Make stack depth check work with asan's use-after-return

With address sanitizer's stack-use-after-return check, stack variables are
moved to heap allocations, to allow to detect references to the memory at a
later time. That broke our stack-depth check, which is why we had to disable
detect_stack_use_after_return in CI. Luckily __builtin_frame_address() works
correctly, even under asan, so use that.

We started using __builtin_frame_address() with de447bb8e6fb, however as of
that commit we just used it for the stack base address, not for the value to
compare to the base address.  Now we use it for both.

When building without __builtin_frame_address() support, we continue to use
stack variables for the stack depth determination.

Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/2kk4z4odvuyrg7qlwjd7ft4eron4cle4btb33v4qatgsdkayir@gj6e62rgsel4
Backpatch-through: 14

diff --git a/.cirrus.tasks.yml b/.cirrus.tasks.yml
index 1f32c53bf835106a41476dbed9e411077d580098..09ee1a476749e0bb2ce22789ddabcb7927072143 100644 (file)
--- a/.cirrus.tasks.yml
+++ b/.cirrus.tasks.yml
@@ -406,7 +406,7 @@ task:
     # print_stacktraces=1,verbosity=2, duh
     # detect_leaks=0: too many uninteresting leak errors in short-lived binaries
     UBSAN_OPTIONS: print_stacktrace=1:disable_coredump=0:abort_on_error=1:verbosity=2
-    ASAN_OPTIONS: print_stacktrace=1:disable_coredump=0:abort_on_error=1:detect_leaks=0:detect_stack_use_after_return=0
+    ASAN_OPTIONS: print_stacktrace=1:disable_coredump=0:abort_on_error=1:detect_leaks=0
 
     # SANITIZER_FLAGS is set in the tasks below
     CFLAGS: -Og -ggdb -fno-sanitize-recover=all $SANITIZER_FLAGS

diff --git a/src/backend/utils/misc/stack_depth.c b/src/backend/utils/misc/stack_depth.c
index 8f7cf531fbc5f4d546c1f49cc1094ea590f7cfc5..2b97673188027cdd791710e108d19e67644d0fdd 100644 (file)
--- a/src/backend/utils/misc/stack_depth.c
+++ b/src/backend/utils/misc/stack_depth.c
@@ -53,7 +53,8 @@ set_stack_base(void)
        /*
         * Set up reference point for stack depth checking.  On recent gcc we use
         * __builtin_frame_address() to avoid a warning about storing a local
-        * variable's address in a long-lived variable.
+        * variable's address in a long-lived variable.  This is also important
+        * with address sanitizer, see comment in stack_is_too_deep().
         */
 #ifdef HAVE__BUILTIN_FRAME_ADDRESS
        stack_base_ptr = __builtin_frame_address(0);
@@ -108,13 +109,28 @@ check_stack_depth(void)
 bool
 stack_is_too_deep(void)
 {
+#ifndef HAVE__BUILTIN_FRAME_ADDRESS
        char            stack_top_loc;
+#endif
        ssize_t         stack_depth;
+       char       *stack_address;
+
+       /*
+        * With address sanitizer's stack-use-after-return check, stack variables
+        * are moved to heap allocations, to allow to detect references to the
+        * memory at a later time. That would break our stack-depth check. Luckily
+        * __builtin_frame_address() works correctly, even under asan.
+        */
+#ifndef HAVE__BUILTIN_FRAME_ADDRESS
+       stack_address = &stack_top_loc;
+#else
+       stack_address = (char *) __builtin_frame_address(0);
+#endif
 
        /*
-        * Compute distance from reference point to my local variables
+        * Compute distance from reference point to my stack frame.
         */
-       stack_depth = (ssize_t) (stack_base_ptr - &stack_top_loc);
+       stack_depth = (ssize_t) (stack_base_ptr - stack_address);
 
        /*
         * Take abs value, since stacks grow up on some machines, down on others