doylet/ASANManualPoisoning
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add comments from <sanitizer/asan_interface.h>

Browse Source
This commit is contained in:
doyle 2023-08-28 23:27:57 +10:00
parent 8313605872
commit a450f820d9
2 changed files with 45 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
asan_example.cpp
View File

@ -84,8 +84,26 @@ int main()
"## Overview\n" "## Overview\n"
"\n" "\n"
"ASAN provides a way to manually markup ranges of bytes to\n" "ASAN provides a way to manually markup ranges of bytes to\n"
"prohibit or permit reads to those addresses. There's a short\n" "prohibit or permit reads to those addresses. In\n"
"foot-note in Google's " "`<sanitizer/asan_interface.h> there's a brief mention for the poison\n"
"and unpoison API respectively:`\n"
"\n"
"```cpp\n"
"/// ... This function is not guaranteed to poison the entire region -\n"
"/// it could poison only a subregion of <c>[addr, addr+size)</c> due to ASan\n"
"/// alignment restrictions.\n"
"void __asan_poison_memory_region(void const volatile *addr, size_t size);\n"
"```\n"
"\n"
"and:\n"
"\n"
"```cpp\n"
"/// This function could unpoison a super-region of <c>[addr, addr+size)</c> due\n"
"/// to ASan alignment restrictions.\n"
"void __asan_unpoison_memory_region(void const volatile *addr, size_t size);\n"
"```\n"
"\n"
"There's another brief foot-note in Google's "
"[AddressSanitizerManualPoisoning](https://github.com/google/" "[AddressSanitizerManualPoisoning](https://github.com/google/"
"sanitizers/wiki/AddressSanitizerManualPoisoning)\n" "sanitizers/wiki/AddressSanitizerManualPoisoning)\n"
"documentation that states:\n" "documentation that states:\n"
@ -97,8 +115,8 @@ int main()
"chunks should start with 8-aligned addresses.\n" "chunks should start with 8-aligned addresses.\n"
"```\n" "```\n"
"\n" "\n"
"This repository runs some simple tests to clarify the behaviour of\n" "So then this repository runs some simple tests to clarify the behaviour\n"
"the API on un/aligned addresses at various sizes without having\n" "of the API on un/aligned addresses at various sizes without having\n"
"to dig into source code or read the [ASAN paper](https://static." "to dig into source code or read the [ASAN paper](https://static."
"googleusercontent.com/media/research.google.com/en/pubs/archive/" "googleusercontent.com/media/research.google.com/en/pubs/archive/"
"37752.pdf).\n" "37752.pdf).\n"

28
readme.md
View File

@ -25,8 +25,26 @@ marked-up memory that may lead to undetected read/writes.
## Overview ## Overview
ASAN provides a way to manually markup ranges of bytes to ASAN provides a way to manually markup ranges of bytes to
prohibit or permit reads to those addresses. There's a short prohibit or permit reads to those addresses. In
foot-note in Google's [AddressSanitizerManualPoisoning](https://github.com/google/sanitizers/wiki/AddressSanitizerManualPoisoning) `<sanitizer/asan_interface.h> there's a brief mention for the poison
and unpoison API respectively:`
```cpp
/// ... This function is not guaranteed to poison the entire region -
/// it could poison only a subregion of <c>[addr, addr+size)</c> due to ASan
/// alignment restrictions.
void __asan_poison_memory_region(void const volatile *addr, size_t size);
```
and:
```cpp
/// This function could unpoison a super-region of <c>[addr, addr+size)</c> due
/// to ASan alignment restrictions.
void __asan_unpoison_memory_region(void const volatile *addr, size_t size);
```
There's another brief foot-note in Google's [AddressSanitizerManualPoisoning](https://github.com/google/sanitizers/wiki/AddressSanitizerManualPoisoning)
documentation that states: documentation that states:
``` ```
@ -36,8 +54,8 @@ of memory leaving poisoned redzones between them. The allocated
chunks should start with 8-aligned addresses. chunks should start with 8-aligned addresses.
``` ```
This repository runs some simple tests to clarify the behaviour of So then this repository runs some simple tests to clarify the behaviour
the API on un/aligned addresses at various sizes without having of the API on un/aligned addresses at various sizes without having
to dig into source code or read the [ASAN paper](https://static.googleusercontent.com/media/research.google.com/en/pubs/archive/37752.pdf). to dig into source code or read the [ASAN paper](https://static.googleusercontent.com/media/research.google.com/en/pubs/archive/37752.pdf).
We use a stack-allocated 16 byte array and test un/poisoning We use a stack-allocated 16 byte array and test un/poisoning
@ -50,7 +68,7 @@ poisoned memory and hide potential leaks (as also demonstrated in
## References ## References
- [Manual ASAN poisoning and alignment](https://github.com/mcgov/asan_alignment_example) example by `mcgov` - [Manual ASAN poisoning and alignment](https://github.com/mcgov/asan_alignment_example) example by `mcgov`
- [Address Sanitizer: A Fast Address Sanity Checker](https://static.googleusercontent.com/media/research.google.com/en/pubs/archive/37752.pdf) - [Address Sanitizer: A Fast Address Sanity Checker](https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf)
- [sanitizer/asan_interface.h](https://github.com/llvm-mirror/compiler-rt/blob/master/include/sanitizer/asan_interface.h) - [sanitizer/asan_interface.h](https://github.com/llvm-mirror/compiler-rt/blob/master/include/sanitizer/asan_interface.h)
## Raw Test Results ## Raw Test Results