Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[clang/asan] call __asan_poison_cxx_array_cookie after operator new[]
Summary: PR19838 When operator new[] is called and an array cookie is created we want asan to detect buffer overflow bugs that touch the cookie. For that we need to a) poison the shadow for the array cookie (call __asan_poison_cxx_array_cookie). b) ignore the legal accesses to the cookie generated by clang (add 'nosanitize' metadata) Reviewers: timurrrr, samsonov, rsmith Reviewed By: rsmith Subscribers: cfe-commits Differential Revision: http://reviews.llvm.org/D4774 llvm-svn: 216434
- Loading branch information
Showing
5 changed files
with
81 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
// RUN: %clang_cc1 -triple x86_64-gnu-linux -emit-llvm -o - %s | FileCheck %s -check-prefix=PLAIN | ||
// RUN: %clang_cc1 -triple x86_64-gnu-linux -emit-llvm -o - -fsanitize=address %s | FileCheck %s -check-prefix=ASAN | ||
|
||
typedef __typeof__(sizeof(0)) size_t; | ||
namespace std { | ||
struct nothrow_t {}; | ||
std::nothrow_t nothrow; | ||
} | ||
void *operator new[](size_t, const std::nothrow_t &) throw(); | ||
void *operator new[](size_t, char *); | ||
|
||
struct C { | ||
int x; | ||
~C(); | ||
}; | ||
|
||
C *CallNew() { | ||
return new C[10]; | ||
} | ||
// PLAIN-LABEL: CallNew | ||
// PLAIN-NOT: nosanitize | ||
// PLAIN-NOT: __asan_poison_cxx_array_cookie | ||
// ASAN-LABEL: CallNew | ||
// ASAN: store{{.*}}nosanitize | ||
// ASAN-NOT: nosanitize | ||
// ASAN: call void @__asan_poison_cxx_array_cookie | ||
|
||
C *CallNewNoThrow() { | ||
return new (std::nothrow) C[10]; | ||
} | ||
// PLAIN-LABEL: CallNewNoThrow | ||
// PLAIN-NOT: nosanitize | ||
// PLAIN-NOT: __asan_poison_cxx_array_cookie | ||
// ASAN-LABEL: CallNewNoThrow | ||
// ASAN: store{{.*}}nosanitize | ||
// ASAN-NOT: nosanitize | ||
// ASAN: call void @__asan_poison_cxx_array_cookie | ||
|
||
void CallDelete(C *c) { | ||
delete [] c; | ||
} | ||
|
||
// PLAIN-LABEL: CallDelete | ||
// PLAIN-NOT: nosanitize | ||
// ASAN-LABEL: CallDelete | ||
// ASAN: load{{.*}}!nosanitize | ||
// ASAN-NOT: nosanitize | ||
|
||
char Buffer[20]; | ||
C *CallPlacementNew() { | ||
return new (Buffer) C[20]; | ||
} | ||
// ASAN-LABEL: CallPlacementNew | ||
// ASAN-NOT: __asan_poison_cxx_array_cookie |