aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYury Gribov <y.gribov@samsung.com>2014-08-18 08:23:47 +0000
committerYury Gribov <ygribov@gcc.gnu.org>2014-08-18 08:23:47 +0000
commit87d1d65af7ebef1ca7240bbd25f3cd6873b1455a (patch)
tree160aeb5c4f22a3043b40b7f8eeebe93c37cac94f
parent495e77b35b09f0ff8d347bceb06deaa2dc72602b (diff)
downloadgcc-87d1d65af7ebef1ca7240bbd25f3cd6873b1455a.zip
gcc-87d1d65af7ebef1ca7240bbd25f3cd6873b1455a.tar.gz
gcc-87d1d65af7ebef1ca7240bbd25f3cd6873b1455a.tar.bz2
re PR sanitizer/62089 (Sanitizer may fail to instrument struct accesses)
2014-08-18 Yury Gribov <y.gribov@samsung.com> PR sanitizer/62089 gcc/ * asan.c (instrument_derefs): Fix bitfield check. gcc/testsuite/ * c-c++-common/asan/pr62089.c: New test. * c-c++-common/asan/bitfield-1.c: New test. * c-c++-common/asan/bitfield-2.c: New test. * c-c++-common/asan/bitfield-3.c: New test. * c-c++-common/asan/bitfield-4.c: New test. From-SVN: r214086
Diffstat
-rw-r--r--gcc/ChangeLog5
-rw-r--r--gcc/asan.c22
-rw-r--r--gcc/testsuite/ChangeLog9
-rw-r--r--gcc/testsuite/c-c++-common/asan/bitfield-1.c25
-rw-r--r--gcc/testsuite/c-c++-common/asan/bitfield-2.c25
-rw-r--r--gcc/testsuite/c-c++-common/asan/bitfield-3.c25
-rw-r--r--gcc/testsuite/c-c++-common/asan/bitfield-4.c25
-rw-r--r--gcc/testsuite/c-c++-common/asan/pr62089.c37
8 files changed, 161 insertions, 12 deletions
diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index c70d519..a4f386a 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,8 @@
+2014-08-18 Yury Gribov <y.gribov@samsung.com>
+
+ PR sanitizer/62089
+ * asan.c (instrument_derefs): Fix bitfield check.
+
2014-08-17 Segher Boessenkool <segher@kernel.crashing.org>
* config/rs6000/constraints.md ("S"): Require TARGET_POWERPC64.
diff --git a/gcc/asan.c b/gcc/asan.c
index 4e6f438..15c0737 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -1690,21 +1690,19 @@ instrument_derefs (gimple_stmt_iterator *iter, tree t,
int volatilep = 0, unsignedp = 0;
tree inner = get_inner_reference (t, &bitsize, &bitpos, &offset,
&mode, &unsignedp, &volatilep, false);
- if (((size_in_bytes & (size_in_bytes - 1)) == 0
- && (bitpos % (size_in_bytes * BITS_PER_UNIT)))
- || bitsize != size_in_bytes * BITS_PER_UNIT)
+
+ if (TREE_CODE (t) == COMPONENT_REF
+ && DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1)) != NULL_TREE)
{
- if (TREE_CODE (t) == COMPONENT_REF
- && DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1)) != NULL_TREE)
- {
- tree repr = DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1));
- instrument_derefs (iter, build3 (COMPONENT_REF, TREE_TYPE (repr),
- TREE_OPERAND (t, 0), repr,
- NULL_TREE), location, is_store);
- }
+ tree repr = DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1));
+ instrument_derefs (iter, build3 (COMPONENT_REF, TREE_TYPE (repr),
+ TREE_OPERAND (t, 0), repr,
+ NULL_TREE), location, is_store);
return;
}
- if (bitpos % BITS_PER_UNIT)
+
+ if (bitpos % BITS_PER_UNIT
+ || bitsize != size_in_bytes * BITS_PER_UNIT)
return;
if (TREE_CODE (inner) == VAR_DECL
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 87f51d5..d378169 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,12 @@
+2014-08-18 Yury Gribov <y.gribov@samsung.com>
+
+ PR sanitizer/62089
+ * c-c++-common/asan/pr62089.c: New test.
+ * c-c++-common/asan/bitfield-1.c: New test.
+ * c-c++-common/asan/bitfield-2.c: New test.
+ * c-c++-common/asan/bitfield-3.c: New test.
+ * c-c++-common/asan/bitfield-4.c: New test.
+
2014-08-18 Kugan Vivekanandarajah <kuganv@linaro.org>
PR tree-optimization/52904
diff --git a/gcc/testsuite/c-c++-common/asan/bitfield-1.c b/gcc/testsuite/c-c++-common/asan/bitfield-1.c
new file mode 100644
index 0000000..b3f300c
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/asan/bitfield-1.c
@@ -0,0 +1,25 @@
+/* Check that Asan correctly instruments bitfields with non-round size. */
+
+/* { dg-do run } */
+/* { dg-shouldfail "asan" } */
+
+struct A
+{
+ char base;
+ int : 4;
+ long x : 7;
+};
+
+int __attribute__ ((noinline, noclone))
+f (void *p) {
+ return ((struct A *)p)->x;
+}
+
+int
+main ()
+{
+ char a = 0;
+ return f (&a);
+}
+
+/* { dg-output "ERROR: AddressSanitizer: stack-buffer-overflow" } */
diff --git a/gcc/testsuite/c-c++-common/asan/bitfield-2.c b/gcc/testsuite/c-c++-common/asan/bitfield-2.c
new file mode 100644
index 0000000..8ab0f80
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/asan/bitfield-2.c
@@ -0,0 +1,25 @@
+/* Check that Asan correctly instruments bitfields with non-round offset. */
+
+/* { dg-do run } */
+/* { dg-shouldfail "asan" } */
+
+struct A
+{
+ char base;
+ int : 7;
+ int x : 8;
+};
+
+int __attribute__ ((noinline, noclone))
+f (void *p) {
+ return ((struct A *)p)->x;
+}
+
+int
+main ()
+{
+ char a = 0;
+ return f (&a);
+}
+
+/* { dg-output "ERROR: AddressSanitizer: stack-buffer-overflow" } */
diff --git a/gcc/testsuite/c-c++-common/asan/bitfield-3.c b/gcc/testsuite/c-c++-common/asan/bitfield-3.c
new file mode 100644
index 0000000..c590778
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/asan/bitfield-3.c
@@ -0,0 +1,25 @@
+/* Check that Asan correctly instruments bitfields with round offset. */
+
+/* { dg-do run } */
+/* { dg-shouldfail "asan" } */
+
+struct A
+{
+ char base;
+ int : 8;
+ int x : 8;
+};
+
+int __attribute__ ((noinline, noclone))
+f (void *p) {
+ return ((struct A *)p)->x;
+}
+
+int
+main ()
+{
+ char a = 0;
+ return f (&a);
+}
+
+/* { dg-output "ERROR: AddressSanitizer: stack-buffer-overflow" } */
diff --git a/gcc/testsuite/c-c++-common/asan/bitfield-4.c b/gcc/testsuite/c-c++-common/asan/bitfield-4.c
new file mode 100644
index 0000000..94de9a4
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/asan/bitfield-4.c
@@ -0,0 +1,25 @@
+/* Check that Asan correctly instruments bitfields with round offset. */
+
+/* { dg-do run } */
+/* { dg-shouldfail "asan" } */
+
+struct A
+{
+ char base;
+ int : 0;
+ int x : 8;
+};
+
+int __attribute__ ((noinline, noclone))
+f (void *p) {
+ return ((struct A *)p)->x;
+}
+
+int
+main ()
+{
+ char a = 0;
+ return f (&a);
+}
+
+/* { dg-output "ERROR: AddressSanitizer: stack-buffer-overflow" } */
diff --git a/gcc/testsuite/c-c++-common/asan/pr62089.c b/gcc/testsuite/c-c++-common/asan/pr62089.c
new file mode 100644
index 0000000..22b877b
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/asan/pr62089.c
@@ -0,0 +1,37 @@
+/* { dg-do run } */
+/* { dg-shouldfail "asan" } */
+
+#include <sanitizer/asan_interface.h>
+
+struct vfsmount {};
+struct dentry {};
+
+struct path {
+ struct vfsmount *mnt;
+ struct dentry *dentry;
+};
+
+struct fs_struct {
+ int users;
+ int lock;
+ int seq;
+ int umask;
+ int in_exec;
+ struct path root, pwd;
+};
+
+void __attribute__((noinline, noclone))
+copy_fs_struct(struct fs_struct *a, struct fs_struct *b) {
+ a->root = b->root;
+}
+
+struct fs_struct a, b;
+
+int
+main () {
+ __asan_poison_memory_region (&a.root, sizeof (a.root));
+ copy_fs_struct (&a, &b);
+ return 0;
+}
+
+/* { dg-output "ERROR: AddressSanitizer: use-after-poison" } */
generated by cgit v1.1 at 2025-02-22 15:54:18 +0000