Tacet d06fb0b29c [ASan][libc++] Turn on ASan annotations for short strings (#75882) ... This commit turns on ASan annotations in `std::basic_string` for short stings (SSO case). Originally suggested here: https://reviews.llvm.org/D147680 String annotations added here: https://github.com/llvm/llvm-project/pull/72677 Requires to pass CI without fails: - https://github.com/llvm/llvm-project/pull/75845 - https://github.com/llvm/llvm-project/pull/75858 Annotating `std::basic_string` with default allocator is implemented in https://github.com/llvm/llvm-project/pull/72677 but annotations for short strings (SSO - Short String Optimization) are turned off there. This commit turns them on. This also removes `_LIBCPP_SHORT_STRING_ANNOTATIONS_ALLOWED`, because we do not plan to support turning on and off short string annotations. Support in ASan API exists since dd1b7b797a. You can turn off annotations for a specific allocator based on changes from 2fa1bec7a2. This PR is a part of a series of patches extending AddressSanitizer C++ container overflow detection capabilities by adding annotations, similar to those existing in `std::vector` and `std::deque` collections. These enhancements empower ASan to effectively detect instances where the instrumented program attempts to access memory within a collection's internal allocation that remains unused. This includes cases where access occurs before or after the stored elements in `std::deque`, or between the `std::basic_string`'s size (including the null terminator) and capacity bounds. The introduction of these annotations was spurred by a real-world software bug discovered by Trail of Bits, involving an out-of-bounds memory access during the comparison of two strings using the `std::equals` function. This function was taking iterators (`iter1_begin`, `iter1_end`, `iter2_begin`) to perform the comparison, using a custom comparison function. When the `iter1` object exceeded the length of `iter2`, an out-of-bounds read could occur on the `iter2` object. Container sanitization, upon enabling these annotations, would effectively identify and flag this potential vulnerability. If you have any questions, please email: advenam.tacet@trailofbits.com disconnect3d@trailofbits.com		2024-01-18 05:55:34 +01:00
..
benchmarks	[libc++] Implement ranges::contains (#65148)	2023-12-19 16:34:19 -08:00
cmake	[libc++][modules] Removes module testing. (#76083)	2024-01-17 08:11:25 +01:00
docs	[libc++][hardening] Rework how the assertion handler can be overridden. (#77883)	2024-01-17 18:56:07 -08:00
include	[ASan][libc++] Turn on ASan annotations for short strings (#75882)	2024-01-18 05:55:34 +01:00
lib	[libc++][Android] Add NDK ABI lists for i686 and x86_64 (#69272)	2024-01-12 13:00:16 -08:00
modules	[libc++][modules] Removes module testing. (#76083)	2024-01-17 08:11:25 +01:00
src	[libc++][print] Enables it on Apple backdeployment. (#76293)	2024-01-16 19:14:33 +01:00
test	[ASan][libc++] Turn on ASan annotations for short strings (#75882)	2024-01-18 05:55:34 +01:00
utils	[libc++][hardening] Rework how the assertion handler can be overridden. (#77883)	2024-01-17 18:56:07 -08:00
vendor/llvm	[libc++][hardening] Rework how the assertion handler can be overridden. (#77883)	2024-01-17 18:56:07 -08:00
.clang-format	[libc++] Rename _LIBCPP_INLINE_VISIBILITY to _LIBCPP_HIDE_FROM_ABI (#74095)	2023-12-04 10:25:14 -05:00
.clang-tidy	Revert "[libc++] Clang-tidy enable modernize-use-nullptr. (#76659)" (#78409)	2024-01-17 01:30:52 -08:00
.gitignore
appveyor-reqs-install.cmd
appveyor.yml	Remove lit's --summary flag from buildbots.	2023-08-31 14:23:51 -04:00
CMakeLists.txt	[libc++][hardening] Rework how the assertion handler can be overridden. (#77883)	2024-01-17 18:56:07 -08:00
CREDITS.TXT	[libcxx] Add mdspan/extents	2023-05-16 14:30:36 -07:00
LICENSE.TXT
TODO.TXT