问题
I got report from AddressSanitizer about heap-buffer-overflow on address, but addresses displayed in shadow bytes do not relate to reported one.
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6160000029a8 at pc 0x7f585f1d646d bp 0x7ffff1ff3430 sp 0x7ffff1ff2bd8
READ of size 80 at 0x6160000029a8
...
Shadow bytes around the buggy address:
0x0c2c7fff84e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
...
Why they are different? Is it bug in AddressSanitizer?
回答1:
0x6160000029a8 stands for incorrect program address which your program tried to access whereas 0x0c2c7fff84e0 is a shadow memory address which 0x6160000029a8 maps to.
Surrounding shadow bytes may sometimes (IMHO rarely) provide you additional context about problematic memory area. E.g. in your case fas stand for left heap redzone i.e. reserved memory area prior to heap allocation which is used to track heap underflows. So your app has likely tried to accessed memory prior to some heap buffer (not necessarily though as large memory overflow from preceeding heap access might have fallen into the same address just as well).
来源:https://stackoverflow.com/questions/59644114/addresssanitizer-heap-buffer-overflow-address-does-not-match-shadow-bytes-addre