From 4ba5817b8b7fe5f136c8f95287e02eeaa69d630b Mon Sep 17 00:00:00 2001 From: Filipe Cabecinhas Date: Mon, 12 Feb 2018 11:49:02 +0000 Subject: ASan+operator new[]: Add an option for more thorough operator new[] cookie poisoning Summary: Right now clang is skipping array cookie poisoning for any operator new[] which is not part of the set of replaceable global allocation functions. This commit adds a flag to tell clang to poison all operator new[] cookies. A previous review was poisoning all array cookies unconditionally, but there is an edge case which would stop working under ASan (a custom operator new[] saves whatever pointer it returned, and then accesses it). This newer revision adds a command line argument to toggle this feature. Original revision: https://reviews.llvm.org/D41301 Compiler-rt test revision with an explanation of the edge case: https://reviews.llvm.org/D41664 Reviewers: rjmccall, kcc, rsmith Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D43013 llvm-svn: 324884 --- clang/lib/Frontend/CompilerInvocation.cpp | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'clang/lib/Frontend/CompilerInvocation.cpp') diff --git a/clang/lib/Frontend/CompilerInvocation.cpp b/clang/lib/Frontend/CompilerInvocation.cpp index 5b5c24d..3bdc116 100644 --- a/clang/lib/Frontend/CompilerInvocation.cpp +++ b/clang/lib/Frontend/CompilerInvocation.cpp @@ -890,6 +890,13 @@ static bool ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args, InputKind IK, Opts.SanitizeCfiICallGeneralizePointers = Args.hasArg(OPT_fsanitize_cfi_icall_generalize_pointers); Opts.SanitizeStats = Args.hasArg(OPT_fsanitize_stats); + if (Arg *A = Args.getLastArg( + OPT_fsanitize_address_poison_class_member_array_new_cookie, + OPT_fno_sanitize_address_poison_class_member_array_new_cookie)) { + Opts.SanitizeAddressPoisonClassMemberArrayNewCookie = + A->getOption().getID() == + OPT_fsanitize_address_poison_class_member_array_new_cookie; + } if (Arg *A = Args.getLastArg(OPT_fsanitize_address_use_after_scope, OPT_fno_sanitize_address_use_after_scope)) { Opts.SanitizeAddressUseAfterScope = -- cgit v1.1