Joey.Z
Reputation: 4770
Why AddressSanitizer report wild pointer as a heap-buffer-overflow instead of use-after-free
class ISettingChangedListener
{
public:
virtual void NotifySettingsChanged() = 0;
};
class View : public ISettingChangedListener {
// ...
}
// Set the listener as a pointer to a view
void System::SetListener(ISettingChangedListener *listener) {
m_settings_changed_listener = listener;
}
// view is destroyed somewhere by delete
// after a while when the settings is about to change
void System::ChangeSettings() {
// do some modify
m_settings_changed_listener->NotifySettingsChanged(); // report a heap-over-flow instead of use-after-free
}
The code flow is comment above. Is it because that the freed memory get reallocated by other code or something else ?
Another test code result in use-after-free when NotifySettingsChanged get called immediately after the View object is deleted.
Upvotes: 0
Views: 2269
Answers (1)
yugr
Reputation: 21916
Yes use-after-free can only be detected for relatively recent deallocations (as long as they fit in quarantined memory). You can increase detectability by setting higher value in ASAN_OPTIONS=quarantine_size_mb=512 (default is 256 on x86 and 16 on Android/iOS) but this can not fix the root cause.
In your particular case the memory was probly reallocated with smaller size so Asan thought you have heap overflow.
Upvotes: 3
Related Questions
- clang AddressSanitizer instructs code improperly, false-positive result
- AddressSanitizer Suppression
- freebsd12 can not use clang tool AddressSanitizer to check memory leak?
- free invalid pointer disappeared after applying address sanitizer
- How should the heap-buffer-overflow error message be read?
- address sanitizer sometimes misses heap-use-after-free
- clang vs gcc behavioral difference with AddressSanitizer
- different output for -fsanitize=address with clang++ vs g++
- AddressSanitizer only finds overflow on OS X
- clang address sanitizer fails to find a use after free