Report( 260 "ERROR: AddressSanitizer: specified RSS limit exceeded, currently set to " 261 "soft_rss_limit_mb=%zd\n", common_flags()->soft_rss_limit_mb); 262 Printf("%s", d.Default()); 263 stack->Print(); 264 PrintHintAllocatorCannotReturnNull(); 265 ReportErrorSummary(scariness.GetDescription(), stack); 266 } 267 268 void ErrorOutOfMemory::Print() { 269 Decorator d; 270 Printf("%s", d.Error()); 271 Report( 272 "ERROR: AddressSanitizer: allocator is out of memory trying to allocate " 273 "0x%zx bytes\n", requested_size); 274 Printf("%s", d.Default()); 275 stack->Print(); 276 PrintHintAllocatorCannotReturnNull(); 277 ReportErrorSummary(scariness.GetDescription(), stack); 278 } 279 280 void ErrorStringFunctionMemoryRangesOverlap::Print() { 281 Decorator d; 282 char bug_type[100]; 283 internal_snprintf(bug_type, sizeof(bug_type), "%s-param-overlap", function); 284 Printf("%s", d.Error()); 285 Report( 286 "ERROR: AddressSanitizer: %s: memory ranges [%p,%p) and [%p, %p) " 287 "overlap\n", 288 bug_type, addr1_description.Address(), 289 addr1_description.Address() + length1, addr2_description.Address(), 290 addr2_description.Address() + length2); 291 Printf("%s", d.Default()); 292 scariness.Print(); 293 stack->Print(); 294 addr1_description.Print(); 295 addr2_description.Print(); 296 ReportErrorSummary(bug_type, stack); 297 } 298 299 void ErrorStringFunctionSizeOverflow::Print() { 300 Decorator d; 301 Printf("%s", d.Error()); 302 Report("ERROR: AddressSanitizer: %s: (size=%zd)\n", 303 scariness.GetDescription(), size); 304 Printf("%s", d.Default()); 305 scariness.Print(); 306 stack->Print(); 307 addr_description.Print(); 308 ReportErrorSummary(scariness.GetDescription(), stack); 309 } 310 311 void ErrorBadParamsToAnnotateContiguousContainer::Print() { 312 Report( 313 "ERROR: AddressSanitizer: bad parameters to " 314 "__sanitizer_annotate_contiguous_container:\n" 315 " beg : %p\n" 316 " end : %p\n" 317 " old_mid : %p\n" 318 " new_mid : %p\n", 319 beg, end, old_mid, new_mid); 320 uptr granularity = SHADOW_GRANULARITY; 321 if (!IsAligned(beg, granularity)) 322 Report("ERROR: beg is not aligned by %d\n", granularity); 323 stack->Print(); 324 ReportErrorSummary(scariness.GetDescription(), stack); 325 } 326 327 void ErrorODRViolation::Print() { 328 Decorator d; 329 Printf("%s", d.Error()); 330 Report("ERROR: AddressSanitizer: %s (%p):\n", scariness.GetDescription(), 331 global1.beg); 332 Printf("%s", d.Default()); 333 InternalScopedString g1_loc(256), g2_loc(256); 334 PrintGlobalLocation(&g1_loc, global1); 335 PrintGlobalLocation(&g2_loc, global2); 336 Printf(" [1] size=%zd '%s' %s\n", global1.size, 337 MaybeDemangleGlobalName(global1.name), g1_loc.data()); 338 Printf(" [2] size=%zd '%s' %s\n", global2.size, 339 MaybeDemangleGlobalName(global2.name), g2_loc.data()); 340 if (stack_id1 && stack_id2) { 341 Printf("These globals were registered at these points:\n"); 342 Printf(" [1]:\n"); 343 StackDepotGet(stack_id1).Print(); 344 Printf(" [2]:\n"); 345 StackDepotGet(stack_id2).Print(); 346 } 347 Report( 348 "HINT: if you don't care about these errors you may set " 349 "ASAN_OPTIONS=detect_odr_violation=0\n"); 350 InternalScopedString error_msg(256); 351 error_msg.append("%s: global '%s' at %s", scariness.GetDescription(), 352 MaybeDemangleGlobalName(global1.name), g1_loc.data()); 353 ReportErrorSummary(error_msg.data()); 354 } 355 356 void ErrorInvalidPointerPair::Print() { 357 Decorator d; 358 Printf("%s", d.Error()); 359 Report("ERROR: AddressSanitizer: %s: %p %p\n", scariness.GetDescription(), 360 addr1_description.Address(), addr2_description.Address()); 361 Printf("%s", d.Default()); 362 GET_STACK_TRACE_FATAL(pc, bp); 363 stack.Print(); 364 addr1_description.Print(); 365 addr2_description.Print(); 366 ReportErrorSummary(scariness.GetDescription(), &stack); 367 } 368 369 static bool AdjacentShadowValuesAreFullyPoisoned(u8 *s) { 370 return s[-1] > 127 && s[1] > 127; 371 } 372 373 ErrorGeneric::ErrorGeneric(u32 tid, uptr pc_, uptr bp_, uptr sp_, uptr addr, 374 bool is_write_, uptr access_size_) 375 : ErrorBase(tid), 376 addr_description(addr, access_size_, /*shouldLockThreadRegistry=*/false), 377 pc(pc_), 378 bp(bp_), 379 sp(sp_), 380 access_size(access_size_), 381 is_write(is_write_), 382 shadow_val(0) { 383 scariness.Clear(); 384 if (access_size) { 385 if (access_size <= 9) { 386 char desr[] = "?-byte"; 387 desr[0] = '0' + access_size; 388 scariness.Scare(access_size + access_size / 2, desr); 389 } else if (access_size >= 10) { 390 scariness.Scare(15, "multi-byte"); 391 } 392 is_write ? scariness.Scare(20, "write") : scariness.Scare(1, "read"); 393 394 // Determine the error type. 395 bug_descr = "unknown-crash"; 396 if (AddrIsInMem(addr)) { 397 u8 *shadow_addr = (u8 *)MemToShadow(addr); 398 // If we are accessing 16 bytes, look at the second shadow byte. 399 if (*shadow_addr == 0 && access_size > SHADOW_GRANULARITY) shadow_addr++; 400 // If we are in the partial right redzone, look at the next shadow byte. 401 if (*shadow_addr > 0 && *shadow_addr < 128) shadow_addr++; 402 bool far_from_bounds = false; 403 shadow_val = *shadow_addr; 404 int bug_type_score = 0; 405 // For use-after-frees reads are almost as bad as writes. 406 int read_after_free_bonus = 0; 407 switch (shadow_val) { 408 case kAsanHeapLeftRedzoneMagic: 409 case kAsanArrayCookieMagic: 410 bug_descr = "heap-buffer-overflow"; 411 bug_type_score = 10; 412 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 413 break; 414 case kAsanHeapFreeMagic: 415 bug_descr = "heap-use-after-free"; 416 bug_type_score = 20; 417 if (!is_write) read_after_free_bonus = 18; 418 break; 419 case kAsanStackLeftRedzoneMagic: 420 bug_descr = "stack-buffer-underflow"; 421 bug_type_score = 25; 422 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 423 break; 424 case kAsanInitializationOrderMagic: 425 bug_descr = "initialization-order-fiasco"; 426 bug_type_score = 1; 427 break; 428 case kAsanStackMidRedzoneMagic: 429 case kAsanStackRightRedzoneMagic: 430 bug_descr = "stack-buffer-overflow"; 431 bug_type_score = 25; 432 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 433 break; 434 case kAsanStackAfterReturnMagic: 435 bug_descr = "stack-use-after-return"; 436 bug_type_score = 30; 437 if (!is_write) read_after_free_bonus = 18; 438 break; 439 case kAsanUserPoisonedMemoryMagic: 440 bug_descr = "use-after-poison"; 441 bug_type_score = 20; 442 break; 443 case kAsanContiguousContainerOOBMagic: 444 bug_descr = "container-overflow"; 445 bug_type_score = 10; 446 break; 447 case kAsanStackUseAfterScopeMagic: 448 bug_descr = "stack-use-after-scope"; 449 bug_type_score = 10; 450 break; 451 case kAsanGlobalRedzoneMagic: 452 bug_descr = "global-buffer-overflow"; 453 bug_type_score = 10; 454 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 455 break; 456 case kAsanIntraObjectRedzone: 457 bug_descr = "intra-object-overflow"; 458 bug_type_score = 10; 459 break; 460 case kAsanAllocaLeftMagic: 461 case kAsanAllocaRightMagic: 462 bug_descr = "dynamic-stack-buffer-overflow"; 463 bug_type_score = 25; 464 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 465 break; 466 } 467 scariness.Scare(bug_type_score + read_after_free_bonus, bug_descr); 468 if (far_from_bounds) scariness.Scare(10, "far-from-bounds"); 469 } 470 } 471 } 472 473 static void PrintContainerOverflowHint() { 474 Printf("HINT: if you don't care about these errors you may set " 475 "ASAN_OPTIONS=detect_container_overflow=0.\n" 476 "If you suspect a false positive see also: " 477 "https://github.com/google/sanitizers/wiki/" 478 "AddressSanitizerContainerOverflow.\n"); 479 } 480 481 static void PrintShadowByte(InternalScopedString *str, const char *before, 482 u8 byte, const char *after = "\n") { 483 PrintMemoryByte(str, before, byte, /*in_shadow*/true, after); 484 } 485 486 static void PrintLegend(InternalScopedString *str) { 487 str->append( 488 "Shadow byte legend (one shadow byte represents %d " 489 "application bytes):\n", 490 (int)SHADOW_GRANULARITY); 491 PrintShadowByte(str, " Addressable: ", 0); 492 str->append(" Partially addressable: "); 493 for (u8 i = 1; i < SHADOW_GRANULARITY; i++) PrintShadowByte(str, "", i, " "); 494 str->append("\n"); 495 PrintShadowByte(str, " Heap left redzone: ", 496 kAsanHeapLeftRedzoneMagic); 497 PrintShadowByte(str, " Freed heap region: ", kAsanHeapFreeMagic); 498 PrintShadowByte(str, " Stack left redzone: ", 499 kAsanStackLeftRedzoneMagic); 500 PrintShadowByte(str, " Stack mid redzone: ", 501 kAsanStackMidRedzoneMagic); 502 PrintShadowByte(str, " Stack right redzone: ", 503 kAsanStackRightRedzoneMagic); 504 PrintShadowByte(str, " Stack after return: ", 505 kAsanStackAfterReturnMagic); 506 PrintShadowByte(str, " Stack use after scope: ", 507 kAsanStackUseAfterScopeMagic); 508 PrintShadowByte(str, " Global redzone: ", kAsanGlobalRedzoneMagic); 509 PrintShadowByte(str, " Global init order: ", 510 kAsanInitializationOrderMagic); 511 PrintShadowByte(str, " Poisoned by user: ", 512 kAsanUserPoisonedMemoryMagic); 513 PrintShadowByte(str, " Container overflow: ", 514 kAsanContiguousContainerOOBMagic); 515 PrintShadowByte(str, " Array cookie: ", 516 kAsanArrayCookieMagic); 517 PrintShadowByte(str, " Intra object redzone: ", 518 kAsanIntraObjectRedzone); 519 PrintShadowByte(str, " ASan internal: ", kAsanInternalHeapMagic); 520 PrintShadowByte(str, " Left alloca redzone: ", kAsanAllocaLeftMagic); 521 PrintShadowByte(str, " Right alloca redzone: ", kAsanAllocaRightMagic); 522 PrintShadowByte(str, " Shadow gap: ", kAsanShadowGap); 523 } 524 525 static void PrintShadowBytes(InternalScopedString *str, const char *before, 526 u8 *bytes, u8 *guilty, uptr n) { 527 Decorator d; 528 if (before) str->append("%s%p:", before, bytes); 529 for (uptr i = 0; i < n; i++) { 530 u8 *p = bytes + i; 531 const char *before = 532 p == guilty ? "[" : (p - 1 == guilty && i != 0) ? "" : " "; 533 const char *after = p == guilty ? "]" : ""; 534 PrintShadowByte(str, before, *p, after); 535 } 536 str->append("\n"); 537 } 538 539 static void PrintShadowMemoryForAddress(uptr addr) { 540 if (!AddrIsInMem(addr)) return; 541 uptr shadow_addr = MemToShadow(addr); 542 const uptr n_bytes_per_row = 16; 543 uptr aligned_shadow = shadow_addr & ~(n_bytes_per_row - 1); 544 InternalScopedString str(4096 * 8); 545 str.append("Shadow bytes around the buggy address:\n"); 546 for (int i = -5; i <= 5; i++) { 547 uptr row_shadow_addr = aligned_shadow + i * n_bytes_per_row; 548 // Skip rows that would be outside the shadow range. This can happen when 549 // the user address is near the bottom, top, or shadow gap of the address 550 // space. 551 if (!AddrIsInShadow(row_shadow_addr)) continue; 552 const char *prefix = (i == 0) ? "=>" : " "; 553 PrintShadowBytes(&str, prefix, (u8 *)row_shadow_addr, (u8 *)shadow_addr, 554 n_bytes_per_row); 555 } 556 if (flags()->print_legend) PrintLegend(&str); 557 Printf("%s", str.data()); 558 } 559 560 void ErrorGeneric::Print() { 561 Decorator d; 562 Printf("%s", d.Error()); 563 uptr addr = addr_description.Address(); 564 Report("ERROR: AddressSanitizer: %s on address %p at pc %p bp %p sp %p\n", 565 bug_descr, (void *)addr, pc, bp, sp); 566 Printf("%s", d.Default()); 567 568 Printf("%s%s of size %zu at %p thread %s%s\n", d.Access(), 569 access_size ? (is_write ? "WRITE" : "READ") : "ACCESS", access_size, 570 (void *)addr, AsanThreadIdAndName(tid).c_str(), d.Default()); 571 572 scariness.Print(); 573 GET_STACK_TRACE_FATAL(pc, bp); 574 stack.Print(); 575 576 // Pass bug_descr because we have a special case for 577 // initialization-order-fiasco 578 addr_description.Print(bug_descr); 579 if (shadow_val == kAsanContiguousContainerOOBMagic) 580 PrintContainerOverflowHint(); 581 ReportErrorSummary(bug_descr, &stack); 582 PrintShadowMemoryForAddress(addr); 583 } 584 585 } // namespace __asan 586
Indexes created Sat Sep 20 22:09:52 GMT 2025