[PATCH] D33305: [ubsan] Add a check for pointer overflow UB
Vedant Kumar via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed May 17 17:39:13 PDT 2017
vsk created this revision.
Herald added a subscriber: krytarowski.
Check pointer arithmetic for overflow.
For some more background on this check, see:
https://wdtz.org/catching-pointer-overflow-bugs.html
https://reviews.llvm.org/D20322
Patch by Will Dietz and John Regehr!
This version of the patch is different from the original in a few ways:
- Incorporates feedback from @rsmith.
- It does some constant-folding to reduce instrumentation.
- The `ValidOffset' condition is inverted (same rationale).
- CGExprCXX is left untouched (same rationale, and also: I'm not sure that inserting checks here, or in CGClass, would catch many bugs).
Possible future directions for this check:
- Introduce CGF.EmitCheckedStructGEP, to detect overflows when accessing structures.
Testing: Apart from the added lit test, I ran check-llvm and check-clang
with a stage2, ubsan-instrumented clang. I found one overflow (see:
https://reviews.llvm.org/D33149).
https://reviews.llvm.org/D33305
Files:
docs/UndefinedBehaviorSanitizer.rst
include/clang/Basic/Sanitizers.def
lib/CodeGen/CGExpr.cpp
lib/CodeGen/CGExprScalar.cpp
lib/CodeGen/CodeGenFunction.h
test/CodeGen/ubsan-pointer-overflow.m
test/Driver/fsanitize.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D33305.99378.patch
Type: text/x-patch
Size: 37655 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170518/127232b4/attachment-0001.bin>
More information about the cfe-commits
mailing list