{src: "asan4_fail.go", memoryAccessError: "use-after-poison", errorLocation: "asan4_fail.go:13"},
{src: "asan5_fail.go", memoryAccessError: "use-after-poison", errorLocation: "asan5_fail.go:18"},
{src: "asan_useAfterReturn.go"},
+ {src: "asan_unsafe_fail1.go", memoryAccessError: "use-after-poison", errorLocation: "asan_unsafe_fail1.go:25"},
+ {src: "asan_unsafe_fail2.go", memoryAccessError: "use-after-poison", errorLocation: "asan_unsafe_fail2.go:25"},
+ {src: "asan_unsafe_fail3.go", memoryAccessError: "use-after-poison", errorLocation: "asan_unsafe_fail3.go:18"},
}
for _, tc := range cases {
tc := tc
--- /dev/null
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+import (
+ "fmt"
+ "unsafe"
+)
+
+func main() {
+ a := 1
+ b := 2
+ c := add(a, b)
+ d := a + b
+ fmt.Println(c, d)
+}
+
+//go:noinline
+func add(a1, b1 int) int {
+ // The arguments.
+ // When -asan is enabled, unsafe.Pointer(&a1) conversion is escaping.
+ var p *int = (*int)(unsafe.Pointer(uintptr(unsafe.Pointer(&a1)) + 1*unsafe.Sizeof(int(1))))
+ *p = 10 // BOOM
+ return a1 + b1
+}
--- /dev/null
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+import (
+ "fmt"
+ "unsafe"
+)
+
+func main() {
+ a := 1
+ b := 2
+ c := add(a, b)
+ d := a + b
+ fmt.Println(c, d)
+}
+
+//go:noinline
+func add(a1, b1 int) (ret int) {
+ // The return value
+ // When -asan is enabled, the unsafe.Pointer(&ret) conversion is escaping.
+ var p *int = (*int)(unsafe.Pointer(uintptr(unsafe.Pointer(&ret)) + 1*unsafe.Sizeof(int(1))))
+ *p = 123 // BOOM
+ ret = a1 + b1
+ return
+}
--- /dev/null
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+import (
+ "fmt"
+ "unsafe"
+)
+
+func main() {
+ a := 1
+ b := 2
+ // The local variables.
+ // When -asan is enabled, the unsafe.Pointer(&a) conversion is escaping.
+ var p *int = (*int)(unsafe.Pointer(uintptr(unsafe.Pointer(&a)) + 1*unsafe.Sizeof(int(1))))
+ *p = 20 // BOOM
+ d := a + b
+ fmt.Println(d)
+}
case ir.OCONV, ir.OCONVNOP:
n := n.(*ir.ConvExpr)
- if ir.ShouldCheckPtr(e.curfn, 2) && n.Type().IsUnsafePtr() && n.X.Type().IsPtr() {
- // When -d=checkptr=2 is enabled, treat
- // conversions to unsafe.Pointer as an
+ if (ir.ShouldCheckPtr(e.curfn, 2) || ir.ShouldAsanCheckPtr(e.curfn)) && n.Type().IsUnsafePtr() && n.X.Type().IsPtr() {
+ // When -d=checkptr=2 or -asan is enabled,
+ // treat conversions to unsafe.Pointer as an
// escaping operation. This allows better
// runtime instrumentation, since we can more
// easily detect object boundaries on the heap
return base.Debug.Checkptr >= level && fn.Pragma&NoCheckPtr == 0
}
+// ShouldAsanCheckPtr reports whether pointer checking should be enabled for
+// function fn when -asan is enabled.
+func ShouldAsanCheckPtr(fn *Func) bool {
+ return base.Flag.ASan && fn.Pragma&NoCheckPtr == 0
+}
+
// IsReflectHeaderDataField reports whether l is an expression p.Data
// where p has type reflect.SliceHeader or reflect.StringHeader.
func IsReflectHeaderDataField(l Node) bool {