diff --git a/compiler-rt/lib/hwasan/hwasan_quarantine.cpp b/compiler-rt/lib/hwasan/hwasan_quarantine.cpp index ea9cc01877a767efcbf409535fbccdfa817fc984..c7679cf2436d892f10b631badd59e9b20dc351e9 100644 --- a/compiler-rt/lib/hwasan/hwasan_quarantine.cpp +++ b/compiler-rt/lib/hwasan/hwasan_quarantine.cpp @@ -36,7 +36,7 @@ void HeapQuarantineController::ClearHeapQuarantine(AllocatorCache *cache) { bool HeapQuarantineController::TryPutInQuarantineWithDealloc( uptr ptr, size_t s, u32 aid, u32 fid, AllocatorCache *cache) { - if (IsInPrintf()) + if (!SafeToCallPrintf()) return false; if ((flags()->heap_quarantine_max > 0) && (flags()->heap_quarantine_max > s && flags()->heap_quarantine_min <= s)) { @@ -97,6 +97,7 @@ void HeapQuarantineController::DeallocateWithHeapQuarantcheck( Min(heap_quarantine_list_[i].s, (size_t)flags()->max_free_fill_size); for (size_t j = 0; j < fill_size / sizeof(u64); j++) { if (ptrBeg[j] != magic) { + Printf("\nPotential Cause: use-after-free\n"); Printf( "ptrBeg was re-written after free %p[%zu], %p " "%016llx:%016llx, freed by:\n", @@ -104,6 +105,7 @@ void HeapQuarantineController::DeallocateWithHeapQuarantcheck( StackDepotGet(heap_quarantine_list_[i].free_context_id).Print(); Printf("allocated by:\n"); StackDepotGet(heap_quarantine_list_[i].alloc_context_id).Print(); + Report("End Hwasan report\n"); break; } } diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common.h b/compiler-rt/lib/sanitizer_common/sanitizer_common.h index 1b4f1bf45084233e308973a60cdbe2c1181f6081..c3aa755e2b88ca68b7e04dc6355315c8b2ed5027 100644 --- a/compiler-rt/lib/sanitizer_common/sanitizer_common.h +++ b/compiler-rt/lib/sanitizer_common/sanitizer_common.h @@ -229,7 +229,6 @@ bool ColorizeReports(); void RemoveANSIEscapeSequencesFromString(char *buffer); void Printf(const char *format, ...) FORMAT(1, 2); void Report(const char *format, ...) FORMAT(1, 2); -bool IsInPrintf(); // OHOS_LOCAL void SetPrintfAndReportCallback(void (*callback)(const char *)); #define VReport(level, ...) \ do { \ @@ -927,9 +926,19 @@ inline void LogFullErrorReport(const char *buffer) {} #if SANITIZER_LINUX || SANITIZER_APPLE void WriteOneLineToSyslog(const char *s); void LogMessageOnPrintf(const char *str); + +// OHOS_LOCAL begin +#if SANITIZER_OHOS +bool SafeToCallPrintf(); +#else +inline bool SafeToCallPrintf(){ return true; } +#endif +// OHOS_LOCAL end + #else inline void WriteOneLineToSyslog(const char *s) {} inline void LogMessageOnPrintf(const char *str) {} +inline bool SafeToCallPrintf(){ return true; } // OHOS_LOCAL #endif #if SANITIZER_LINUX || SANITIZER_WIN_TRACE diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_nolibc.cpp b/compiler-rt/lib/sanitizer_common/sanitizer_common_nolibc.cpp index 67e77a8777818d687b23c823cf51b5d2c9b7e893..c9169de70af4951c482fe516eadbbf4dc62426be 100644 --- a/compiler-rt/lib/sanitizer_common/sanitizer_common_nolibc.cpp +++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_nolibc.cpp @@ -22,6 +22,7 @@ namespace __sanitizer { #if !SANITIZER_WINDOWS #if SANITIZER_LINUX void LogMessageOnPrintf(const char *str) {} +bool SafeToCallPrintf(){ return true; } // OHOS_LOCAL #endif void WriteToSyslog(const char *buffer) {} void Abort() { internal__exit(1); } diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp b/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp index 54c2526fac820f7024be9d17d869dc4c63b7413a..610876331aabc1d1d345e31fda02480b366890ca 100644 --- a/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp +++ b/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp @@ -1085,11 +1085,20 @@ void WriteOneLineToSyslog(const char *s) { syslog(LOG_INFO, "%s", s); } void SetAbortMessage(const char *str) {} #endif // SANITIZER_ANDROID +#if SANITIZER_OHOS +static thread_local bool safe_to_call_printf = true; // OHOS_LOCAL +#endif + void LogMessageOnPrintf(const char *str) { #if SANITIZER_OHOS // We need to call it before "WriteToSyslog" because "WriteToSyslog" will remove "\n". if (&ohos_dfx_log) { + // The ohos_dfx_log is exclusively for LLVM Sanitizers to flush logs to + // disk. The ohos_dfx_log may perform dynamic memory allocation, potentiallt + // leading to the sanitizer triggering a recursive call. + safe_to_call_printf = false; ohos_dfx_log(str); + safe_to_call_printf = true; } #endif if (common_flags()->log_to_syslog && ShouldLogAfterPrintf()) @@ -1097,6 +1106,12 @@ void LogMessageOnPrintf(const char *str) { } // OHOS_LOCAL end +//OHOS_LOCAL begin +#if SANITIZER_OHOS +bool SafeToCallPrintf() { return safe_to_call_printf; } +#endif +// OHOS_LOCAL end + #endif // SANITIZER_LINUX #if SANITIZER_GLIBC && !SANITIZER_GO diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_printf.cpp b/compiler-rt/lib/sanitizer_common/sanitizer_printf.cpp index 53cc149f662c4ff34007252a8332346807b601ee..3a9e366d2df952a131634f79bea5e08841faa585 100644 --- a/compiler-rt/lib/sanitizer_common/sanitizer_printf.cpp +++ b/compiler-rt/lib/sanitizer_common/sanitizer_printf.cpp @@ -310,16 +310,10 @@ static void NOINLINE SharedPrintfCode(bool append_pid, const char *format, format, args); } -static thread_local bool is_in_printf; // OHOS_LOCAL - -bool IsInPrintf() { return is_in_printf; } // OHOS_LOCAL - void Printf(const char *format, ...) { va_list args; va_start(args, format); - is_in_printf = true; // OHOS_LOCAL SharedPrintfCode(false, format, args); - is_in_printf =false; // OHOS_LOCAL va_end(args); }