gvanem · July 26, 2020 09:15
diff --git a/Asan-test.c b/Asan-test.c
 /*
 * Test the new ASAN feature of MSVC (ripped from clang presumably).
 *
 * Ref:
 *  https://devblogs.microsoft.com/cppblog/addresssanitizer-asan-for-windows-with-msvc/
 */
 #include <stdlib.h>

 /*
 * Ref 'https://github.com/google/sanitizers/wiki/AddressSanitizerFlags'
 * for the build + runtime ASAN options. The '$ASAN_OPTION' env-var can be embedded as below.
 *
 * A 'set ASAN_OPTION=help=1 & asan-test.exe' shows them all. Lots!
 */
 const char *__asan_default_options (void)
 {
  const char *env = getenv("ASAN_OPTIONS");

  if (!env)
     env = "debug=1:check_initialization_order=1:debug=1:windows_hook_rtl_allocators=1";
  return (env);
 }

 int main (void)
 {
  int *x = (int*) malloc (10);

  x[10] = 1;
  return 0;
 }

 #if 0
 Use it like:
  c:\> cl -nologo -MD -Zi -Ot -fsanitize=address clang_rt.asan_dynamic-i386.lib -Fe./asan-test.exe asan-test.c -link -debug
  c:\> set ASAN_OPTIONS=debug=1:check_initialization_order=1:debug=1:windows_hook_rtl_allocators=1
  c:\> asan-test.exe

  Generates this mumbo jumbo (edited):

 =================================================================
 ==5764==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x02701478 at pc
               0x00dc13e2 bp 0x005efe5c sp 0x005efe50

 WRITE of size 4 at 0x02701478 thread T0
    #0 0xdc13e1 in main c:\asan-test.c:9
    #1 0xdc1612 in _scrt_common_main_seh D:\agent\_work\4\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #2 0x75e26358  (C:\WINDOWS\System32\KERNEL32.DLL+0x6b816358)
    #3 0x774d7c23  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7c23)
    #4 0x774d7bf3  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7bf3)

 0x02701478 is located 1 bytes to the right of 7-byte region [0x02701470,0x02701477) allocated by thread T0 here:
    #0 0x607f0d21  (f:\gv\VC_2019\VC\Tools\MSVC\14.26.28801\bin\HostX86\x86\clang_rt.asan_dynamic-i386.dll+0x10040d21)
    #1 0x75a9c1bd  (C:\WINDOWS\System32\ucrtbase.dll+0x1002c1bd)
    #2 0x75a96718  (C:\WINDOWS\System32\ucrtbase.dll+0x10026718)
    #3 0x75a97685  (C:\WINDOWS\System32\ucrtbase.dll+0x10027685)
    #4 0x774e1de5  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2f1de5)
    #5 0x774a5607  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2b5607)
    #6 0x774b3f8e  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2c3f8e)
    #7 0x774b4835  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2c4835)
    #8 0x774b484c  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2c484c)
    #9 0x774b484c  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2c484c)
    #10 0x77519541  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b329541)
    #11 0x77519381  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b329381)
    #12 0x774c1dd0  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2d1dd0)
    #13 0x774c1cc0  (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2d1cc0)

 SUMMARY: AddressSanitizer: heap-buffer-overflow c:\asan-test.c:9 in main
 Shadow bytes around the buggy address:
  0x304e0230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x304e0240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x304e0250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x304e0260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x304e0270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 =>0x304e0280: fa fa fa fa fa fa 00 fa fa fa 00 02 fa fa 07[fa]
  0x304e0290: fa fa 00 05 fa fa 00 04 fa fa 00 05 fa fa 00 06
  0x304e02a0: fa fa 00 00 fa fa 00 07 fa fa 00 03 fa fa 00 06
  0x304e02b0: fa fa 00 04 fa fa 00 03 fa fa 00 03 fa fa 00 07
  0x304e02c0: fa fa 00 fa fa fa 07 fa fa fa 00 06 fa fa 00 07
  0x304e02d0: fa fa 00 04 fa fa 00 03 fa fa 00 05 fa fa 00 07

 Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
 ==5764==ABORTING

 #endif
	/*
	* Test the new ASAN feature of MSVC (ripped from clang presumably).
	*
	* Ref:
	* https://devblogs.microsoft.com/cppblog/addresssanitizer-asan-for-windows-with-msvc/
	*/
	#include <stdlib.h>

	/*
	* Ref 'https://github.com/google/sanitizers/wiki/AddressSanitizerFlags'
	* for the build + runtime ASAN options. The '$ASAN_OPTION' env-var can be embedded as below.
	*
	* A 'set ASAN_OPTION=help=1 & asan-test.exe' shows them all. Lots!
	*/
	const char *__asan_default_options (void)
	{
	const char *env = getenv("ASAN_OPTIONS");

	if (!env)
	env = "debug=1:check_initialization_order=1:debug=1:windows_hook_rtl_allocators=1";
	return (env);
	}

	int main (void)
	{
	int x = (int) malloc (10);

	x[10] = 1;
	return 0;
	}

	#if 0
	Use it like:
	c:\> cl -nologo -MD -Zi -Ot -fsanitize=address clang_rt.asan_dynamic-i386.lib -Fe./asan-test.exe asan-test.c -link -debug
	c:\> set ASAN_OPTIONS=debug=1:check_initialization_order=1:debug=1:windows_hook_rtl_allocators=1
	c:\> asan-test.exe

	Generates this mumbo jumbo (edited):

	=================================================================
	==5764==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x02701478 at pc
	0x00dc13e2 bp 0x005efe5c sp 0x005efe50

	WRITE of size 4 at 0x02701478 thread T0
	#0 0xdc13e1 in main c:\asan-test.c:9
	#1 0xdc1612 in _scrt_common_main_seh D:\agent\_work\4\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
	#2 0x75e26358 (C:\WINDOWS\System32\KERNEL32.DLL+0x6b816358)
	#3 0x774d7c23 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7c23)
	#4 0x774d7bf3 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2e7bf3)

	0x02701478 is located 1 bytes to the right of 7-byte region [0x02701470,0x02701477) allocated by thread T0 here:
	#0 0x607f0d21 (f:\gv\VC_2019\VC\Tools\MSVC\14.26.28801\bin\HostX86\x86\clang_rt.asan_dynamic-i386.dll+0x10040d21)
	#1 0x75a9c1bd (C:\WINDOWS\System32\ucrtbase.dll+0x1002c1bd)
	#2 0x75a96718 (C:\WINDOWS\System32\ucrtbase.dll+0x10026718)
	#3 0x75a97685 (C:\WINDOWS\System32\ucrtbase.dll+0x10027685)
	#4 0x774e1de5 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2f1de5)
	#5 0x774a5607 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2b5607)
	#6 0x774b3f8e (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2c3f8e)
	#7 0x774b4835 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2c4835)
	#8 0x774b484c (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2c484c)
	#9 0x774b484c (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2c484c)
	#10 0x77519541 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b329541)
	#11 0x77519381 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b329381)
	#12 0x774c1dd0 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2d1dd0)
	#13 0x774c1cc0 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2d1cc0)

	SUMMARY: AddressSanitizer: heap-buffer-overflow c:\asan-test.c:9 in main
	Shadow bytes around the buggy address:
	0x304e0230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x304e0240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x304e0250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x304e0260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x304e0270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	=>0x304e0280: fa fa fa fa fa fa 00 fa fa fa 00 02 fa fa 07[fa]
	0x304e0290: fa fa 00 05 fa fa 00 04 fa fa 00 05 fa fa 00 06
	0x304e02a0: fa fa 00 00 fa fa 00 07 fa fa 00 03 fa fa 00 06
	0x304e02b0: fa fa 00 04 fa fa 00 03 fa fa 00 03 fa fa 00 07
	0x304e02c0: fa fa 00 fa fa fa 07 fa fa fa 00 06 fa fa 00 07
	0x304e02d0: fa fa 00 04 fa fa 00 03 fa fa 00 05 fa fa 00 07

	Shadow byte legend (one shadow byte represents 8 application bytes):
	Addressable: 00
	Partially addressable: 01 02 03 04 05 06 07
	Heap left redzone: fa
	Freed heap region: fd
	Stack left redzone: f1
	Stack mid redzone: f2
	Stack right redzone: f3
	Stack after return: f5
	Stack use after scope: f8
	Global redzone: f9
	Global init order: f6
	Poisoned by user: f7
	Container overflow: fc
	Array cookie: ac
	Intra object redzone: bb
	ASan internal: fe
	Left alloca redzone: ca
	Right alloca redzone: cb
	Shadow gap: cc
	==5764==ABORTING

	#endif