You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
C:\Temp>type repro.cpp
#include <iostream>
#include <string>
int main()
{
std::string fontName = "ui/font/test.ttf";
int nFindPos = (int)fontName.rfind("/");
fontName = &fontName[nFindPos + 1];
}
C:\Temp>cl /EHsc /W4 /WX /std:c++latest /fsanitize=address /Zi .\repro.cpp
Microsoft (R) C/C++ Optimizing Compiler Version 19.37.32822 for x64
Copyright (C) Microsoft Corporation. All rights reserved.
/std:c++latest is provided as a preview of language features from the latest C++
working draft, and we're eager to hear about bugs and suggestions for improvements.
However, note that these features are provided as-is without support, and subject
to changes or removal as the working draft evolves. See
https://go.microsoft.com/fwlink/?linkid=2045807 for details.
repro.cpp
Microsoft (R) Incremental Linker Version 14.37.32822.0
Copyright (C) Microsoft Corporation. All rights reserved.
/out:repro.exe
/InferAsanLibs
/debug
repro.obj
C:\Temp>.\repro.exe
=================================================================
==11212==ERROR: AddressSanitizer: container-overflow on address 0x124a920a0949 at pc 0x7ffcdc4714bb bp 0x00939796f490 sp 0x00939796ec20
READ of size 8 at 0x124a920a0949 thread T0
#0 0x7ffcdc4714ba in __asan_wrap_memcpy D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:840
#1 0x7ff7a0835936 in std::_Char_traits<char, int>::move(char *const, char const *const, unsigned __int64) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\xstring:119
#2 0x7ff7a0834e2b in std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::assign(char const *const, unsigned __int64) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\xstring:3380
#3 0x7ff7a0834bd1 in std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::assign(char const *const) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\xstring:3395
#4 0x7ff7a083311c in std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::operator=(char const *const) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\xstring:3204
#5 0x7ff7a0831133 in main D:\tmp\asan\repro.cpp:8
#6 0x7ff7a08388bb in invoke_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
#7 0x7ff7a08388bb in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
#8 0x7ffd47457613 (C:\WINDOWS\System32\KERNEL32.DLL+0x180017613)
#9 0x7ffd48c826b0 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x1800526b0)
0x124a920a0949 is located 9 bytes inside of 32-byte region [0x124a920a0940,0x124a920a0960)
allocated by thread T0 here:
#0 0x7ff7a08382e5 in operator new(unsigned __int64) D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\asan\asan_win_new_scalar_thunk.cpp:40
#1 0x7ff7a0833712 in std::_Default_allocate_traits::_Allocate(unsigned __int64) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\xmemory:87
#2 0x7ff7a08311fd in std::_Allocate<16, struct std::_Default_allocate_traits, 0>(unsigned __int64) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\xmemory:245
#3 0x7ff7a08349bf in std::allocator<char>::allocate(unsigned __int64) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\xmemory:974
#4 0x7ff7a08316e2 in std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::_Construct<1, char const *>(char const *const, unsigned __int64) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\xstring:2652
#5 0x7ff7a0832b2b in std::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>::basic_string<char, struct std::char_traits<char>, class std::allocator<char>>(char const *const) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\xstring:2540
#6 0x7ff7a08310ee in main D:\tmp\asan\repro.cpp:6
#7 0x7ff7a08388bb in invoke_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
#8 0x7ff7a08388bb in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
#9 0x7ffd47457613 (C:\WINDOWS\System32\KERNEL32.DLL+0x180017613)
#10 0x7ffd48c826b0 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x1800526b0)
HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0.
If you suspect a false positive see also: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow.
SUMMARY: AddressSanitizer: container-overflow D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:840 in __asan_wrap_memcpy
Shadow bytes around the buggy address:
0x048de44940d0: 06 fa fa fa 00 00 00 01 fa fa 00 00 00 03 fa fa
0x048de44940e0: 00 00 07 fa fa fa 00 00 00 03 fa fa 00 00 00 01
0x048de44940f0: fa fa 00 00 00 03 fa fa 00 00 00 fa fa fa 00 00
0x048de4494100: 07 fa fa fa 00 00 01 fa fa fa 00 00 02 fa fa fa
0x048de4494110: 00 00 00 00 fa fa 00 00 02 fa fa fa 00 00 05 fa
=>0x048de4494120: fa fa 00 00 00 06 fa fa 00[01]fc fc fa fa fd fd
0x048de4494130: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
0x048de4494140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x048de4494150: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x048de4494160: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x048de4494170: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==11212==ABORTING
Expected behavior
ASAN should not report container-overflow in this case.
STL version
Microsoft Visual Studio Community 2022
Version 17.7.0
Additional context
Cause
fontName = &fontName[nFindPos + 1]; call assign method in <xstring>
The text was updated successfully, but these errors were encountered:
zlsun
changed the title
<xstring>: ASAN report container-overflow in a legal case<xstring>: ASAN report container-overflow in a legal case
Aug 12, 2023
Describe the bug
ASAN report
container-overflow
in a legal case.Command-line test case
Expected behavior
ASAN should not report
container-overflow
in this case.STL version
Additional context
Cause
fontName = &fontName[nFindPos + 1];
callassign
method in<xstring>
STL/stl/inc/xstring
Lines 3370 to 3381 in 8674b3d
_ASAN_STRING_MODIFY
shrink the valid range ofstring fontName
Then
_Traits::move
copy chars from invalid range.This code is introduced in #3164
Original source code
The example code is copy from https://github.com/cocos2d/cocos2d-x/blob/76903dee64046c7bfdba50790be283484b4be271/cocos/platform/win32/CCDevice-win32.cpp#L115-L119
This is VSO-1854245 / AB#1854245.
The text was updated successfully, but these errors were encountered: