diff options
| author | Martin Liska <mliska@suse.cz> | 2016-02-04 12:50:40 +0100 |
|---|---|---|
| committer | Martin Liska <marxin@gcc.gnu.org> | 2016-02-04 11:50:40 +0000 |
| commit | 7db337c247a6f34708b502016d58c2ef9991b2a8 (patch) | |
| tree | 4ea923ad0597971e1d4ac18debc076d5c683892c | |
| parent | 60d27907cc2cfb233ceb5e76bba3ed82ab9b21c7 (diff) | |
| download | gcc-7db337c247a6f34708b502016d58c2ef9991b2a8.zip gcc-7db337c247a6f34708b502016d58c2ef9991b2a8.tar.gz gcc-7db337c247a6f34708b502016d58c2ef9991b2a8.tar.bz2 | |
re PR sanitizer/69276 (Address sanitizer does not handle heap overflow)
Fix PR sanitizer/69276
* g++.dg/asan/pr69276.C: New test.
PR sanitizer/PR69276
* asan.c (has_stmt_been_instrumented_p): Instrument gimple calls
that are gimple_store_p.
(maybe_instrument_call): Likewise.
From-SVN: r233137
| -rw-r--r-- | gcc/ChangeLog | 7 | ||||
| -rw-r--r-- | gcc/asan.c | 22 | ||||
| -rw-r--r-- | gcc/testsuite/ChangeLog | 4 | ||||
| -rw-r--r-- | gcc/testsuite/g++.dg/asan/pr69276.C | 38 |
4 files changed, 71 insertions, 0 deletions
diff --git a/gcc/ChangeLog b/gcc/ChangeLog index 7646774..75354af 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,10 @@ +2016-02-04 Martin Liska <mliska@suse.cz> + + PR sanitizer/69276 + * asan.c (has_stmt_been_instrumented_p): Instrument gimple calls + that are gimple_store_p. + (maybe_instrument_call): Likewise. + 2016-02-04 Bin Cheng <bin.cheng@arm.com> * config/aarch64/aarch64.c (aarch64_legitimize_address): Force @@ -897,6 +897,16 @@ has_stmt_been_instrumented_p (gimple *stmt) return true; } } + else if (is_gimple_call (stmt) && gimple_store_p (stmt)) + { + asan_mem_ref r; + asan_mem_ref_init (&r, NULL, 1); + + r.start = gimple_call_lhs (stmt); + r.access_size = int_size_in_bytes (TREE_TYPE (r.start)); + return has_mem_ref_been_instrumented (&r); + } + return false; } @@ -2038,6 +2048,18 @@ maybe_instrument_call (gimple_stmt_iterator *iter) gimple_set_location (g, gimple_location (stmt)); gsi_insert_before (iter, g, GSI_SAME_STMT); } + + if (gimple_store_p (stmt)) + { + tree ref_expr = gimple_call_lhs (stmt); + instrument_derefs (iter, ref_expr, + gimple_location (stmt), + /*is_store=*/true); + + gsi_next (iter); + return true; + } + return false; } diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index 0b65ce8..8f528b2 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,3 +1,7 @@ +2016-02-04 Martin Liska <mliska@suse.cz> + + * g++.dg/asan/pr69276.C: New test. + 2016-02-04 Kyrylo Tkachov <kyrylo.tkachov@arm.com> PR target/65932 diff --git a/gcc/testsuite/g++.dg/asan/pr69276.C b/gcc/testsuite/g++.dg/asan/pr69276.C new file mode 100644 index 0000000..ff43650 --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/pr69276.C @@ -0,0 +1,38 @@ +/* { dg-do run } */ +/* { dg-shouldfail "asan" } */ +/* { dg-additional-options "-O0 -fno-lto" } */ + +#include <stdlib.h> + +typedef __SIZE_TYPE__ size_t; +inline void * operator new (size_t, void *p) { return p; } + + +struct vec +{ + int size; +}; + +struct vnull +{ + operator vec() { return vec(); } +}; +vnull vNULL; + +struct A +{ + A(): value2 (vNULL), value3 (vNULL) {} + int value; + vec value2; + vec value3; +}; + +int main() +{ + int *array = (int *)malloc (sizeof (int) * 1); + A *a = new (array) A (); + free (array); +} + +/* { dg-output "ERROR: AddressSanitizer: heap-buffer-overflow.*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ +in A::A()" } */ |