1//===-- asan_errors.cc ------------------------------------------*- C++ -*-===// 2// 3// This file is distributed under the University of Illinois Open Source 4// License. See LICENSE.TXT for details. 5// 6//===----------------------------------------------------------------------===// 7// 8// This file is a part of AddressSanitizer, an address sanity checker. 9// 10// ASan implementation for error structures. 11//===----------------------------------------------------------------------===// 12 13#include "asan_errors.h" 14#include "asan_descriptions.h" 15#include "asan_mapping.h" 16#include "asan_report.h" 17#include "asan_stack.h" 18#include "sanitizer_common/sanitizer_stackdepot.h" 19 20namespace __asan { 21 22static void OnStackUnwind(const SignalContext &sig, 23 const void *callback_context, 24 BufferedStackTrace *stack) { 25 bool fast = common_flags()->fast_unwind_on_fatal; 26#if SANITIZER_FREEBSD || SANITIZER_NETBSD 27 // On FreeBSD the slow unwinding that leverages _Unwind_Backtrace() 28 // yields the call stack of the signal's handler and not of the code 29 // that raised the signal (as it does on Linux). 30 fast = true; 31#endif 32 // Tests and maybe some users expect that scariness is going to be printed 33 // just before the stack. As only asan has scariness score we have no 34 // corresponding code in the sanitizer_common and we use this callback to 35 // print it. 36 static_cast<const ScarinessScoreBase *>(callback_context)->Print(); 37 GetStackTrace(stack, kStackTraceMax, sig.pc, sig.bp, sig.context, fast); 38} 39 40void ErrorDeadlySignal::Print() { 41 ReportDeadlySignal(signal, tid, &OnStackUnwind, &scariness); 42} 43 44void ErrorDoubleFree::Print() { 45 Decorator d; 46 Printf("%s", d.Error()); 47 Report( 48 "ERROR: AddressSanitizer: attempting %s on %p in thread %s:\n", 49 scariness.GetDescription(), addr_description.addr, 50 AsanThreadIdAndName(tid).c_str()); 51 Printf("%s", d.Default()); 52 scariness.Print(); 53 GET_STACK_TRACE_FATAL(second_free_stack->trace[0], 54 second_free_stack->top_frame_bp); 55 stack.Print(); 56 addr_description.Print(); 57 ReportErrorSummary(scariness.GetDescription(), &stack); 58} 59 60void ErrorNewDeleteTypeMismatch::Print() { 61 Decorator d; 62 Printf("%s", d.Error()); 63 Report( 64 "ERROR: AddressSanitizer: %s on %p in thread %s:\n", 65 scariness.GetDescription(), addr_description.addr, 66 AsanThreadIdAndName(tid).c_str()); 67 Printf("%s object passed to delete has wrong type:\n", d.Default()); 68 if (delete_size != 0) { 69 Printf( 70 " size of the allocated type: %zd bytes;\n" 71 " size of the deallocated type: %zd bytes.\n", 72 addr_description.chunk_access.chunk_size, delete_size); 73 } 74 const uptr user_alignment = 75 addr_description.chunk_access.user_requested_alignment; 76 if (delete_alignment != user_alignment) { 77 char user_alignment_str[32]; 78 char delete_alignment_str[32]; 79 internal_snprintf(user_alignment_str, sizeof(user_alignment_str), 80 "%zd bytes", user_alignment); 81 internal_snprintf(delete_alignment_str, sizeof(delete_alignment_str), 82 "%zd bytes", delete_alignment); 83 static const char *kDefaultAlignment = "default-aligned"; 84 Printf( 85 " alignment of the allocated type: %s;\n" 86 " alignment of the deallocated type: %s.\n", 87 user_alignment > 0 ? user_alignment_str : kDefaultAlignment, 88 delete_alignment > 0 ? delete_alignment_str : kDefaultAlignment); 89 } 90 CHECK_GT(free_stack->size, 0); 91 scariness.Print(); 92 GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); 93 stack.Print(); 94 addr_description.Print(); 95 ReportErrorSummary(scariness.GetDescription(), &stack); 96 Report( 97 "HINT: if you don't care about these errors you may set " 98 "ASAN_OPTIONS=new_delete_type_mismatch=0\n"); 99} 100 101void ErrorFreeNotMalloced::Print() { 102 Decorator d; 103 Printf("%s", d.Error()); 104 Report( 105 "ERROR: AddressSanitizer: attempting free on address " 106 "which was not malloc()-ed: %p in thread %s\n", 107 addr_description.Address(), AsanThreadIdAndName(tid).c_str()); 108 Printf("%s", d.Default()); 109 CHECK_GT(free_stack->size, 0); 110 scariness.Print(); 111 GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); 112 stack.Print(); 113 addr_description.Print(); 114 ReportErrorSummary(scariness.GetDescription(), &stack); 115} 116 117void ErrorAllocTypeMismatch::Print() { 118 static const char *alloc_names[] = {"INVALID", "malloc", "operator new", 119 "operator new []"}; 120 static const char *dealloc_names[] = {"INVALID", "free", "operator delete", 121 "operator delete []"}; 122 CHECK_NE(alloc_type, dealloc_type); 123 Decorator d; 124 Printf("%s", d.Error()); 125 Report("ERROR: AddressSanitizer: %s (%s vs %s) on %p\n", 126 scariness.GetDescription(), alloc_names[alloc_type], 127 dealloc_names[dealloc_type], addr_description.Address()); 128 Printf("%s", d.Default()); 129 CHECK_GT(dealloc_stack->size, 0); 130 scariness.Print(); 131 GET_STACK_TRACE_FATAL(dealloc_stack->trace[0], dealloc_stack->top_frame_bp); 132 stack.Print(); 133 addr_description.Print(); 134 ReportErrorSummary(scariness.GetDescription(), &stack); 135 Report( 136 "HINT: if you don't care about these errors you may set " 137 "ASAN_OPTIONS=alloc_dealloc_mismatch=0\n"); 138} 139 140void ErrorMallocUsableSizeNotOwned::Print() { 141 Decorator d; 142 Printf("%s", d.Error()); 143 Report( 144 "ERROR: AddressSanitizer: attempting to call malloc_usable_size() for " 145 "pointer which is not owned: %p\n", 146 addr_description.Address()); 147 Printf("%s", d.Default()); 148 stack->Print(); 149 addr_description.Print(); 150 ReportErrorSummary(scariness.GetDescription(), stack); 151} 152 153void ErrorSanitizerGetAllocatedSizeNotOwned::Print() { 154 Decorator d; 155 Printf("%s", d.Error()); 156 Report( 157 "ERROR: AddressSanitizer: attempting to call " 158 "__sanitizer_get_allocated_size() for pointer which is not owned: %p\n", 159 addr_description.Address()); 160 Printf("%s", d.Default()); 161 stack->Print(); 162 addr_description.Print(); 163 ReportErrorSummary(scariness.GetDescription(), stack); 164} 165 166void ErrorCallocOverflow::Print() { 167 Decorator d; 168 Printf("%s", d.Error()); 169 Report( 170 "ERROR: AddressSanitizer: calloc parameters overflow: count * size " 171 "(%zd * %zd) cannot be represented in type size_t (thread %s)\n", 172 count, size, AsanThreadIdAndName(tid).c_str()); 173 Printf("%s", d.Default()); 174 stack->Print(); 175 PrintHintAllocatorCannotReturnNull(); 176 ReportErrorSummary(scariness.GetDescription(), stack); 177} 178 179void ErrorPvallocOverflow::Print() { 180 Decorator d; 181 Printf("%s", d.Error()); 182 Report( 183 "ERROR: AddressSanitizer: pvalloc parameters overflow: size 0x%zx " 184 "rounded up to system page size 0x%zx cannot be represented in type " 185 "size_t (thread %s)\n", 186 size, GetPageSizeCached(), AsanThreadIdAndName(tid).c_str()); 187 Printf("%s", d.Default()); 188 stack->Print(); 189 PrintHintAllocatorCannotReturnNull(); 190 ReportErrorSummary(scariness.GetDescription(), stack); 191} 192 193void ErrorInvalidAllocationAlignment::Print() { 194 Decorator d; 195 Printf("%s", d.Error()); 196 Report( 197 "ERROR: AddressSanitizer: invalid allocation alignment: %zd, " 198 "alignment must be a power of two (thread %s)\n", 199 alignment, AsanThreadIdAndName(tid).c_str()); 200 Printf("%s", d.Default()); 201 stack->Print(); 202 PrintHintAllocatorCannotReturnNull(); 203 ReportErrorSummary(scariness.GetDescription(), stack); 204} 205 206void ErrorInvalidAlignedAllocAlignment::Print() { 207 Decorator d; 208 Printf("%s", d.Error()); 209#if SANITIZER_POSIX 210 Report("ERROR: AddressSanitizer: invalid alignment requested in " 211 "aligned_alloc: %zd, alignment must be a power of two and the " 212 "requested size 0x%zx must be a multiple of alignment " 213 "(thread %s)\n", alignment, size, AsanThreadIdAndName(tid).c_str()); 214#else 215 Report("ERROR: AddressSanitizer: invalid alignment requested in " 216 "aligned_alloc: %zd, the requested size 0x%zx must be a multiple of " 217 "alignment (thread %s)\n", alignment, size, 218 AsanThreadIdAndName(tid).c_str()); 219#endif 220 Printf("%s", d.Default()); 221 stack->Print(); 222 PrintHintAllocatorCannotReturnNull(); 223 ReportErrorSummary(scariness.GetDescription(), stack); 224} 225 226void ErrorInvalidPosixMemalignAlignment::Print() { 227 Decorator d; 228 Printf("%s", d.Error()); 229 Report( 230 "ERROR: AddressSanitizer: invalid alignment requested in posix_memalign: " 231 "%zd, alignment must be a power of two and a multiple of sizeof(void*) " 232 "== %zd (thread %s)\n", 233 alignment, sizeof(void*), AsanThreadIdAndName(tid).c_str()); // NOLINT 234 Printf("%s", d.Default()); 235 stack->Print(); 236 PrintHintAllocatorCannotReturnNull(); 237 ReportErrorSummary(scariness.GetDescription(), stack); 238} 239 240void ErrorAllocationSizeTooBig::Print() { 241 Decorator d; 242 Printf("%s", d.Error()); 243 Report( 244 "ERROR: AddressSanitizer: requested allocation size 0x%zx (0x%zx after " 245 "adjustments for alignment, red zones etc.) exceeds maximum supported " 246 "size of 0x%zx (thread %s)\n", 247 user_size, total_size, max_size, AsanThreadIdAndName(tid).c_str()); 248 Printf("%s", d.Default()); 249 stack->Print(); 250 PrintHintAllocatorCannotReturnNull(); 251 ReportErrorSummary(scariness.GetDescription(), stack); 252} 253 254void ErrorRssLimitExceeded::Print() { 255 Decorator d; 256 Printf("%s", d.Error()); 257 Report( 258 "ERROR: AddressSanitizer: specified RSS limit exceeded, currently set to " 259 "soft_rss_limit_mb=%zd\n", common_flags()->soft_rss_limit_mb); 260 Printf("%s", d.Default()); 261 stack->Print(); 262 PrintHintAllocatorCannotReturnNull(); 263 ReportErrorSummary(scariness.GetDescription(), stack); 264} 265 266void ErrorOutOfMemory::Print() { 267 Decorator d; 268 Printf("%s", d.Error()); 269 Report( 270 "ERROR: AddressSanitizer: allocator is out of memory trying to allocate " 271 "0x%zx bytes\n", requested_size); 272 Printf("%s", d.Default()); 273 stack->Print(); 274 PrintHintAllocatorCannotReturnNull(); 275 ReportErrorSummary(scariness.GetDescription(), stack); 276} 277 278void ErrorStringFunctionMemoryRangesOverlap::Print() { 279 Decorator d; 280 char bug_type[100]; 281 internal_snprintf(bug_type, sizeof(bug_type), "%s-param-overlap", function); 282 Printf("%s", d.Error()); 283 Report( 284 "ERROR: AddressSanitizer: %s: memory ranges [%p,%p) and [%p, %p) " 285 "overlap\n", 286 bug_type, addr1_description.Address(), 287 addr1_description.Address() + length1, addr2_description.Address(), 288 addr2_description.Address() + length2); 289 Printf("%s", d.Default()); 290 scariness.Print(); 291 stack->Print(); 292 addr1_description.Print(); 293 addr2_description.Print(); 294 ReportErrorSummary(bug_type, stack); 295} 296 297void ErrorStringFunctionSizeOverflow::Print() { 298 Decorator d; 299 Printf("%s", d.Error()); 300 Report("ERROR: AddressSanitizer: %s: (size=%zd)\n", 301 scariness.GetDescription(), size); 302 Printf("%s", d.Default()); 303 scariness.Print(); 304 stack->Print(); 305 addr_description.Print(); 306 ReportErrorSummary(scariness.GetDescription(), stack); 307} 308 309void ErrorBadParamsToAnnotateContiguousContainer::Print() { 310 Report( 311 "ERROR: AddressSanitizer: bad parameters to " 312 "__sanitizer_annotate_contiguous_container:\n" 313 " beg : %p\n" 314 " end : %p\n" 315 " old_mid : %p\n" 316 " new_mid : %p\n", 317 beg, end, old_mid, new_mid); 318 uptr granularity = SHADOW_GRANULARITY; 319 if (!IsAligned(beg, granularity)) 320 Report("ERROR: beg is not aligned by %d\n", granularity); 321 stack->Print(); 322 ReportErrorSummary(scariness.GetDescription(), stack); 323} 324 325void ErrorODRViolation::Print() { 326 Decorator d; 327 Printf("%s", d.Error()); 328 Report("ERROR: AddressSanitizer: %s (%p):\n", scariness.GetDescription(), 329 global1.beg); 330 Printf("%s", d.Default()); 331 InternalScopedString g1_loc(256), g2_loc(256); 332 PrintGlobalLocation(&g1_loc, global1); 333 PrintGlobalLocation(&g2_loc, global2); 334 Printf(" [1] size=%zd '%s' %s\n", global1.size, 335 MaybeDemangleGlobalName(global1.name), g1_loc.data()); 336 Printf(" [2] size=%zd '%s' %s\n", global2.size, 337 MaybeDemangleGlobalName(global2.name), g2_loc.data()); 338 if (stack_id1 && stack_id2) { 339 Printf("These globals were registered at these points:\n"); 340 Printf(" [1]:\n"); 341 StackDepotGet(stack_id1).Print(); 342 Printf(" [2]:\n"); 343 StackDepotGet(stack_id2).Print(); 344 } 345 Report( 346 "HINT: if you don't care about these errors you may set " 347 "ASAN_OPTIONS=detect_odr_violation=0\n"); 348 InternalScopedString error_msg(256); 349 error_msg.append("%s: global '%s' at %s", scariness.GetDescription(), 350 MaybeDemangleGlobalName(global1.name), g1_loc.data()); 351 ReportErrorSummary(error_msg.data()); 352} 353 354void ErrorInvalidPointerPair::Print() { 355 Decorator d; 356 Printf("%s", d.Error()); 357 Report("ERROR: AddressSanitizer: %s: %p %p\n", scariness.GetDescription(), 358 addr1_description.Address(), addr2_description.Address()); 359 Printf("%s", d.Default()); 360 GET_STACK_TRACE_FATAL(pc, bp); 361 stack.Print(); 362 addr1_description.Print(); 363 addr2_description.Print(); 364 ReportErrorSummary(scariness.GetDescription(), &stack); 365} 366 367static bool AdjacentShadowValuesAreFullyPoisoned(u8 *s) { 368 return s[-1] > 127 && s[1] > 127; 369} 370 371ErrorGeneric::ErrorGeneric(u32 tid, uptr pc_, uptr bp_, uptr sp_, uptr addr, 372 bool is_write_, uptr access_size_) 373 : ErrorBase(tid), 374 addr_description(addr, access_size_, /*shouldLockThreadRegistry=*/false), 375 pc(pc_), 376 bp(bp_), 377 sp(sp_), 378 access_size(access_size_), 379 is_write(is_write_), 380 shadow_val(0) { 381 scariness.Clear(); 382 if (access_size) { 383 if (access_size <= 9) { 384 char desr[] = "?-byte"; 385 desr[0] = '0' + access_size; 386 scariness.Scare(access_size + access_size / 2, desr); 387 } else if (access_size >= 10) { 388 scariness.Scare(15, "multi-byte"); 389 } 390 is_write ? scariness.Scare(20, "write") : scariness.Scare(1, "read"); 391 392 // Determine the error type. 393 bug_descr = "unknown-crash"; 394 if (AddrIsInMem(addr)) { 395 u8 *shadow_addr = (u8 *)MemToShadow(addr); 396 // If we are accessing 16 bytes, look at the second shadow byte. 397 if (*shadow_addr == 0 && access_size > SHADOW_GRANULARITY) shadow_addr++; 398 // If we are in the partial right redzone, look at the next shadow byte. 399 if (*shadow_addr > 0 && *shadow_addr < 128) shadow_addr++; 400 bool far_from_bounds = false; 401 shadow_val = *shadow_addr; 402 int bug_type_score = 0; 403 // For use-after-frees reads are almost as bad as writes. 404 int read_after_free_bonus = 0; 405 switch (shadow_val) { 406 case kAsanHeapLeftRedzoneMagic: 407 case kAsanArrayCookieMagic: 408 bug_descr = "heap-buffer-overflow"; 409 bug_type_score = 10; 410 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 411 break; 412 case kAsanHeapFreeMagic: 413 bug_descr = "heap-use-after-free"; 414 bug_type_score = 20; 415 if (!is_write) read_after_free_bonus = 18; 416 break; 417 case kAsanStackLeftRedzoneMagic: 418 bug_descr = "stack-buffer-underflow"; 419 bug_type_score = 25; 420 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 421 break; 422 case kAsanInitializationOrderMagic: 423 bug_descr = "initialization-order-fiasco"; 424 bug_type_score = 1; 425 break; 426 case kAsanStackMidRedzoneMagic: 427 case kAsanStackRightRedzoneMagic: 428 bug_descr = "stack-buffer-overflow"; 429 bug_type_score = 25; 430 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 431 break; 432 case kAsanStackAfterReturnMagic: 433 bug_descr = "stack-use-after-return"; 434 bug_type_score = 30; 435 if (!is_write) read_after_free_bonus = 18; 436 break; 437 case kAsanUserPoisonedMemoryMagic: 438 bug_descr = "use-after-poison"; 439 bug_type_score = 20; 440 break; 441 case kAsanContiguousContainerOOBMagic: 442 bug_descr = "container-overflow"; 443 bug_type_score = 10; 444 break; 445 case kAsanStackUseAfterScopeMagic: 446 bug_descr = "stack-use-after-scope"; 447 bug_type_score = 10; 448 break; 449 case kAsanGlobalRedzoneMagic: 450 bug_descr = "global-buffer-overflow"; 451 bug_type_score = 10; 452 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 453 break; 454 case kAsanIntraObjectRedzone: 455 bug_descr = "intra-object-overflow"; 456 bug_type_score = 10; 457 break; 458 case kAsanAllocaLeftMagic: 459 case kAsanAllocaRightMagic: 460 bug_descr = "dynamic-stack-buffer-overflow"; 461 bug_type_score = 25; 462 far_from_bounds = AdjacentShadowValuesAreFullyPoisoned(shadow_addr); 463 break; 464 } 465 scariness.Scare(bug_type_score + read_after_free_bonus, bug_descr); 466 if (far_from_bounds) scariness.Scare(10, "far-from-bounds"); 467 } 468 } 469} 470 471static void PrintContainerOverflowHint() { 472 Printf("HINT: if you don't care about these errors you may set " 473 "ASAN_OPTIONS=detect_container_overflow=0.\n" 474 "If you suspect a false positive see also: " 475 "https://github.com/google/sanitizers/wiki/" 476 "AddressSanitizerContainerOverflow.\n"); 477} 478 479static void PrintShadowByte(InternalScopedString *str, const char *before, 480 u8 byte, const char *after = "\n") { 481 PrintMemoryByte(str, before, byte, /*in_shadow*/true, after); 482} 483 484static void PrintLegend(InternalScopedString *str) { 485 str->append( 486 "Shadow byte legend (one shadow byte represents %d " 487 "application bytes):\n", 488 (int)SHADOW_GRANULARITY); 489 PrintShadowByte(str, " Addressable: ", 0); 490 str->append(" Partially addressable: "); 491 for (u8 i = 1; i < SHADOW_GRANULARITY; i++) PrintShadowByte(str, "", i, " "); 492 str->append("\n"); 493 PrintShadowByte(str, " Heap left redzone: ", 494 kAsanHeapLeftRedzoneMagic); 495 PrintShadowByte(str, " Freed heap region: ", kAsanHeapFreeMagic); 496 PrintShadowByte(str, " Stack left redzone: ", 497 kAsanStackLeftRedzoneMagic); 498 PrintShadowByte(str, " Stack mid redzone: ", 499 kAsanStackMidRedzoneMagic); 500 PrintShadowByte(str, " Stack right redzone: ", 501 kAsanStackRightRedzoneMagic); 502 PrintShadowByte(str, " Stack after return: ", 503 kAsanStackAfterReturnMagic); 504 PrintShadowByte(str, " Stack use after scope: ", 505 kAsanStackUseAfterScopeMagic); 506 PrintShadowByte(str, " Global redzone: ", kAsanGlobalRedzoneMagic); 507 PrintShadowByte(str, " Global init order: ", 508 kAsanInitializationOrderMagic); 509 PrintShadowByte(str, " Poisoned by user: ", 510 kAsanUserPoisonedMemoryMagic); 511 PrintShadowByte(str, " Container overflow: ", 512 kAsanContiguousContainerOOBMagic); 513 PrintShadowByte(str, " Array cookie: ", 514 kAsanArrayCookieMagic); 515 PrintShadowByte(str, " Intra object redzone: ", 516 kAsanIntraObjectRedzone); 517 PrintShadowByte(str, " ASan internal: ", kAsanInternalHeapMagic); 518 PrintShadowByte(str, " Left alloca redzone: ", kAsanAllocaLeftMagic); 519 PrintShadowByte(str, " Right alloca redzone: ", kAsanAllocaRightMagic); 520 PrintShadowByte(str, " Shadow gap: ", kAsanShadowGap); 521} 522 523static void PrintShadowBytes(InternalScopedString *str, const char *before, 524 u8 *bytes, u8 *guilty, uptr n) { 525 Decorator d; 526 if (before) str->append("%s%p:", before, bytes); 527 for (uptr i = 0; i < n; i++) { 528 u8 *p = bytes + i; 529 const char *before = 530 p == guilty ? "[" : (p - 1 == guilty && i != 0) ? "" : " "; 531 const char *after = p == guilty ? "]" : ""; 532 PrintShadowByte(str, before, *p, after); 533 } 534 str->append("\n"); 535} 536 537static void PrintShadowMemoryForAddress(uptr addr) { 538 if (!AddrIsInMem(addr)) return; 539 uptr shadow_addr = MemToShadow(addr); 540 const uptr n_bytes_per_row = 16; 541 uptr aligned_shadow = shadow_addr & ~(n_bytes_per_row - 1); 542 InternalScopedString str(4096 * 8); 543 str.append("Shadow bytes around the buggy address:\n"); 544 for (int i = -5; i <= 5; i++) { 545 uptr row_shadow_addr = aligned_shadow + i * n_bytes_per_row; 546 // Skip rows that would be outside the shadow range. This can happen when 547 // the user address is near the bottom, top, or shadow gap of the address 548 // space. 549 if (!AddrIsInShadow(row_shadow_addr)) continue; 550 const char *prefix = (i == 0) ? "=>" : " "; 551 PrintShadowBytes(&str, prefix, (u8 *)row_shadow_addr, (u8 *)shadow_addr, 552 n_bytes_per_row); 553 } 554 if (flags()->print_legend) PrintLegend(&str); 555 Printf("%s", str.data()); 556} 557 558void ErrorGeneric::Print() { 559 Decorator d; 560 Printf("%s", d.Error()); 561 uptr addr = addr_description.Address(); 562 Report("ERROR: AddressSanitizer: %s on address %p at pc %p bp %p sp %p\n", 563 bug_descr, (void *)addr, pc, bp, sp); 564 Printf("%s", d.Default()); 565 566 Printf("%s%s of size %zu at %p thread %s%s\n", d.Access(), 567 access_size ? (is_write ? "WRITE" : "READ") : "ACCESS", access_size, 568 (void *)addr, AsanThreadIdAndName(tid).c_str(), d.Default()); 569 570 scariness.Print(); 571 GET_STACK_TRACE_FATAL(pc, bp); 572 stack.Print(); 573 574 // Pass bug_descr because we have a special case for 575 // initialization-order-fiasco 576 addr_description.Print(bug_descr); 577 if (shadow_val == kAsanContiguousContainerOOBMagic) 578 PrintContainerOverflowHint(); 579 ReportErrorSummary(bug_descr, &stack); 580 PrintShadowMemoryForAddress(addr); 581} 582 583} // namespace __asan 584