1 //===-- asan_errors.cc ------------------------------------------*- C++ -*-===//
2 //
3 // This file is distributed under the University of Illinois Open Source
4 // License. See LICENSE.TXT for details.
5 //
6 //===----------------------------------------------------------------------===//
7 //
8 // This file is a part of AddressSanitizer, an address sanity checker.
9 //
10 // ASan implementation for error structures.
11 //===----------------------------------------------------------------------===//
12
13 #include "asan_errors.h"
14 #include "asan_descriptions.h"
15 #include "asan_mapping.h"
16 #include "asan_report.h"
17 #include "asan_stack.h"
18 #include "sanitizer_common/sanitizer_stackdepot.h"
19
20 namespace __asan {
21
OnStackUnwind(const SignalContext & sig,const void * callback_context,BufferedStackTrace * stack)22 static void OnStackUnwind(const SignalContext &sig,
23 const void *callback_context,
24 BufferedStackTrace *stack) {
25 bool fast = common_flags()->fast_unwind_on_fatal;
26 #if SANITIZER_FREEBSD || SANITIZER_NETBSD
27 // On FreeBSD the slow unwinding that leverages _Unwind_Backtrace()
28 // yields the call stack of the signal's handler and not of the code
29 // that raised the signal (as it does on Linux).
30 fast = true;
31 #endif
32 // Tests and maybe some users expect that scariness is going to be printed
33 // just before the stack. As only asan has scariness score we have no
34 // corresponding code in the sanitizer_common and we use this callback to
35 // print it.
36 static_cast<const ScarinessScoreBase *>(callback_context)->Print();
37 GetStackTrace(stack, kStackTraceMax, sig.pc, sig.bp, sig.context, fast);
38 }
39
Print()40 void ErrorDeadlySignal::Print() {
41 ReportDeadlySignal(signal, tid, &OnStackUnwind, &scariness);
42 }
43
Print()44 void ErrorDoubleFree::Print() {
45 Decorator d;
46 Printf("%s", d.Error());
47 Report(
48 "ERROR: AddressSanitizer: attempting %s on %p in thread %s:\n",
49 scariness.GetDescription(), addr_description.addr,
50 AsanThreadIdAndName(tid).c_str());
51 Printf("%s", d.Default());
52 scariness.Print();
53 GET_STACK_TRACE_FATAL(second_free_stack->trace[0],
54 second_free_stack->top_frame_bp);
55 stack.Print();
56 addr_description.Print();
57 ReportErrorSummary(scariness.GetDescription(), &stack);
58 }
59
Print()60 void ErrorNewDeleteTypeMismatch::Print() {
61 Decorator d;
62 Printf("%s", d.Error());
63 Report(
64 "ERROR: AddressSanitizer: %s on %p in thread %s:\n",
65 scariness.GetDescription(), addr_description.addr,
66 AsanThreadIdAndName(tid).c_str());
67 Printf("%s object passed to delete has wrong type:\n", d.Default());
68 if (delete_size != 0) {
69 Printf(
70 " size of the allocated type: %zd bytes;\n"
71 " size of the deallocated type: %zd bytes.\n",
72 addr_description.chunk_access.chunk_size, delete_size);
73 }
74 const uptr user_alignment =
75 addr_description.chunk_access.user_requested_alignment;
76 if (delete_alignment != user_alignment) {
77 char user_alignment_str[32];
78 char delete_alignment_str[32];
79 internal_snprintf(user_alignment_str, sizeof(user_alignment_str),
80 "%zd bytes", user_alignment);
81 internal_snprintf(delete_alignment_str, sizeof(delete_alignment_str),
82 "%zd bytes", delete_alignment);
83 static const char *kDefaultAlignment = "default-aligned";
84 Printf(
85 " alignment of the allocated type: %s;\n"
86 " alignment of the deallocated type: %s.\n",
87 user_alignment > 0 ? user_alignment_str : kDefaultAlignment,
88 delete_alignment > 0 ? delete_alignment_str : kDefaultAlignment);
89 }
90 CHECK_GT(free_stack->size, 0);
91 scariness.Print();
92 GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);
93 stack.Print();
94 addr_description.Print();
95 ReportErrorSummary(scariness.GetDescription(), &stack);
96 Report(
97 "HINT: if you don't care about these errors you may set "
98 "ASAN_OPTIONS=new_delete_type_mismatch=0\n");
99 }
100
Print()101 void ErrorFreeNotMalloced::Print() {
102 Decorator d;
103 Printf("%s", d.Error());
104 Report(
105 "ERROR: AddressSanitizer: attempting free on address "
106 "which was not malloc()-ed: %p in thread %s\n",
107 addr_description.Address(), AsanThreadIdAndName(tid).c_str());
108 Printf("%s", d.Default());
109 CHECK_GT(free_stack->size, 0);
110 scariness.Print();
111 GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);
112 stack.Print();
113 addr_description.Print();
114 ReportErrorSummary(scariness.GetDescription(), &stack);
115 }
116
Print()117 void ErrorAllocTypeMismatch::Print() {
118 static const char *alloc_names[] = {"INVALID", "malloc", "operator new",
119 "operator new []"};
120 static const char *dealloc_names[] = {"INVALID", "free", "operator delete",
121 "operator delete []"};
122 CHECK_NE(alloc_type, dealloc_type);
123 Decorator d;
124 Printf("%s", d.Error());
125 Report("ERROR: AddressSanitizer: %s (%s vs %s) on %p\n",
126 scariness.GetDescription(), alloc_names[alloc_type],
127 dealloc_names[dealloc_type], addr_description.Address());
128 Printf("%s", d.Default());
129 CHECK_GT(dealloc_stack->size, 0);
130 scariness.Print();
131 GET_STACK_TRACE_FATAL(dealloc_stack->trace[0], dealloc_stack->top_frame_bp);
132 stack.Print();
133 addr_description.Print();
134 ReportErrorSummary(scariness.GetDescription(), &stack);
135 Report(
136 "HINT: if you don't care about these errors you may set "
137 "ASAN_OPTIONS=alloc_dealloc_mismatch=0\n");
138 }
139
Print()140 void ErrorMallocUsableSizeNotOwned::Print() {
141 Decorator d;
142 Printf("%s", d.Error());
143 Report(
144 "ERROR: AddressSanitizer: attempting to call malloc_usable_size() for "
145 "pointer which is not owned: %p\n",
146 addr_description.Address());
147 Printf("%s", d.Default());
148 stack->Print();
149 addr_description.Print();
150 ReportErrorSummary(scariness.GetDescription(), stack);
151 }
152
Print()153 void ErrorSanitizerGetAllocatedSizeNotOwned::Print() {
154 Decorator d;
155 Printf("%s", d.Error());
156 Report(
157 "ERROR: AddressSanitizer: attempting to call "
158 "__sanitizer_get_allocated_size() for pointer which is not owned: %p\n",
159 addr_description.Address());
160 Printf("%s", d.Default());
161 stack->Print();
162 addr_description.Print();
163 ReportErrorSummary(scariness.GetDescription(), stack);
164 }
165
Print()166 void ErrorCallocOverflow::Print() {
167 Decorator d;
168 Printf("%s", d.Error());
169 Report(
170 "ERROR: AddressSanitizer: calloc parameters overflow: count * size "
171 "(%zd * %zd) cannot be represented in type size_t (thread %s)\n",
172 count, size, AsanThreadIdAndName(tid).c_str());
173 Printf("%s", d.Default());
174 stack->Print();
175 PrintHintAllocatorCannotReturnNull();
176 ReportErrorSummary(scariness.GetDescription(), stack);
177 }
178
Print()179 void ErrorPvallocOverflow::Print() {
180 Decorator d;
181 Printf("%s", d.Error());
182 Report(
183 "ERROR: AddressSanitizer: pvalloc parameters overflow: size 0x%zx "
184 "rounded up to system page size 0x%zx cannot be represented in type "
185 "size_t (thread %s)\n",
186 size, GetPageSizeCached(), AsanThreadIdAndName(tid).c_str());
187 Printf("%s", d.Default());
188 stack->Print();
189 PrintHintAllocatorCannotReturnNull();
190 ReportErrorSummary(scariness.GetDescription(), stack);
191 }
192
Print()193 void ErrorInvalidAllocationAlignment::Print() {
194 Decorator d;
195 Printf("%s", d.Error());
196 Report(
197 "ERROR: AddressSanitizer: invalid allocation alignment: %zd, "
198 "alignment must be a power of two (thread %s)\n",
199 alignment, AsanThreadIdAndName(tid).c_str());
200 Printf("%s", d.Default());
201 stack->Print();
202 PrintHintAllocatorCannotReturnNull();
203 ReportErrorSummary(scariness.GetDescription(), stack);
204 }
205
Print()206 void ErrorInvalidAlignedAllocAlignment::Print() {
207 Decorator d;
208 Printf("%s", d.Error());
209 #if SANITIZER_POSIX
210 Report("ERROR: AddressSanitizer: invalid alignment requested in "
211 "aligned_alloc: %zd, alignment must be a power of two and the "
212 "requested size 0x%zx must be a multiple of alignment "
213 "(thread %s)\n", alignment, size, AsanThreadIdAndName(tid).c_str());
214 #else
215 Report("ERROR: AddressSanitizer: invalid alignment requested in "
216 "aligned_alloc: %zd, the requested size 0x%zx must be a multiple of "
217 "alignment (thread %s)\n", alignment, size,
218 AsanThreadIdAndName(tid).c_str());
219 #endif
220 Printf("%s", d.Default());
221 stack->Print();
222 PrintHintAllocatorCannotReturnNull();
223 ReportErrorSummary(scariness.GetDescription(), stack);
224 }
225
Print()226 void ErrorInvalidPosixMemalignAlignment::Print() {
227 Decorator d;
228 Printf("%s", d.Error());
229 Report(
230 "ERROR: AddressSanitizer: invalid alignment requested in posix_memalign: "
231 "%zd, alignment must be a power of two and a multiple of sizeof(void*) "
232 "== %zd (thread %s)\n",
233 alignment, sizeof(void*), AsanThreadIdAndName(tid).c_str()); // NOLINT
234 Printf("%s", d.Default());
235 stack->Print();
236 PrintHintAllocatorCannotReturnNull();
237 ReportErrorSummary(scariness.GetDescription(), stack);
238 }
239
Print()240 void ErrorAllocationSizeTooBig::Print() {
241 Decorator d;
242 Printf("%s", d.Error());
243 Report(
244 "ERROR: AddressSanitizer: requested allocation size 0x%zx (0x%zx after "
245 "adjustments for alignment, red zones etc.) exceeds maximum supported "
246 "size of 0x%zx (thread %s)\n",
247 user_size, total_size, max_size, AsanThreadIdAndName(tid).c_str());
248 Printf("%s", d.Default());
249 stack->Print();
250 PrintHintAllocatorCannotReturnNull();
251 ReportErrorSummary(scariness.GetDescription(), stack);
252 }
253
Print()254 void ErrorRssLimitExceeded::Print() {
255 Decorator d;
256 Printf("%s", d.Error());
257 Report(
258 "ERROR: AddressSanitizer: specified RSS limit exceeded, currently set to "
259 "soft_rss_limit_mb=%zd\n", common_flags()->soft_rss_limit_mb);
260 Printf("%s", d.Default());
261 stack->Print();
262 PrintHintAllocatorCannotReturnNull();
263 ReportErrorSummary(scariness.GetDescription(), stack);
264 }
265
Print()266 void ErrorOutOfMemory::Print() {
267 Decorator d;
268 Printf("%s", d.Error());
269 Report(
270 "ERROR: AddressSanitizer: allocator is out of memory trying to allocate "
271 "0x%zx bytes\n", requested_size);
272 Printf("%s", d.Default());
273 stack->Print();
274 PrintHintAllocatorCannotReturnNull();
275 ReportErrorSummary(scariness.GetDescription(), stack);
276 }
277
Print()278 void ErrorStringFunctionMemoryRangesOverlap::Print() {
279 Decorator d;
280 char bug_type[100];
281 internal_snprintf(bug_type, sizeof(bug_type), "%s-param-overlap", function);
282 Printf("%s", d.Error());
283 Report(
284 "ERROR: AddressSanitizer: %s: memory ranges [%p,%p) and [%p, %p) "
285 "overlap\n",
286 bug_type, addr1_description.Address(),
287 addr1_description.Address() + length1, addr2_description.Address(),
288 addr2_description.Address() + length2);
289 Printf("%s", d.Default());
290 scariness.Print();
291 stack->Print();
292 addr1_description.Print();
293 addr2_description.Print();
294 ReportErrorSummary(bug_type, stack);
295 }
296
Print()297 void ErrorStringFunctionSizeOverflow::Print() {
298 Decorator d;
299 Printf("%s", d.Error());
300 Report("ERROR: AddressSanitizer: %s: (size=%zd)\n",
301 scariness.GetDescription(), size);
302 Printf("%s", d.Default());
303 scariness.Print();
304 stack->Print();
305 addr_description.Print();
306 ReportErrorSummary(scariness.GetDescription(), stack);
307 }
308
Print()309 void ErrorBadParamsToAnnotateContiguousContainer::Print() {
310 Report(
311 "ERROR: AddressSanitizer: bad parameters to "
312 "__sanitizer_annotate_contiguous_container:\n"
313 " beg : %p\n"
314 " end : %p\n"
315 " old_mid : %p\n"
316 " new_mid : %p\n",
317 beg, end, old_mid, new_mid);
318 uptr granularity = SHADOW_GRANULARITY;
319 if (!IsAligned(beg, granularity))
320 Report("ERROR: beg is not aligned by %d\n", granularity);
321 stack->Print();
322 ReportErrorSummary(scariness.GetDescription(), stack);
323 }
324
Print()325 void ErrorODRViolation::Print() {
326 Decorator d;
327 Printf("%s", d.Error());
328 Report("ERROR: AddressSanitizer: %s (%p):\n", scariness.GetDescription(),
329 global1.beg);
330 Printf("%s", d.Default());
331 InternalScopedString g1_loc(256), g2_loc(256);
332 PrintGlobalLocation(&g1_loc, global1);
333 PrintGlobalLocation(&g2_loc, global2);
334 Printf(" [1] size=%zd '%s' %s\n", global1.size,
335 MaybeDemangleGlobalName(global1.name), g1_loc.data());
336 Printf(" [2] size=%zd '%s' %s\n", global2.size,
337 MaybeDemangleGlobalName(global2.name), g2_loc.data());
338 if (stack_id1 && stack_id2) {
339 Printf("These globals were registered at these points:\n");
340 Printf(" [1]:\n");
341 StackDepotGet(stack_id1).Print();
342 Printf(" [2]:\n");
343 StackDepotGet(stack_id2).Print();
344 }
345 Report(
346 "HINT: if you don't care about these errors you may set "
347 "ASAN_OPTIONS=detect_odr_violation=0\n");
348 InternalScopedString error_msg(256);
349 error_msg.append("%s: global '%s' at %s", scariness.GetDescription(),
350 MaybeDemangleGlobalName(global1.name), g1_loc.data());
351 ReportErrorSummary(error_msg.data());
352 }
353
Print()354 void ErrorInvalidPointerPair::Print() {
355 Decorator d;
356 Printf("%s", d.Error());
357 Report("ERROR: AddressSanitizer: %s: %p %p\n", scariness.GetDescription(),
358 addr1_description.Address(), addr2_description.Address());
359 Printf("%s", d.Default());
360 GET_STACK_TRACE_FATAL(pc, bp);
361 stack.Print();
362 addr1_description.Print();
363 addr2_description.Print();
364 ReportErrorSummary(scariness.GetDescription(), &stack);
365 }
366
AdjacentShadowValuesAreFullyPoisoned(u8 * s)367 static bool AdjacentShadowValuesAreFullyPoisoned(u8 *s) {
368 return s[-1] > 127 && s[1] > 127;
369 }
370
ErrorGeneric(u32 tid,uptr pc_,uptr bp_,uptr sp_,uptr addr,bool is_write_,uptr access_size_)371 ErrorGeneric::ErrorGeneric(u32 tid, uptr pc_, uptr bp_, uptr sp_, uptr addr,
372 bool is_write_, uptr access_size_)
373 : ErrorBase(tid),
374 addr_description(addr, access_size_, /*shouldLockThreadRegistry=*/false),
375 pc(pc_),
376 bp(bp_),
377 sp(sp_),
378 access_size(access_size_),
379 is_write(is_write_),
380 shadow_val(0) {
381 scariness.Clear();
382 if (access_size) {
383 if (access_size <= 9) {
384 char desr[] = "?-byte";
385 desr[0] = '0' + access_size;
386 scariness.Scare(access_size + access_size / 2, desr);
387 } else if (access_size >= 10) {
388 scariness.Scare(15, "multi-byte");
389 }
390 is_write ? scariness.Scare(20, "write") : scariness.Scare(1, "read");
391
392 // Determine the error type.
393 bug_descr = "unknown-crash";
394 if (AddrIsInMem(addr)) {
395 u8 *shadow_addr = (u8 *)MemToShadow(addr);
396 // If we are accessing 16 bytes, look at the second shadow byte.
397 if (*shadow_addr == 0 && access_size > SHADOW_GRANULARITY) shadow_addr++;
398 // If we are in the partial right redzone, look at the next shadow byte.
399 if (*shadow_addr > 0 && *shadow_addr < 128) shadow_addr++;
400 bool far_from_bounds = false;
401 shadow_val = *shadow_addr;
402 int bug_type_score = 0;
403 // For use-after-frees reads are almost as bad as writes.
404 int read_after_free_bonus = 0;
405 switch (shadow_val) {
406 case kAsanHeapLeftRedzoneMagic:
407 case kAsanArrayCookieMagic:
408 bug_descr = "heap-buffer-overflow";
409 bug_type_score = 10;
410 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
411 break;
412 case kAsanHeapFreeMagic:
413 bug_descr = "heap-use-after-free";
414 bug_type_score = 20;
415 if (!is_write) read_after_free_bonus = 18;
416 break;
417 case kAsanStackLeftRedzoneMagic:
418 bug_descr = "stack-buffer-underflow";
419 bug_type_score = 25;
420 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
421 break;
422 case kAsanInitializationOrderMagic:
423 bug_descr = "initialization-order-fiasco";
424 bug_type_score = 1;
425 break;
426 case kAsanStackMidRedzoneMagic:
427 case kAsanStackRightRedzoneMagic:
428 bug_descr = "stack-buffer-overflow";
429 bug_type_score = 25;
430 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
431 break;
432 case kAsanStackAfterReturnMagic:
433 bug_descr = "stack-use-after-return";
434 bug_type_score = 30;
435 if (!is_write) read_after_free_bonus = 18;
436 break;
437 case kAsanUserPoisonedMemoryMagic:
438 bug_descr = "use-after-poison";
439 bug_type_score = 20;
440 break;
441 case kAsanContiguousContainerOOBMagic:
442 bug_descr = "container-overflow";
443 bug_type_score = 10;
444 break;
445 case kAsanStackUseAfterScopeMagic:
446 bug_descr = "stack-use-after-scope";
447 bug_type_score = 10;
448 break;
449 case kAsanGlobalRedzoneMagic:
450 bug_descr = "global-buffer-overflow";
451 bug_type_score = 10;
452 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
453 break;
454 case kAsanIntraObjectRedzone:
455 bug_descr = "intra-object-overflow";
456 bug_type_score = 10;
457 break;
458 case kAsanAllocaLeftMagic:
459 case kAsanAllocaRightMagic:
460 bug_descr = "dynamic-stack-buffer-overflow";
461 bug_type_score = 25;
462 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr);
463 break;
464 }
465 scariness.Scare(bug_type_score + read_after_free_bonus, bug_descr);
466 if (far_from_bounds) scariness.Scare(10, "far-from-bounds");
467 }
468 }
469 }
470
PrintContainerOverflowHint()471 static void PrintContainerOverflowHint() {
472 Printf("HINT: if you don't care about these errors you may set "
473 "ASAN_OPTIONS=detect_container_overflow=0.\n"
474 "If you suspect a false positive see also: "
475 "https://github.com/google/sanitizers/wiki/"
476 "AddressSanitizerContainerOverflow.\n");
477 }
478
PrintShadowByte(InternalScopedString * str,const char * before,u8 byte,const char * after="\\n")479 static void PrintShadowByte(InternalScopedString *str, const char *before,
480 u8 byte, const char *after = "\n") {
481 PrintMemoryByte(str, before, byte, /*in_shadow*/true, after);
482 }
483
PrintLegend(InternalScopedString * str)484 static void PrintLegend(InternalScopedString *str) {
485 str->append(
486 "Shadow byte legend (one shadow byte represents %d "
487 "application bytes):\n",
488 (int)SHADOW_GRANULARITY);
489 PrintShadowByte(str, " Addressable: ", 0);
490 str->append(" Partially addressable: ");
491 for (u8 i = 1; i < SHADOW_GRANULARITY; i++) PrintShadowByte(str, "", i, " ");
492 str->append("\n");
493 PrintShadowByte(str, " Heap left redzone: ",
494 kAsanHeapLeftRedzoneMagic);
495 PrintShadowByte(str, " Freed heap region: ", kAsanHeapFreeMagic);
496 PrintShadowByte(str, " Stack left redzone: ",
497 kAsanStackLeftRedzoneMagic);
498 PrintShadowByte(str, " Stack mid redzone: ",
499 kAsanStackMidRedzoneMagic);
500 PrintShadowByte(str, " Stack right redzone: ",
501 kAsanStackRightRedzoneMagic);
502 PrintShadowByte(str, " Stack after return: ",
503 kAsanStackAfterReturnMagic);
504 PrintShadowByte(str, " Stack use after scope: ",
505 kAsanStackUseAfterScopeMagic);
506 PrintShadowByte(str, " Global redzone: ", kAsanGlobalRedzoneMagic);
507 PrintShadowByte(str, " Global init order: ",
508 kAsanInitializationOrderMagic);
509 PrintShadowByte(str, " Poisoned by user: ",
510 kAsanUserPoisonedMemoryMagic);
511 PrintShadowByte(str, " Container overflow: ",
512 kAsanContiguousContainerOOBMagic);
513 PrintShadowByte(str, " Array cookie: ",
514 kAsanArrayCookieMagic);
515 PrintShadowByte(str, " Intra object redzone: ",
516 kAsanIntraObjectRedzone);
517 PrintShadowByte(str, " ASan internal: ", kAsanInternalHeapMagic);
518 PrintShadowByte(str, " Left alloca redzone: ", kAsanAllocaLeftMagic);
519 PrintShadowByte(str, " Right alloca redzone: ", kAsanAllocaRightMagic);
520 PrintShadowByte(str, " Shadow gap: ", kAsanShadowGap);
521 }
522
PrintShadowBytes(InternalScopedString * str,const char * before,u8 * bytes,u8 * guilty,uptr n)523 static void PrintShadowBytes(InternalScopedString *str, const char *before,
524 u8 *bytes, u8 *guilty, uptr n) {
525 Decorator d;
526 if (before) str->append("%s%p:", before, bytes);
527 for (uptr i = 0; i < n; i++) {
528 u8 *p = bytes + i;
529 const char *before =
530 p == guilty ? "[" : (p - 1 == guilty && i != 0) ? "" : " ";
531 const char *after = p == guilty ? "]" : "";
532 PrintShadowByte(str, before, *p, after);
533 }
534 str->append("\n");
535 }
536
PrintShadowMemoryForAddress(uptr addr)537 static void PrintShadowMemoryForAddress(uptr addr) {
538 if (!AddrIsInMem(addr)) return;
539 uptr shadow_addr = MemToShadow(addr);
540 const uptr n_bytes_per_row = 16;
541 uptr aligned_shadow = shadow_addr & ~(n_bytes_per_row - 1);
542 InternalScopedString str(4096 * 8);
543 str.append("Shadow bytes around the buggy address:\n");
544 for (int i = -5; i <= 5; i++) {
545 uptr row_shadow_addr = aligned_shadow + i * n_bytes_per_row;
546 // Skip rows that would be outside the shadow range. This can happen when
547 // the user address is near the bottom, top, or shadow gap of the address
548 // space.
549 if (!AddrIsInShadow(row_shadow_addr)) continue;
550 const char *prefix = (i == 0) ? "=>" : " ";
551 PrintShadowBytes(&str, prefix, (u8 *)row_shadow_addr, (u8 *)shadow_addr,
552 n_bytes_per_row);
553 }
554 if (flags()->print_legend) PrintLegend(&str);
555 Printf("%s", str.data());
556 }
557
Print()558 void ErrorGeneric::Print() {
559 Decorator d;
560 Printf("%s", d.Error());
561 uptr addr = addr_description.Address();
562 Report("ERROR: AddressSanitizer: %s on address %p at pc %p bp %p sp %p\n",
563 bug_descr, (void *)addr, pc, bp, sp);
564 Printf("%s", d.Default());
565
566 Printf("%s%s of size %zu at %p thread %s%s\n", d.Access(),
567 access_size ? (is_write ? "WRITE" : "READ") : "ACCESS", access_size,
568 (void *)addr, AsanThreadIdAndName(tid).c_str(), d.Default());
569
570 scariness.Print();
571 GET_STACK_TRACE_FATAL(pc, bp);
572 stack.Print();
573
574 // Pass bug_descr because we have a special case for
575 // initialization-order-fiasco
576 addr_description.Print(bug_descr);
577 if (shadow_val == kAsanContiguousContainerOOBMagic)
578 PrintContainerOverflowHint();
579 ReportErrorSummary(bug_descr, &stack);
580 PrintShadowMemoryForAddress(addr);
581 }
582
583 } // namespace __asan
584