1
//===-- asan_errors.cpp -----------------------------------------*- C++ -*-===//
2
//
3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4
// See https://llvm.org/LICENSE.txt for license information.
5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6
//
7
//===----------------------------------------------------------------------===//
8
//
9
// This file is a part of AddressSanitizer, an address sanity checker.
10
//
11
// ASan implementation for error structures.
12
//===----------------------------------------------------------------------===//
13

14
#include "asan_errors.h"
15
#include "asan_descriptions.h"
16
#include "asan_mapping.h"
17
#include "asan_report.h"
18
#include "asan_stack.h"
19
#include "sanitizer_common/sanitizer_stackdepot.h"
20

21
namespace __asan {
22

23
static void OnStackUnwind(const SignalContext &sig,
24
                          const void *callback_context,
25
                          BufferedStackTrace *stack) {
26
  bool fast = common_flags()->fast_unwind_on_fatal;
27
#if SANITIZER_FREEBSD || SANITIZER_NETBSD
28
  // On FreeBSD the slow unwinding that leverages _Unwind_Backtrace()
29
  // yields the call stack of the signal's handler and not of the code
30
  // that raised the signal (as it does on Linux).
31
  fast = true;
32
#endif
33
  // Tests and maybe some users expect that scariness is going to be printed
34
  // just before the stack. As only asan has scariness score we have no
35
  // corresponding code in the sanitizer_common and we use this callback to
36
  // print it.
37
  static_cast<const ScarinessScoreBase *>(callback_context)->Print();
38
  stack->Unwind(StackTrace::GetNextInstructionPc(sig.pc), sig.bp, sig.context,
39
                fast);
40
}
41

42
void ErrorDeadlySignal::Print() {
43
  ReportDeadlySignal(signal, tid, &OnStackUnwind, &scariness);
44
}
45

46
void ErrorDoubleFree::Print() {
47
  Decorator d;
48
  Printf("%s", d.Error());
49
  Report("ERROR: AddressSanitizer: attempting %s on %p in thread %s:\n",
50
         scariness.GetDescription(), (void *)addr_description.addr,
51
         AsanThreadIdAndName(tid).c_str());
52
  Printf("%s", d.Default());
53
  scariness.Print();
54
  GET_STACK_TRACE_FATAL(second_free_stack->trace[0],
55
                        second_free_stack->top_frame_bp);
56
  stack.Print();
57
  addr_description.Print();
58
  ReportErrorSummary(scariness.GetDescription(), &stack);
59
}
60

61
void ErrorNewDeleteTypeMismatch::Print() {
62
  Decorator d;
63
  Printf("%s", d.Error());
64
  Report("ERROR: AddressSanitizer: %s on %p in thread %s:\n",
65
         scariness.GetDescription(), (void *)addr_description.addr,
66
         AsanThreadIdAndName(tid).c_str());
67
  Printf("%s  object passed to delete has wrong type:\n", d.Default());
68
  if (delete_size != 0) {
69
    Printf(
70
        "  size of the allocated type:   %zd bytes;\n"
71
        "  size of the deallocated type: %zd bytes.\n",
72
        addr_description.chunk_access.chunk_size, delete_size);
73
  }
74
  const uptr user_alignment =
75
      addr_description.chunk_access.user_requested_alignment;
76
  if (delete_alignment != user_alignment) {
77
    char user_alignment_str[32];
78
    char delete_alignment_str[32];
79
    internal_snprintf(user_alignment_str, sizeof(user_alignment_str),
80
                      "%zd bytes", user_alignment);
81
    internal_snprintf(delete_alignment_str, sizeof(delete_alignment_str),
82
                      "%zd bytes", delete_alignment);
83
    static const char *kDefaultAlignment = "default-aligned";
84
    Printf(
85
        "  alignment of the allocated type:   %s;\n"
86
        "  alignment of the deallocated type: %s.\n",
87
        user_alignment > 0 ? user_alignment_str : kDefaultAlignment,
88
        delete_alignment > 0 ? delete_alignment_str : kDefaultAlignment);
89
  }
90
  CHECK_GT(free_stack->size, 0);
91
  scariness.Print();
92
  GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);
93
  stack.Print();
94
  addr_description.Print();
95
  ReportErrorSummary(scariness.GetDescription(), &stack);
96
  Report(
97
      "HINT: if you don't care about these errors you may set "
98
      "ASAN_OPTIONS=new_delete_type_mismatch=0\n");
99
}
100

101
void ErrorFreeNotMalloced::Print() {
102
  Decorator d;
103
  Printf("%s", d.Error());
104
  Report(
105
      "ERROR: AddressSanitizer: attempting free on address "
106
      "which was not malloc()-ed: %p in thread %s\n",
107
      (void *)addr_description.Address(), AsanThreadIdAndName(tid).c_str());
108
  Printf("%s", d.Default());
109
  CHECK_GT(free_stack->size, 0);
110
  scariness.Print();
111
  GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);
112
  stack.Print();
113
  addr_description.Print();
114
  ReportErrorSummary(scariness.GetDescription(), &stack);
115
}
116

117
void ErrorAllocTypeMismatch::Print() {
118
  static const char *alloc_names[] = {"INVALID", "malloc", "operator new",
119
                                      "operator new []"};
120
  static const char *dealloc_names[] = {"INVALID", "free", "operator delete",
121
                                        "operator delete []"};
122
  CHECK_NE(alloc_type, dealloc_type);
123
  Decorator d;
124
  Printf("%s", d.Error());
125
  Report("ERROR: AddressSanitizer: %s (%s vs %s) on %p\n",
126
         scariness.GetDescription(), alloc_names[alloc_type],
127
         dealloc_names[dealloc_type], (void *)addr_description.Address());
128
  Printf("%s", d.Default());
129
  CHECK_GT(dealloc_stack->size, 0);
130
  scariness.Print();
131
  GET_STACK_TRACE_FATAL(dealloc_stack->trace[0], dealloc_stack->top_frame_bp);
132
  stack.Print();
133
  addr_description.Print();
134
  ReportErrorSummary(scariness.GetDescription(), &stack);
135
  Report(
136
      "HINT: if you don't care about these errors you may set "
137
      "ASAN_OPTIONS=alloc_dealloc_mismatch=0\n");
138
}
139

140
void ErrorMallocUsableSizeNotOwned::Print() {
141
  Decorator d;
142
  Printf("%s", d.Error());
143
  Report(
144
      "ERROR: AddressSanitizer: attempting to call malloc_usable_size() for "
145
      "pointer which is not owned: %p\n",
146
      (void *)addr_description.Address());
147
  Printf("%s", d.Default());
148
  stack->Print();
149
  addr_description.Print();
150
  ReportErrorSummary(scariness.GetDescription(), stack);
151
}
152

153
void ErrorSanitizerGetAllocatedSizeNotOwned::Print() {
154
  Decorator d;
155
  Printf("%s", d.Error());
156
  Report(
157
      "ERROR: AddressSanitizer: attempting to call "
158
      "__sanitizer_get_allocated_size() for pointer which is not owned: %p\n",
159
      (void *)addr_description.Address());
160
  Printf("%s", d.Default());
161
  stack->Print();
162
  addr_description.Print();
163
  ReportErrorSummary(scariness.GetDescription(), stack);
164
}
165

166
void ErrorCallocOverflow::Print() {
167
  Decorator d;
168
  Printf("%s", d.Error());
169
  Report(
170
      "ERROR: AddressSanitizer: calloc parameters overflow: count * size "
171
      "(%zd * %zd) cannot be represented in type size_t (thread %s)\n",
172
      count, size, AsanThreadIdAndName(tid).c_str());
173
  Printf("%s", d.Default());
174
  stack->Print();
175
  PrintHintAllocatorCannotReturnNull();
176
  ReportErrorSummary(scariness.GetDescription(), stack);
177
}
178

179
void ErrorReallocArrayOverflow::Print() {
180
  Decorator d;
181
  Printf("%s", d.Error());
182
  Report(
183
      "ERROR: AddressSanitizer: reallocarray parameters overflow: count * size "
184
      "(%zd * %zd) cannot be represented in type size_t (thread %s)\n",
185
      count, size, AsanThreadIdAndName(tid).c_str());
186
  Printf("%s", d.Default());
187
  stack->Print();
188
  PrintHintAllocatorCannotReturnNull();
189
  ReportErrorSummary(scariness.GetDescription(), stack);
190
}
191

192
void ErrorPvallocOverflow::Print() {
193
  Decorator d;
194
  Printf("%s", d.Error());
195
  Report(
196
      "ERROR: AddressSanitizer: pvalloc parameters overflow: size 0x%zx "
197
      "rounded up to system page size 0x%zx cannot be represented in type "
198
      "size_t (thread %s)\n",
199
      size, GetPageSizeCached(), AsanThreadIdAndName(tid).c_str());
200
  Printf("%s", d.Default());
201
  stack->Print();
202
  PrintHintAllocatorCannotReturnNull();
203
  ReportErrorSummary(scariness.GetDescription(), stack);
204
}
205

206
void ErrorInvalidAllocationAlignment::Print() {
207
  Decorator d;
208
  Printf("%s", d.Error());
209
  Report(
210
      "ERROR: AddressSanitizer: invalid allocation alignment: %zd, "
211
      "alignment must be a power of two (thread %s)\n",
212
      alignment, AsanThreadIdAndName(tid).c_str());
213
  Printf("%s", d.Default());
214
  stack->Print();
215
  PrintHintAllocatorCannotReturnNull();
216
  ReportErrorSummary(scariness.GetDescription(), stack);
217
}
218

219
void ErrorInvalidAlignedAllocAlignment::Print() {
220
  Decorator d;
221
  Printf("%s", d.Error());
222
#if SANITIZER_POSIX
223
  Report("ERROR: AddressSanitizer: invalid alignment requested in "
224
         "aligned_alloc: %zd, alignment must be a power of two and the "
225
         "requested size 0x%zx must be a multiple of alignment "
226
         "(thread %s)\n", alignment, size, AsanThreadIdAndName(tid).c_str());
227
#else
228
  Report("ERROR: AddressSanitizer: invalid alignment requested in "
229
         "aligned_alloc: %zd, the requested size 0x%zx must be a multiple of "
230
         "alignment (thread %s)\n", alignment, size,
231
         AsanThreadIdAndName(tid).c_str());
232
#endif
233
  Printf("%s", d.Default());
234
  stack->Print();
235
  PrintHintAllocatorCannotReturnNull();
236
  ReportErrorSummary(scariness.GetDescription(), stack);
237
}
238

239
void ErrorInvalidPosixMemalignAlignment::Print() {
240
  Decorator d;
241
  Printf("%s", d.Error());
242
  Report(
243
      "ERROR: AddressSanitizer: invalid alignment requested in posix_memalign: "
244
      "%zd, alignment must be a power of two and a multiple of sizeof(void*) "
245
      "== %zd (thread %s)\n",
246
      alignment, sizeof(void *), AsanThreadIdAndName(tid).c_str());
247
  Printf("%s", d.Default());
248
  stack->Print();
249
  PrintHintAllocatorCannotReturnNull();
250
  ReportErrorSummary(scariness.GetDescription(), stack);
251
}
252

253
void ErrorAllocationSizeTooBig::Print() {
254
  Decorator d;
255
  Printf("%s", d.Error());
256
  Report(
257
      "ERROR: AddressSanitizer: requested allocation size 0x%zx (0x%zx after "
258
      "adjustments for alignment, red zones etc.) exceeds maximum supported "
259
      "size of 0x%zx (thread %s)\n",
260
      user_size, total_size, max_size, AsanThreadIdAndName(tid).c_str());
261
  Printf("%s", d.Default());
262
  stack->Print();
263
  PrintHintAllocatorCannotReturnNull();
264
  ReportErrorSummary(scariness.GetDescription(), stack);
265
}
266

267
void ErrorRssLimitExceeded::Print() {
268
  Decorator d;
269
  Printf("%s", d.Error());
270
  Report(
271
      "ERROR: AddressSanitizer: specified RSS limit exceeded, currently set to "
272
      "soft_rss_limit_mb=%zd\n", common_flags()->soft_rss_limit_mb);
273
  Printf("%s", d.Default());
274
  stack->Print();
275
  PrintHintAllocatorCannotReturnNull();
276
  ReportErrorSummary(scariness.GetDescription(), stack);
277
}
278

279
void ErrorOutOfMemory::Print() {
280
  Decorator d;
281
  Printf("%s", d.Error());
282
  ERROR_OOM("allocator is trying to allocate 0x%zx bytes\n", requested_size);
283
  Printf("%s", d.Default());
284
  stack->Print();
285
  PrintHintAllocatorCannotReturnNull();
286
  ReportErrorSummary(scariness.GetDescription(), stack);
287
}
288

289
void ErrorStringFunctionMemoryRangesOverlap::Print() {
290
  Decorator d;
291
  char bug_type[100];
292
  internal_snprintf(bug_type, sizeof(bug_type), "%s-param-overlap", function);
293
  Printf("%s", d.Error());
294
  Report(
295
      "ERROR: AddressSanitizer: %s: memory ranges [%p,%p) and [%p, %p) "
296
      "overlap\n",
297
      bug_type, (void *)addr1_description.Address(),
298
      (void *)(addr1_description.Address() + length1),
299
      (void *)addr2_description.Address(),
300
      (void *)(addr2_description.Address() + length2));
301
  Printf("%s", d.Default());
302
  scariness.Print();
303
  stack->Print();
304
  addr1_description.Print();
305
  addr2_description.Print();
306
  ReportErrorSummary(bug_type, stack);
307
}
308

309
void ErrorStringFunctionSizeOverflow::Print() {
310
  Decorator d;
311
  Printf("%s", d.Error());
312
  Report("ERROR: AddressSanitizer: %s: (size=%zd)\n",
313
         scariness.GetDescription(), size);
314
  Printf("%s", d.Default());
315
  scariness.Print();
316
  stack->Print();
317
  addr_description.Print();
318
  ReportErrorSummary(scariness.GetDescription(), stack);
319
}
320

321
void ErrorBadParamsToAnnotateContiguousContainer::Print() {
322
  Report(
323
      "ERROR: AddressSanitizer: bad parameters to "
324
      "__sanitizer_annotate_contiguous_container:\n"
325
      "      beg     : %p\n"
326
      "      end     : %p\n"
327
      "      old_mid : %p\n"
328
      "      new_mid : %p\n",
329
      (void *)beg, (void *)end, (void *)old_mid, (void *)new_mid);
330
  uptr granularity = ASAN_SHADOW_GRANULARITY;
331
  if (!IsAligned(beg, granularity))
332
    Report("ERROR: beg is not aligned by %zu\n", granularity);
333
  stack->Print();
334
  ReportErrorSummary(scariness.GetDescription(), stack);
335
}
336

337
void ErrorBadParamsToAnnotateDoubleEndedContiguousContainer::Print() {
338
  Report(
339
      "ERROR: AddressSanitizer: bad parameters to "
340
      "__sanitizer_annotate_double_ended_contiguous_container:\n"
341
      "      storage_beg        : %p\n"
342
      "      storage_end        : %p\n"
343
      "      old_container_beg  : %p\n"
344
      "      old_container_end  : %p\n"
345
      "      new_container_beg  : %p\n"
346
      "      new_container_end  : %p\n",
347
      (void *)storage_beg, (void *)storage_end, (void *)old_container_beg,
348
      (void *)old_container_end, (void *)new_container_beg,
349
      (void *)new_container_end);
350
  uptr granularity = ASAN_SHADOW_GRANULARITY;
351
  if (!IsAligned(storage_beg, granularity))
352
    Report("ERROR: storage_beg is not aligned by %zu\n", granularity);
353
  stack->Print();
354
  ReportErrorSummary(scariness.GetDescription(), stack);
355
}
356

357
void ErrorODRViolation::Print() {
358
  Decorator d;
359
  Printf("%s", d.Error());
360
  Report("ERROR: AddressSanitizer: %s (%p):\n", scariness.GetDescription(),
361
         (void *)global1.beg);
362
  Printf("%s", d.Default());
363
  InternalScopedString g1_loc;
364
  InternalScopedString g2_loc;
365
  PrintGlobalLocation(&g1_loc, global1, /*print_module_name=*/true);
366
  PrintGlobalLocation(&g2_loc, global2, /*print_module_name=*/true);
367
  Printf("  [1] size=%zd '%s' %s\n", global1.size,
368
         MaybeDemangleGlobalName(global1.name), g1_loc.data());
369
  Printf("  [2] size=%zd '%s' %s\n", global2.size,
370
         MaybeDemangleGlobalName(global2.name), g2_loc.data());
371
  if (stack_id1 && stack_id2) {
372
    Printf("These globals were registered at these points:\n");
373
    Printf("  [1]:\n");
374
    StackDepotGet(stack_id1).Print();
375
    Printf("  [2]:\n");
376
    StackDepotGet(stack_id2).Print();
377
  }
378
  Report(
379
      "HINT: if you don't care about these errors you may set "
380
      "ASAN_OPTIONS=detect_odr_violation=0\n");
381
  InternalScopedString error_msg;
382
  error_msg.AppendF("%s: global '%s' at %s", scariness.GetDescription(),
383
                    MaybeDemangleGlobalName(global1.name), g1_loc.data());
384
  ReportErrorSummary(error_msg.data());
385
}
386

387
void ErrorInvalidPointerPair::Print() {
388
  Decorator d;
389
  Printf("%s", d.Error());
390
  Report("ERROR: AddressSanitizer: %s: %p %p\n", scariness.GetDescription(),
391
         (void *)addr1_description.Address(),
392
         (void *)addr2_description.Address());
393
  Printf("%s", d.Default());
394
  GET_STACK_TRACE_FATAL(pc, bp);
395
  stack.Print();
396
  addr1_description.Print();
397
  addr2_description.Print();
398
  ReportErrorSummary(scariness.GetDescription(), &stack);
399
}
400

401
static bool AdjacentShadowValuesAreFullyPoisoned(u8 *s) {
402
  return s[-1] > 127 && s[1] > 127;
403
}
404

405
ErrorGeneric::ErrorGeneric(u32 tid, uptr pc_, uptr bp_, uptr sp_, uptr addr,
406
                           bool is_write_, uptr access_size_)
407
    : ErrorBase(tid),
408
      addr_description(addr, access_size_, /*shouldLockThreadRegistry=*/false),
409
      pc(pc_),
410
      bp(bp_),
411
      sp(sp_),
412
      access_size(access_size_),
413
      is_write(is_write_),
414
      shadow_val(0) {
415
  scariness.Clear();
416
  if (access_size) {
417
    if (access_size <= 9) {
418
      char desr[] = "?-byte";
419
      desr[0] = '0' + access_size;
420
      scariness.Scare(access_size + access_size / 2, desr);
421
    } else if (access_size >= 10) {
422
      scariness.Scare(15, "multi-byte");
423
    }
424
    is_write ? scariness.Scare(20, "write") : scariness.Scare(1, "read");
425

426
    // Determine the error type.
427
    bug_descr = "unknown-crash";
428
    if (AddrIsInMem(addr)) {
429
      u8 *shadow_addr = (u8 *)MemToShadow(addr);
430
      // If we are accessing 16 bytes, look at the second shadow byte.
431
      if (*shadow_addr == 0 && access_size > ASAN_SHADOW_GRANULARITY)
432
        shadow_addr++;
433
      // If we are in the partial right redzone, look at the next shadow byte.
434
      if (*shadow_addr > 0 && *shadow_addr < 128) shadow_addr++;
435
      bool far_from_bounds = false;
436
      shadow_val = *shadow_addr;
437
      int bug_type_score = 0;
438
      // For use-after-frees reads are almost as bad as writes.
439
      int read_after_free_bonus = 0;
440
      switch (shadow_val) {
441
        case kAsanHeapLeftRedzoneMagic:
442
        case kAsanArrayCookieMagic:
443
          bug_descr = "heap-buffer-overflow";
444
          bug_type_score = 10;
445
          far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
446
          break;
447
        case kAsanHeapFreeMagic:
448
          bug_descr = "heap-use-after-free";
449
          bug_type_score = 20;
450
          if (!is_write) read_after_free_bonus = 18;
451
          break;
452
        case kAsanStackLeftRedzoneMagic:
453
          bug_descr = "stack-buffer-underflow";
454
          bug_type_score = 25;
455
          far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
456
          break;
457
        case kAsanInitializationOrderMagic:
458
          bug_descr = "initialization-order-fiasco";
459
          bug_type_score = 1;
460
          break;
461
        case kAsanStackMidRedzoneMagic:
462
        case kAsanStackRightRedzoneMagic:
463
          bug_descr = "stack-buffer-overflow";
464
          bug_type_score = 25;
465
          far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
466
          break;
467
        case kAsanStackAfterReturnMagic:
468
          bug_descr = "stack-use-after-return";
469
          bug_type_score = 30;
470
          if (!is_write) read_after_free_bonus = 18;
471
          break;
472
        case kAsanUserPoisonedMemoryMagic:
473
          bug_descr = "use-after-poison";
474
          bug_type_score = 20;
475
          break;
476
        case kAsanContiguousContainerOOBMagic:
477
          bug_descr = "container-overflow";
478
          bug_type_score = 10;
479
          break;
480
        case kAsanStackUseAfterScopeMagic:
481
          bug_descr = "stack-use-after-scope";
482
          bug_type_score = 10;
483
          break;
484
        case kAsanGlobalRedzoneMagic:
485
          bug_descr = "global-buffer-overflow";
486
          bug_type_score = 10;
487
          far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
488
          break;
489
        case kAsanIntraObjectRedzone:
490
          bug_descr = "intra-object-overflow";
491
          bug_type_score = 10;
492
          break;
493
        case kAsanAllocaLeftMagic:
494
        case kAsanAllocaRightMagic:
495
          bug_descr = "dynamic-stack-buffer-overflow";
496
          bug_type_score = 25;
497
          far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
498
          break;
499
      }
500
      scariness.Scare(bug_type_score + read_after_free_bonus, bug_descr);
501
      if (far_from_bounds) scariness.Scare(10, "far-from-bounds");
502
    }
503
  }
504
}
505

506
static void PrintContainerOverflowHint() {
507
  Printf("HINT: if you don't care about these errors you may set "
508
         "ASAN_OPTIONS=detect_container_overflow=0.\n"
509
         "If you suspect a false positive see also: "
510
         "https://github.com/google/sanitizers/wiki/"
511
         "AddressSanitizerContainerOverflow.\n");
512
}
513

514
static void PrintShadowByte(InternalScopedString *str, const char *before,
515
    u8 byte, const char *after = "\n") {
516
  PrintMemoryByte(str, before, byte, /*in_shadow*/true, after);
517
}
518

519
static void PrintLegend(InternalScopedString *str) {
520
  str->AppendF(
521
      "Shadow byte legend (one shadow byte represents %d "
522
      "application bytes):\n",
523
      (int)ASAN_SHADOW_GRANULARITY);
524
  PrintShadowByte(str, "  Addressable:           ", 0);
525
  str->AppendF("  Partially addressable: ");
526
  for (u8 i = 1; i < ASAN_SHADOW_GRANULARITY; i++)
527
    PrintShadowByte(str, "", i, " ");
528
  str->AppendF("\n");
529
  PrintShadowByte(str, "  Heap left redzone:       ",
530
                  kAsanHeapLeftRedzoneMagic);
531
  PrintShadowByte(str, "  Freed heap region:       ", kAsanHeapFreeMagic);
532
  PrintShadowByte(str, "  Stack left redzone:      ",
533
                  kAsanStackLeftRedzoneMagic);
534
  PrintShadowByte(str, "  Stack mid redzone:       ",
535
                  kAsanStackMidRedzoneMagic);
536
  PrintShadowByte(str, "  Stack right redzone:     ",
537
                  kAsanStackRightRedzoneMagic);
538
  PrintShadowByte(str, "  Stack after return:      ",
539
                  kAsanStackAfterReturnMagic);
540
  PrintShadowByte(str, "  Stack use after scope:   ",
541
                  kAsanStackUseAfterScopeMagic);
542
  PrintShadowByte(str, "  Global redzone:          ", kAsanGlobalRedzoneMagic);
543
  PrintShadowByte(str, "  Global init order:       ",
544
                  kAsanInitializationOrderMagic);
545
  PrintShadowByte(str, "  Poisoned by user:        ",
546
                  kAsanUserPoisonedMemoryMagic);
547
  PrintShadowByte(str, "  Container overflow:      ",
548
                  kAsanContiguousContainerOOBMagic);
549
  PrintShadowByte(str, "  Array cookie:            ",
550
                  kAsanArrayCookieMagic);
551
  PrintShadowByte(str, "  Intra object redzone:    ",
552
                  kAsanIntraObjectRedzone);
553
  PrintShadowByte(str, "  ASan internal:           ", kAsanInternalHeapMagic);
554
  PrintShadowByte(str, "  Left alloca redzone:     ", kAsanAllocaLeftMagic);
555
  PrintShadowByte(str, "  Right alloca redzone:    ", kAsanAllocaRightMagic);
556
}
557

558
static void PrintShadowBytes(InternalScopedString *str, const char *before,
559
                             u8 *bytes, u8 *guilty, uptr n) {
560
  Decorator d;
561
  if (before)
562
    str->AppendF("%s%p:", before,
563
                 (void *)ShadowToMem(reinterpret_cast<uptr>(bytes)));
564
  for (uptr i = 0; i < n; i++) {
565
    u8 *p = bytes + i;
566
    const char *before =
567
        p == guilty ? "[" : (p - 1 == guilty && i != 0) ? "" : " ";
568
    const char *after = p == guilty ? "]" : "";
569
    PrintShadowByte(str, before, *p, after);
570
  }
571
  str->AppendF("\n");
572
}
573

574
static void PrintShadowMemoryForAddress(uptr addr) {
575
  if (!AddrIsInMem(addr)) return;
576
  uptr shadow_addr = MemToShadow(addr);
577
  const uptr n_bytes_per_row = 16;
578
  uptr aligned_shadow = shadow_addr & ~(n_bytes_per_row - 1);
579
  InternalScopedString str;
580
  str.AppendF("Shadow bytes around the buggy address:\n");
581
  for (int i = -5; i <= 5; i++) {
582
    uptr row_shadow_addr = aligned_shadow + i * n_bytes_per_row;
583
    // Skip rows that would be outside the shadow range. This can happen when
584
    // the user address is near the bottom, top, or shadow gap of the address
585
    // space.
586
    if (!AddrIsInShadow(row_shadow_addr)) continue;
587
    const char *prefix = (i == 0) ? "=>" : "  ";
588
    PrintShadowBytes(&str, prefix, (u8 *)row_shadow_addr, (u8 *)shadow_addr,
589
                     n_bytes_per_row);
590
  }
591
  if (flags()->print_legend) PrintLegend(&str);
592
  Printf("%s", str.data());
593
}
594

595
void ErrorGeneric::Print() {
596
  Decorator d;
597
  Printf("%s", d.Error());
598
  uptr addr = addr_description.Address();
599
  Report("ERROR: AddressSanitizer: %s on address %p at pc %p bp %p sp %p\n",
600
         bug_descr, (void *)addr, (void *)pc, (void *)bp, (void *)sp);
601
  Printf("%s", d.Default());
602

603
  Printf("%s%s of size %zu at %p thread %s%s\n", d.Access(),
604
         access_size ? (is_write ? "WRITE" : "READ") : "ACCESS", access_size,
605
         (void *)addr, AsanThreadIdAndName(tid).c_str(), d.Default());
606

607
  scariness.Print();
608
  GET_STACK_TRACE_FATAL(pc, bp);
609
  stack.Print();
610

611
  // Pass bug_descr because we have a special case for
612
  // initialization-order-fiasco
613
  addr_description.Print(bug_descr);
614
  if (shadow_val == kAsanContiguousContainerOOBMagic)
615
    PrintContainerOverflowHint();
616
  ReportErrorSummary(bug_descr, &stack);
617
  PrintShadowMemoryForAddress(addr);
618
}
619

620
}  // namespace __asan
621

622