similar to: [Bug 13112] New: receive_xattr heap overread with non null terminated name and xattr filter

https://bugzilla.samba.org/show_bug.cgi?id=13113 Bug ID: 13113 Summary: receive_xattr heap overflow when prepending RSYNC_PREFIX Product: rsync Version: 3.1.3 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: core Assignee: wayned

https://bugzilla.samba.org/show_bug.cgi?id=13105 Bug ID: 13105 Summary: 1byte heap overflow in sanitize_path Product: rsync Version: 3.1.3 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: core Assignee: wayned at samba.org Reporter:

On Thu, Nov 12, 2015 at 8:42 PM, Kostya Serebryany <kcc at google.com> wrote: > 2 questions: > - Do you see this with the fresh llvm trunk? > - Can you prepare a minimized example? Pretty recent, I updated a couple days ago. I tried to minimize the attached but at the same time I didn't want to lose too many unions and casts in case it didn't trigger any more. $ clang

Hi I am using SanitizerCoverage feature supported by clang to get the basicblock coverage. my tested binaries are spec cpu2006. I compiled the binary with the option COPTIMIZE = -O0 -fsanitize=address -fsanitize-coverage=bb -flto -fno-strict-aliasing -std=gnu89 -gdwarf-3 After the compiling process is end. I run the 400.perlbench. with the command ASAN_OPTIONS=coverage=1 ./perlbench.

Kostya, all, I'm trying to build my project by clang 3.8rc1 with enabled asan (clang itself is address sanitized) and it fails on several files from my project (ISPC, https://github.com/ispc/ispc). I've reproduced this on MacOS and Linux. Please let me know if you need any other info. How to reproduce: 1) Build address sanitized clang 3.8rc1: cd /path-to-working-dir svn co

Hi If so, is it able to disable this check. All I need is just to get the BB coverage information Regards Muhui Alexander Potapenko <glider at google.com>于2018年9月5日 周三下午6:57写道： > This is a known problem in SPECCPU2006, see > https://github.com/google/sanitizers/wiki/AddressSanitizerFoundBugs > On Wed, Sep 5, 2018 at 7:36 AM Muhui Jiang via llvm-dev > <llvm-dev at

Hi Alex Thanks for your email. But it seems not work. I removed the -fsanitize=address flag. The global buffer overflow message doesn't show. However, no *.sancov file is created after I run perlbench. Thus, I could not get the BB coverage. Do you have any ideas? Many Thanks Regards Muhui Alexander Potapenko <glider at google.com> 于2018年9月5日周三 下午7:14写道： > Hi Muhui, > > If

> On Mar 24, 2016, at 1:55 PM, Mehdi Amini <mehdi.amini at apple.com> wrote: > >> One more, just for fun: Inter-procedural stack allocation. That is of calls bar, bar needs 4 bytes of stack space. Instead of bar allocating 4 bytes, it adds an attribute to itself, then foo allocates 4 bytes of space at the bottom of the stack for bar to use. > > This is something that

I've finished my initial set of patches to make 32-byte shadow granularity work on x86. Here is a summary of the changes from last week: - As discussed, I added a full redzone after every stack variable. - We discussed adding a -fsanitize-address-granularity=N flag, but I found the following existing flag has been sufficient for my purposes: -asan-mapping-scale N. If anyone thinks I

The security.evm extended attribute is fully owned by the Linux kernel and cannot be directly written from userspace. Therefore, we can always skip it. --- xattrs.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/xattrs.c b/xattrs.c index b105392..3b72e61 100644 --- a/xattrs.c +++ b/xattrs.c @@ -255,6 +255,9 @@ static int rsync_xal_get(const char *fname,

https://bugzilla.samba.org/show_bug.cgi?id=12568 Bug ID: 12568 Summary: Integer overflow still affects xattrs.c Product: rsync Version: 3.1.2 Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: core Assignee: wayned at samba.org Reporter:

https://bugzilla.netfilter.org/show_bug.cgi?id=1432 Bug ID: 1432 Summary: ebtables ebtables-2.0.11 buffer overflow on getting kernel data ( ebtables compiled with address sanitizer) Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status:

+ more asan folks, please CC them to the code reviews. Also please make sure llvm-commits is CC-ed (cfe-commits for clang changes) On Tue, Oct 31, 2017 at 2:29 PM, Walter Lee <waltl at google.com> wrote: > I've prepared a preliminary set of patches that makes ASan work with > 32-byte shadow granularity, and I would like to get some feedback on > those patches as well as my

This simple patch makes asan compile for mips (tested on mips32r2el). The following test code: int main() { char *x = (char*)malloc(10 * sizeof(char*)); free(x); return x[5]; } leads to the following output at runtime: ================================================================= ==267== ERROR: AddressSanitizer: heap-use-after-free on address 0x77900fd5 at pc 0x409e1c bp 0x7fb781d8 sp

On Mon, Apr 23, 2018 at 08:06:16PM -0400, Mikulas Patocka wrote: > Some bugs (such as buffer overflows) are better detected > with kmalloc code, so we must test the kmalloc path too. Well now, this brings up another item for the collective TODO list -- implement redzone checks for vmalloc. Unless this is something already taken care of by kasan or similar.

On Mon, Apr 23, 2018 at 08:06:16PM -0400, Mikulas Patocka wrote: > Some bugs (such as buffer overflows) are better detected > with kmalloc code, so we must test the kmalloc path too. Well now, this brings up another item for the collective TODO list -- implement redzone checks for vmalloc. Unless this is something already taken care of by kasan or similar.

On Tue, Apr 24, 2018 at 08:29:14AM -0400, Mikulas Patocka wrote: > > > On Mon, 23 Apr 2018, Matthew Wilcox wrote: > > > On Mon, Apr 23, 2018 at 08:06:16PM -0400, Mikulas Patocka wrote: > > > Some bugs (such as buffer overflows) are better detected > > > with kmalloc code, so we must test the kmalloc path too. > > > > Well now, this brings up

On Tue, Apr 24, 2018 at 08:29:14AM -0400, Mikulas Patocka wrote: > > > On Mon, 23 Apr 2018, Matthew Wilcox wrote: > > > On Mon, Apr 23, 2018 at 08:06:16PM -0400, Mikulas Patocka wrote: > > > Some bugs (such as buffer overflows) are better detected > > > with kmalloc code, so we must test the kmalloc path too. > > > > Well now, this brings up

Offset 128 overlaps the last word of the redzone. Use 132 which is always beyond that. Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- tools/virtio/ringtest/main.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/virtio/ringtest/main.h b/tools/virtio/ringtest/main.h index 593a328..301d59b 100644 --- a/tools/virtio/ringtest/main.h +++

Offset 128 overlaps the last word of the redzone. Use 132 which is always beyond that. Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- tools/virtio/ringtest/main.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/virtio/ringtest/main.h b/tools/virtio/ringtest/main.h index 593a328..301d59b 100644 --- a/tools/virtio/ringtest/main.h +++