Didn't make the #ChromeDevSummit this year? Catch all the content (and more!) in the Chrome Dev Summit 2019 playlist on our Chrome Developers YouTube Channel.

The Chromium Chronicle: GWP-ASan: Detect bugs in the wild

Episode 8: November, 2019

by Vlad Tsyrklevich in Seattle

Debugging memory safety errors, such as use-after-frees or buffer overflows, can be difficult. Tools like AddressSanitizer (ASan) are helpful to pinpoint memory errors in unit tests and fuzzers, but many bugs only manifest after deployment to users where ASan’s overhead is prohibitively high.

GWP-ASan is a heap-only memory error detector designed to be used in the wild. It detects use-after-frees, buffer overflows/underflows, and double frees. Unlike ASan, it does not detect errors on the stack or in globals.

By sampling a tiny percentage of allocations, GWP-ASan is able to provide probabilistic error detection with negligible memory and performance overhead. GWP-ASan will cause the process to crash immediately when a memory error occurs with a sampled allocation. This makes it easier to spot the bug as the crash happens right where the error is made instead of at some later point when corrupt memory is used.

Like ASan, GWP-ASan crash reports include allocation and deallocation stack traces to help debug memory issues. Let's take a look at an example (crbug/956230) of some of the additional data presented in the crash UI:

The use and deallocation both originate in PDFiumEngine::ExtendSelection(). The source quickly shows the bug is a use of an invalidated std::vector iterator.

GWP-ASan is enabled on the stable channel for allocations made using malloc/new and PartitionAlloc on Windows and macOS. Android support is in progress. Over 60 GWP-ASan bugs have been reported so far and about 70% have been fixed. GWP-ASan crashes are all candidate security issues that may be exploitable so please triage them quickly and request backports where necessary.

Was this page helpful?
Yes
What was the best thing about this page?
It helped me complete my goal(s)
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
It had the information I needed
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
It had accurate information
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
It was easy to read
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
Something else
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
No
What was the worst thing about this page?
It didn't help me complete my goal(s)
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
It was missing information I needed
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
It had inaccurate information
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
It was hard to read
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.
Something else
Thank you for the feedback. If you have specific ideas on how to improve this page, please create an issue.

rss_feed Subscribe to our RSS or Atom feed and get the latest updates in your favorite feed reader!