microsoft · davidmrdavid · Jan 16, 2025 · Jan 16, 2025 · Jan 16, 2025 · Jan 16, 2025
@@ -493,6 +493,10 @@ private:
             return;
         }
 
+        if constexpr (_Disable_ASan_container_annotations_for_allocator<allocator_type>) {
+            return;
+        }
+
         const void* const _First    = _STD _Unfancy(_First_);
         const void* const _End      = _STD _Unfancy(_End_);
         const void* const _Old_last = _STD _Unfancy(_Old_last_);

@@ -805,6 +805,10 @@ struct _Simple_types { // wraps types from allocators with simple addressing for
 _INLINE_VAR constexpr size_t _Asan_granularity      = 8;
 _INLINE_VAR constexpr size_t _Asan_granularity_mask = _Asan_granularity - 1;
 
+// Controls whether ASan `container-overflow` errors are reported for this allocator.
+template <class>
+constexpr bool _Disable_ASan_container_annotations_for_allocator = false;
+
 struct _Asan_aligned_pointers {
     const void* _First;
     const void* _End;

@@ -632,6 +632,10 @@ private:
             return;
         }
 
+        if constexpr (_Disable_ASan_container_annotations_for_allocator<allocator_type>) {
+            return;
+        }
+
         // Note that `_Capacity`, `_Old_size`, and `_New_size` do not include the null terminator
         const void* const _End      = _First + _Capacity + 1;
         const void* const _Old_last = _First + _Old_size + 1;

@@ -289,6 +289,27 @@ STATIC_ASSERT(_Container_allocation_minimum_asan_alignment<
                   basic_string<wchar_t, char_traits<wchar_t>, implicit_allocator<wchar_t>>>
               == 2);
 
+// Simple allocator that opts out of ASan annotations (via `_Disable_ASan_container_annotations_for_allocator`)
+template <class T, class Pocma = true_type, class Stateless = true_type>
+struct implicit_allocator_no_asan_annotations : implicit_allocator<T, Pocma, Stateless> {
+    implicit_allocator_no_asan_annotations() = default;
+    template <class U>
+    constexpr implicit_allocator_no_asan_annotations(
+        const implicit_allocator_no_asan_annotations<U, Pocma, Stateless>&) noexcept {}
+
+    T* allocate(size_t n) {
+        T* mem = new T[n + 1];
+        return mem + 1;
+    }
+
+    void deallocate(T* p, size_t) noexcept {
+        delete[] (p - 1);
+    }
+};
+
+template <typename T>
+constexpr bool _Disable_ASan_container_annotations_for_allocator<implicit_allocator_no_asan_annotations<T>> = true;
+
 template <class Alloc>
 void test_construction() {
     using CharType = typename Alloc::value_type;
@@ -1855,6 +1876,28 @@ void run_tests() {
 #endif // ^^^ no workaround ^^^
 }
 
+// Test that writing to un-initialized memory in a string triggers ASan container-overflow error.
+template <class CharType, class Alloc = std::allocator<CharType>>
+void run_asan_container_overflow_death_test() {
+
+    // We'll give the string capacity 100 (all un-initialized memory).
+    std::basic_string<CharType, std::char_traits<CharType>, Alloc> myString;
+    myString.reserve(100);
+
+    // Write to the 50th element to trigger ASan container-overflow check.
+    CharType* myData = &myString[0];
+    myData[50]       = CharType{'A'};
+}
+
+// Test that ASan `container-overflow` checks can be disabled for a custom allocator.
+template <class CharType>
+void run_asan_annotations_disablement_test() {
+
+    // ASan annotations are disabled for the `implicit_allocator_no_asan_annotations` allocator,
+    // which should make the container-overflow 'death test' pass.
+    run_asan_container_overflow_death_test<CharType, implicit_allocator_no_asan_annotations<CharType>>();
+}
+
 template <class CharType, template <class, class, class> class Alloc>
 void run_custom_allocator_matrix() {
     run_tests<Alloc<CharType, true_type, true_type>>();
@@ -1869,6 +1912,11 @@ void run_allocator_matrix() {
     run_custom_allocator_matrix<CharType, aligned_allocator>();
     run_custom_allocator_matrix<CharType, explicit_allocator>();
     run_custom_allocator_matrix<CharType, implicit_allocator>();
+
+    // To test ASan annotation disablement, we use an ad-hoc allocator type to avoid disrupting other
+    // tests that depend on annotations being enabled. Therefore, unlike the prior tests,
+    // this test is not parametrized by the allocator type.
+    run_asan_annotations_disablement_test<CharType>();
 }
 
 void test_DevCom_10116361() {
@@ -1919,15 +1967,6 @@ void test_gh_3955() {
     assert(s == t);
 }
 
-void test_gh_5251() {
-    // GH-5251 <string>: ASan annotations do not prevent writing to allocated
-    // but uninitialized basic_string memory
-    string myString;
-    myString.reserve(100);
-    char* myData = &myString[0];
-    myData[50]   = 'A'; // ASan should fire!
-}
-
 int main(int argc, char* argv[]) {
     std_testing::death_test_executive exec([] {
         run_allocator_matrix<char>();
@@ -1944,7 +1983,11 @@ int main(int argc, char* argv[]) {
         test_gh_3955();
     });
 #ifdef __SANITIZE_ADDRESS__
-    exec.add_death_tests({test_gh_5251});
+#ifdef __cpp_char8_t
+    exec.add_death_tests({run_asan_container_overflow_death_test<char8_t>});
+#endif // __cpp_char8_t
+    exec.add_death_tests({run_asan_container_overflow_death_test<char16_t>,
+        run_asan_container_overflow_death_test<char32_t>, run_asan_container_overflow_death_test<wchar_t>});
 #endif // ASan instrumentation enabled
     return exec.run(argc, argv);
 }
@@ -12,6 +12,8 @@
 #include <utility>
 #include <vector>
 
+#include <test_death.hpp>
+
 #pragma warning(disable : 4984) // 'if constexpr' is a C++17 language extension
 
 #ifdef __clang__
@@ -53,6 +55,7 @@ struct non_trivial_can_throw {
     }
 
     non_trivial_can_throw& operator=(const non_trivial_can_throw&) {
+        ++i;
         return *this;
     }
 
@@ -274,6 +277,27 @@ struct implicit_allocator : custom_test_allocator<T, Pocma, Stateless> {
 STATIC_ASSERT(_Container_allocation_minimum_asan_alignment<vector<char, implicit_allocator<char>>> == 1);
 STATIC_ASSERT(_Container_allocation_minimum_asan_alignment<vector<wchar_t, implicit_allocator<wchar_t>>> == 2);
 
+// Simple allocator that opts out of ASan annotations (via `_Disable_ASan_container_annotations_for_allocator`)
+template <class T, class Pocma = true_type, class Stateless = true_type>
+struct implicit_allocator_no_asan_annotations : implicit_allocator<T, Pocma, Stateless> {
+    implicit_allocator_no_asan_annotations() = default;
+    template <class U>
+    constexpr implicit_allocator_no_asan_annotations(
+        const implicit_allocator_no_asan_annotations<U, Pocma, Stateless>&) noexcept {}
+
+    T* allocate(size_t n) {
+        T* mem = new T[n + 1];
+        return mem + 1;
+    }
+
+    void deallocate(T* p, size_t) noexcept {
+        delete[] (p - 1);
+    }
+};
+
+template <typename T>
+constexpr bool _Disable_ASan_container_annotations_for_allocator<implicit_allocator_no_asan_annotations<T>> = true;
+
 template <class Alloc>
 void test_push_pop() {
     using T = typename Alloc::value_type;
@@ -1002,31 +1026,66 @@ void run_custom_allocator_matrix() {
     run_tests<AllocT<T, false_type, false_type>>();
 }
 
+// Test that writing to un-initialized memory in a string triggers ASan container-overflow error.
+template <class T, class Alloc = std::allocator<T>>
+void run_asan_container_overflow_death_test() {
+    // We'll give the vector capacity 100 (all un0initialized memory).
+    std::vector<T, Alloc> vector;
+    vector.reserve(100);
+
+    // Write to the 50th element to trigger ASan container-overflow check.
+    vector.data()[50] = T();
+}
+
+// Test that ASan `container-overflow` checks can be disabled for a custom allocator.
+template <class T>
+void run_asan_annotations_disablement_test() {
+
+    // ASan annotations are disabled for the `implicit_allocator_no_asan_annotations` allocator,
+    // which should make the container-overflow 'death test' pass.
+    run_asan_container_overflow_death_test<T, implicit_allocator_no_asan_annotations<T>>();
+}
+
 template <class T>
 void run_allocator_matrix() {
     run_tests<allocator<T>>();
     run_custom_allocator_matrix<T, aligned_allocator>();
     run_custom_allocator_matrix<T, explicit_allocator>();
     run_custom_allocator_matrix<T, implicit_allocator>();
+
+    // To test ASan annotation disablement, we use an ad-hoc allocator type to avoid disrupting other
+    // tests that depend on annotations being enabled. Therefore, unlike the prior tests,
+    // this test is not parametrized by the allocator type.
+    run_asan_annotations_disablement_test<T>();
 }
 
-int main() {
-    // Do some work even when we aren't instrumented
-    run_allocator_matrix<char>();
+int main(int argc, char* argv[]) {
+    std_testing::death_test_executive exec([] {
+        // Do some work even when we aren't instrumented
+        run_allocator_matrix<char>();
 #ifdef __SANITIZE_ADDRESS__
-    run_allocator_matrix<int>();
-    run_allocator_matrix<double>();
-    run_allocator_matrix<non_trivial_can_throw>();
-    run_allocator_matrix<non_trivial_cannot_throw>();
+        run_allocator_matrix<int>();
+        run_allocator_matrix<double>();
+        run_allocator_matrix<non_trivial_can_throw>();
+        run_allocator_matrix<non_trivial_cannot_throw>();
 
 #ifndef __clang__ // TRANSITION, LLVM-35365
-    test_push_back_throw();
-    test_emplace_back_throw();
-    test_insert_range_throw();
-    test_insert_throw();
-    test_emplace_throw();
-    test_resize_throw();
-    test_insert_n_throw();
+        test_push_back_throw();
+        test_emplace_back_throw();
+        test_insert_range_throw();
+        test_insert_throw();
+        test_emplace_throw();
+        test_resize_throw();
+        test_insert_n_throw();
 #endif // ^^^ no workaround ^^^
 #endif // ASan instrumentation enabled
+    });
+
+#ifdef __SANITIZE_ADDRESS__
+    exec.add_death_tests({run_asan_container_overflow_death_test<int>, run_asan_container_overflow_death_test<double>,
+        run_asan_container_overflow_death_test<non_trivial_can_throw>,
+        run_asan_container_overflow_death_test<non_trivial_cannot_throw>});
+#endif // ASan instrumentation enabled
+
+    return exec.run(argc, argv);
 }