[PATCH] [clang/asan] call __asan_poison_cxx_array_cookie after operator new[]

[Richard Smith]

On Mon, Aug 25, 2014 at 11:21 AM, Kostya Serebryany <kcc at google.com> wrote:

> >>! In D4774#11, @samsonov wrote:>>! In D4774#10, @rsmith wrote:
> > Is this change correct? Suppose I do this:
> >
> >     char Buffer[32];
> >     // ...
> >     new (Buffer) int[4];
> >     // ...
> >     new (Buffer) int(0);
> >
> > Won't we get a false positive on the last line?
>
> Not sure  I understand this test.
> First, with arrays of PODs you don't have  cookies at all.
> Second, do we have the cookie with placement new at all?
>

Good point. Here's a complete test case:

  void *operator new[](unsigned long, char *);
  struct S { S(); ~S(); int n; };
  char Buffer[20];
  S *p = new (Buffer) S[20];
  int main() { return Buffer[0]; }

I think it's fine to activate the sanitizer for new-expressions that call
the usual (replaceable) global array new, since in that case the program
really can't use those bytes, and the only way to free them is with a
'delete[]' expression. But I don't think you can do this for a placement
array new.

(The good news is that placement array new's are not widely used and are
mostly useless so we don't lose much by adding this restriction.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20140825/0b6fa44a/attachment.html>