Bug Summary

File:compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp
Warning:line 56, column 34
Called C++ object pointer is null

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name segv_handler_posix.cpp -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -mframe-pointer=all -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -fno-split-dwarf-inlining -debugger-tuning=gdb -ffunction-sections -fdata-sections -resource-dir /usr/lib/llvm-12/lib/clang/12.0.0 -D _DEBUG -D _GNU_SOURCE -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D __STDC_LIMIT_MACROS -I /build/llvm-toolchain-snapshot-12~++20200806111125+5446ec85070/build-llvm/projects/compiler-rt/lib/gwp_asan -I /build/llvm-toolchain-snapshot-12~++20200806111125+5446ec85070/compiler-rt/lib/gwp_asan -I /build/llvm-toolchain-snapshot-12~++20200806111125+5446ec85070/build-llvm/include -I /build/llvm-toolchain-snapshot-12~++20200806111125+5446ec85070/llvm/include -I /build/llvm-toolchain-snapshot-12~++20200806111125+5446ec85070/compiler-rt/lib/gwp_asan/.. -U NDEBUG -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/x86_64-linux-gnu/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/x86_64-linux-gnu/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/c++/6.3.0/backward -internal-isystem /usr/local/include -internal-isystem /usr/lib/llvm-12/lib/clang/12.0.0/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-maybe-uninitialized -Wno-comment -Wno-unused-parameter -Wno-variadic-macros -Wno-non-virtual-dtor -std=c++14 -fdeprecated-macro -fdebug-compilation-dir /build/llvm-toolchain-snapshot-12~++20200806111125+5446ec85070/build-llvm/projects/compiler-rt/lib/gwp_asan -fdebug-prefix-map=/build/llvm-toolchain-snapshot-12~++20200806111125+5446ec85070=. -ferror-limit 19 -fvisibility hidden -fvisibility-inlines-hidden -fno-builtin -fno-rtti -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -o /tmp/scan-build-2020-08-06-171148-17323-1 -x c++ /build/llvm-toolchain-snapshot-12~++20200806111125+5446ec85070/compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp
1//===-- crash_handler_posix.cpp ---------------------------------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8
9#include "gwp_asan/common.h"
10#include "gwp_asan/crash_handler.h"
11#include "gwp_asan/guarded_pool_allocator.h"
12#include "gwp_asan/optional/segv_handler.h"
13#include "gwp_asan/options.h"
14
15#include <assert.h>
16#include <inttypes.h>
17#include <signal.h>
18#include <stdio.h>
19
20namespace {
21using gwp_asan::AllocationMetadata;
22using gwp_asan::Error;
23using gwp_asan::GuardedPoolAllocator;
24using gwp_asan::crash_handler::PrintBacktrace_t;
25using gwp_asan::crash_handler::Printf_t;
26using gwp_asan::crash_handler::SegvBacktrace_t;
27
28struct sigaction PreviousHandler;
29bool SignalHandlerInstalled;
30gwp_asan::GuardedPoolAllocator *GPAForSignalHandler;
31Printf_t PrintfForSignalHandler;
32PrintBacktrace_t PrintBacktraceForSignalHandler;
33SegvBacktrace_t BacktraceForSignalHandler;
34
35static void sigSegvHandler(int sig, siginfo_t *info, void *ucontext) {
36 if (GPAForSignalHandler) {
1
Assuming 'GPAForSignalHandler' is null
2
Taking false branch
37 GPAForSignalHandler->stop();
38
39 gwp_asan::crash_handler::dumpReport(
40 reinterpret_cast<uintptr_t>(info->si_addr_sifields._sigfault.si_addr),
41 GPAForSignalHandler->getAllocatorState(),
42 GPAForSignalHandler->getMetadataRegion(), BacktraceForSignalHandler,
43 PrintfForSignalHandler, PrintBacktraceForSignalHandler, ucontext);
44 }
45
46 // Process any previous handlers.
47 if (PreviousHandler.sa_flags & SA_SIGINFO4) {
3
Assuming the condition is false
4
Taking false branch
48 PreviousHandler.sa_sigaction__sigaction_handler.sa_sigaction(sig, info, ucontext);
49 } else if (PreviousHandler.sa_handler__sigaction_handler.sa_handler == SIG_DFL((__sighandler_t) 0)) {
5
Assuming field 'sa_handler' is not equal to SIG_DFL
6
Taking false branch
50 // If the previous handler was the default handler, cause a core dump.
51 signal(SIGSEGV11, SIG_DFL((__sighandler_t) 0));
52 raise(SIGSEGV11);
53 } else if (PreviousHandler.sa_handler__sigaction_handler.sa_handler == SIG_IGN((__sighandler_t) 1)) {
7
Assuming field 'sa_handler' is equal to SIG_IGN
8
Taking true branch
54 // If the previous segv handler was SIGIGN, crash iff we were responsible
55 // for the crash.
56 if (__gwp_asan_error_is_mine(GPAForSignalHandler->getAllocatorState(),
9
Called C++ object pointer is null
57 reinterpret_cast<uintptr_t>(info->si_addr_sifields._sigfault.si_addr))) {
58 signal(SIGSEGV11, SIG_DFL((__sighandler_t) 0));
59 raise(SIGSEGV11);
60 }
61 } else {
62 PreviousHandler.sa_handler__sigaction_handler.sa_handler(sig);
63 }
64}
65
66struct ScopedEndOfReportDecorator {
67 ScopedEndOfReportDecorator(gwp_asan::crash_handler::Printf_t Printf)
68 : Printf(Printf) {}
69 ~ScopedEndOfReportDecorator() { Printf("*** End GWP-ASan report ***\n"); }
70 gwp_asan::crash_handler::Printf_t Printf;
71};
72
73// Prints the provided error and metadata information.
74void printHeader(Error E, uintptr_t AccessPtr,
75 const gwp_asan::AllocationMetadata *Metadata,
76 Printf_t Printf) {
77 // Print using intermediate strings. Platforms like Android don't like when
78 // you print multiple times to the same line, as there may be a newline
79 // appended to a log file automatically per Printf() call.
80 constexpr size_t kDescriptionBufferLen = 128;
81 char DescriptionBuffer[kDescriptionBufferLen] = "";
82 if (E != Error::UNKNOWN && Metadata != nullptr) {
83 uintptr_t Address = __gwp_asan_get_allocation_address(Metadata);
84 size_t Size = __gwp_asan_get_allocation_size(Metadata);
85 if (E == Error::USE_AFTER_FREE) {
86 snprintf(DescriptionBuffer, kDescriptionBufferLen,
87 "(%zu byte%s into a %zu-byte allocation at 0x%zx) ",
88 AccessPtr - Address, (AccessPtr - Address == 1) ? "" : "s", Size,
89 Address);
90 } else if (AccessPtr < Address) {
91 snprintf(DescriptionBuffer, kDescriptionBufferLen,
92 "(%zu byte%s to the left of a %zu-byte allocation at 0x%zx) ",
93 Address - AccessPtr, (Address - AccessPtr == 1) ? "" : "s", Size,
94 Address);
95 } else if (AccessPtr > Address) {
96 snprintf(DescriptionBuffer, kDescriptionBufferLen,
97 "(%zu byte%s to the right of a %zu-byte allocation at 0x%zx) ",
98 AccessPtr - Address, (AccessPtr - Address == 1) ? "" : "s", Size,
99 Address);
100 } else {
101 snprintf(DescriptionBuffer, kDescriptionBufferLen,
102 "(a %zu-byte allocation) ", Size);
103 }
104 }
105
106 // Possible number of digits of a 64-bit number: ceil(log10(2^64)) == 20. Add
107 // a null terminator, and round to the nearest 8-byte boundary.
108 uint64_t ThreadID = gwp_asan::getThreadID();
109 constexpr size_t kThreadBufferLen = 24;
110 char ThreadBuffer[kThreadBufferLen];
111 if (ThreadID == gwp_asan::kInvalidThreadID)
112 snprintf(ThreadBuffer, kThreadBufferLen, "<unknown>");
113 else
114 snprintf(ThreadBuffer, kThreadBufferLen, "%" PRIu64"l" "u", ThreadID);
115
116 Printf("%s at 0x%zx %sby thread %s here:\n", gwp_asan::ErrorToString(E),
117 AccessPtr, DescriptionBuffer, ThreadBuffer);
118}
119
120void defaultPrintStackTrace(uintptr_t *Trace, size_t TraceLength,
121 gwp_asan::crash_handler::Printf_t Printf) {
122 if (TraceLength == 0)
123 Printf(" <unknown (does your allocator support backtracing?)>\n");
124
125 for (size_t i = 0; i < TraceLength; ++i) {
126 Printf(" #%zu 0x%zx in <unknown>\n", i, Trace[i]);
127 }
128 Printf("\n");
129}
130
131} // anonymous namespace
132
133namespace gwp_asan {
134namespace crash_handler {
135PrintBacktrace_t getBasicPrintBacktraceFunction() {
136 return defaultPrintStackTrace;
137}
138
139void installSignalHandlers(gwp_asan::GuardedPoolAllocator *GPA, Printf_t Printf,
140 PrintBacktrace_t PrintBacktrace,
141 SegvBacktrace_t SegvBacktrace) {
142 GPAForSignalHandler = GPA;
143 PrintfForSignalHandler = Printf;
144 PrintBacktraceForSignalHandler = PrintBacktrace;
145 BacktraceForSignalHandler = SegvBacktrace;
146
147 struct sigaction Action = {};
148 Action.sa_sigaction__sigaction_handler.sa_sigaction = sigSegvHandler;
149 Action.sa_flags = SA_SIGINFO4;
150 sigaction(SIGSEGV11, &Action, &PreviousHandler);
151 SignalHandlerInstalled = true;
152}
153
154void uninstallSignalHandlers() {
155 if (SignalHandlerInstalled) {
156 sigaction(SIGSEGV11, &PreviousHandler, nullptr);
157 SignalHandlerInstalled = false;
158 }
159}
160
161void dumpReport(uintptr_t ErrorPtr, const gwp_asan::AllocatorState *State,
162 const gwp_asan::AllocationMetadata *Metadata,
163 SegvBacktrace_t SegvBacktrace, Printf_t Printf,
164 PrintBacktrace_t PrintBacktrace, void *Context) {
165 assert(State && "dumpReport missing Allocator State.")((State && "dumpReport missing Allocator State.") ? static_cast
<void> (0) : __assert_fail ("State && \"dumpReport missing Allocator State.\""
, "/build/llvm-toolchain-snapshot-12~++20200806111125+5446ec85070/compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp"
, 165, __PRETTY_FUNCTION__))
;
166 assert(Metadata && "dumpReport missing Metadata.")((Metadata && "dumpReport missing Metadata.") ? static_cast
<void> (0) : __assert_fail ("Metadata && \"dumpReport missing Metadata.\""
, "/build/llvm-toolchain-snapshot-12~++20200806111125+5446ec85070/compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp"
, 166, __PRETTY_FUNCTION__))
;
167 assert(Printf && "dumpReport missing Printf.")((Printf && "dumpReport missing Printf.") ? static_cast
<void> (0) : __assert_fail ("Printf && \"dumpReport missing Printf.\""
, "/build/llvm-toolchain-snapshot-12~++20200806111125+5446ec85070/compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp"
, 167, __PRETTY_FUNCTION__))
;
168
169 if (!__gwp_asan_error_is_mine(State, ErrorPtr))
170 return;
171
172 Printf("*** GWP-ASan detected a memory error ***\n");
173 ScopedEndOfReportDecorator Decorator(Printf);
174
175 uintptr_t InternalErrorPtr = __gwp_asan_get_internal_crash_address(State);
176 if (InternalErrorPtr != 0u)
177 ErrorPtr = InternalErrorPtr;
178
179 Error E = __gwp_asan_diagnose_error(State, Metadata, ErrorPtr);
180
181 if (E == Error::UNKNOWN) {
182 Printf("GWP-ASan cannot provide any more information about this error. "
183 "This may occur due to a wild memory access into the GWP-ASan pool, "
184 "or an overflow/underflow that is > 512B in length.\n");
185 return;
186 }
187
188 const gwp_asan::AllocationMetadata *AllocMeta =
189 __gwp_asan_get_metadata(State, Metadata, ErrorPtr);
190
191 // Print the error header.
192 printHeader(E, ErrorPtr, AllocMeta, Printf);
193
194 // Print the fault backtrace.
195 static constexpr unsigned kMaximumStackFramesForCrashTrace = 512;
196 uintptr_t Trace[kMaximumStackFramesForCrashTrace];
197 size_t TraceLength =
198 SegvBacktrace(Trace, kMaximumStackFramesForCrashTrace, Context);
199
200 PrintBacktrace(Trace, TraceLength, Printf);
201
202 if (AllocMeta == nullptr)
203 return;
204
205 // Maybe print the deallocation trace.
206 if (__gwp_asan_is_deallocated(AllocMeta)) {
207 uint64_t ThreadID = __gwp_asan_get_deallocation_thread_id(AllocMeta);
208 if (ThreadID == kInvalidThreadID)
209 Printf("0x%zx was deallocated by thread <unknown> here:\n", ErrorPtr);
210 else
211 Printf("0x%zx was deallocated by thread %zu here:\n", ErrorPtr, ThreadID);
212 TraceLength = __gwp_asan_get_deallocation_trace(
213 AllocMeta, Trace, kMaximumStackFramesForCrashTrace);
214 PrintBacktrace(Trace, TraceLength, Printf);
215 }
216
217 // Print the allocation trace.
218 uint64_t ThreadID = __gwp_asan_get_allocation_thread_id(AllocMeta);
219 if (ThreadID == kInvalidThreadID)
220 Printf("0x%zx was allocated by thread <unknown> here:\n", ErrorPtr);
221 else
222 Printf("0x%zx was allocated by thread %zu here:\n", ErrorPtr, ThreadID);
223 TraceLength = __gwp_asan_get_allocation_trace(
224 AllocMeta, Trace, kMaximumStackFramesForCrashTrace);
225 PrintBacktrace(Trace, TraceLength, Printf);
226}
227} // namespace crash_handler
228} // namespace gwp_asan