ASAN should point out when it crashes on an address that looks like unitialized memory |
||||||
Issue descriptionAs requested by brucedawson@ in crbug.com/897872#c34 The meaning of 0xBEBEBEBE... should be front-and-center. That is, if crbug.com/901847 is addressed so that we know the actual address then asan could actually say, in its summary "This address looks like uninitialized memory", or "unfreed memory", or whatever other magic types there are. Looking it up in the documentation doesn't scale well.
,
Nov 5
,
Nov 5
rnk@ do you think this is worth doing and what do you think of doing this in ASAN? Or do you think it is something that should be done in ClusterFuzz
,
Nov 5
,
Nov 5
One significant complicating factor is that for 64-bit processes the address will not be available. On Windows it will be reported as 2^64-1 and (apparently) on Linux it will be reported as zero. In order to figure out the address you (seriously) need to decode the instruction and look at the registers. This has been done, but it's not trivial: https://twitter.com/TedMielczarek/status/1058526486414721025 The second best thing which is much simpler is to go: if (ex->ExceptionAddress == 0xFFFFFFFFFFFFFFFF) printf("p was possibly -1, but ¯\_(ツ)_/¯\n"); else printf("p was 0x%p\n", ex->ExceptionAddress); https://twitter.com/BruceDawson0xB/status/1058503844462649344 That is, encode the fact that 0xFFFFFFFFFFFFFFFF doesn't mean that address was involved. It just means a non-canonical address was involved.
,
Nov 5
This seems like it would be a cross-platform improvement, so I'll redirect the suggestion to Kostya and Evgenii.
,
Nov 6
Other options would be for asan to handle this. That is, if asan is instrumenting every memory access then it could detect when addresses are >= 2^47 and handle them differently, some how.
,
Jan 11
Available, but no owner or component? Please find a component, as no one will ever find this without one. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by metzman@chromium.org
, Nov 5