You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/sanitizers/error-container-overflow.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -59,13 +59,13 @@ devenv /debugexe example1.exe
59
59
60
60
:::image type="content" source="media/container-overflow-example-1.png" alt-text="Screenshot of debugger displaying container-overflow error in example 1." lightbox="media/container-overflow-example-1.png":::
61
61
62
-
## Custom Allocators plus Container Overflow
62
+
## Custom allocators and container overflow
63
63
64
-
Address Sanitizer container overflow checking does support non-`std::allocator` allocators; however, because ASan can't trust custom allocators to have some important properties, it may not always be able to check that accesses on the latter end of an allocation are correct.
64
+
Address Sanitizer container overflow checks support non-`std::allocator` allocators. However, because AddressSanitizer can't trust custom allocators to have some important properties, it may not always be able to check that accesses on the latter end of an allocation are correct.
65
65
66
-
ASan marks blocks of memory in 8-byte chunks, and due to how its shadow memory works, it can't place inaccessible bytes before accessible bytes in a single chunk. In other words, it's valid to have 8 accessible bytes in a chunk, or 4 accessible bytes followed by 4 inaccessible bytes, but you can't have 4 inaccessible bytes followed by 4 accessible bytes.
66
+
AddressSanitizer marks blocks of memory in 8-byte chunks, and due to how its shadow memory works, it can't place inaccessible bytes before accessible bytes in a single chunk. In other words, it's valid to have 8 accessible bytes in a chunk, or 4 accessible bytes followed by 4 inaccessible bytes, but you can't have 4 inaccessible bytes followed by 4 accessible bytes.
67
67
68
-
So, if the end of an allocation from a custom allocator doesn't strictly align with the end of an 8-byte chunk, there's a problem. ASan must assume that the bytes after the end of the allocation, but before the end of the chunk, may be in use by someone else. Therefore, it can't mark the bytes in the final 8-byte chunk as inaccessible. For example:
68
+
So, if the end of an allocation from a custom allocator doesn't strictly align with the end of an 8-byte chunk, there's a problem. AddressSanitizer must assume that the bytes after the end of the allocation, but before the end of the chunk, may be in use by someone else. Therefore, it can't mark the bytes in the final 8-byte chunk as inaccessible. For example:
69
69
70
70
```cpp
71
71
std::vector<uint8_t, MyCustomAlloc<uint8_t>> v;
@@ -81,7 +81,7 @@ v.assign({0, 1, 2, 3});
81
81
82
82
Ideally, we'd mark the shadow memory such that `v.data() + [0, v.size())` are accessible, and `v.data() + [v.size(), v.capacity())` are inaccessible. However, since the user is using a custom allocator that we don't have information about, we can't know whether the memory after `v.data() + v.capacity()` is accessible or not, so we must assume that it is. Therefore, even though we'd prefer to mark those bytes as inaccessible, we must instead mark them as accessible so it's still possible to access the bytes after the allocation.
83
83
84
-
`std::allocator` uses the `_Minimum_asan_allocation_alignment` static member variable as a way to tell `vector` and `string` that they can trust the allocator not to put data right after the allocation, so the pointer returned by the allocation functions. If you want the implementation to trust an allocator of your own, you can also set `_Minimum_asan_allocation_alignment` to your actual minimum alignment. (For ASan to work correctly, the alignment must be at least `8`.)
84
+
`std::allocator` uses the `_Minimum_asan_allocation_alignment` static member variable as a way to tell `vector` and `string` that they can trust the allocator not to put data right after the allocation, so the pointer returned by the allocation functions. If you want the implementation to trust an allocator of your own, you can also set `_Minimum_asan_allocation_alignment` to your actual minimum alignment. (For AddressSanitizer to work correctly, the alignment must be at least `8`.)
0 commit comments