<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - DFSan incorrectly transfers param attributes for variadic custom "__dfsw_*" handlers"

   href="https://bugs.llvm.org/show_bug.cgi?id=36315">36315</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>DFSan incorrectly transfers param attributes for variadic custom "__dfsw_*" handlers

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Miscellaneous Instrumentation passes

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>sbucur@google.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>For variadic function calls that are uninstrumented and provided with a custom

"__dfsw_*" handler, the DFSan pass transfers the param attributes from the old

call to the new call, but it does not offset the indices of the extra

arguments, which come after the shadow arguments in the new call. This causes

attributes like "nonnull" to be attached to shadow arguments, which aren't

pointers, and hence should never be marked as "nonnull".

Example for a snprintf custom wrapper:

Before instrumentation:   %X = call i32 (i8*, i64, i8*, ...) @snprintf(i8*

nonnull %30, i64 200, i8* getelementptr inbounds ([19 x i8], [19 x i8]*

@.str.94.1284, i64 0, i64 0), i64 %32, i8* %29, i8* nonnull %34) #1

After instrumentation: %Y = call i32 (i8*, i64, i8*, i16, i16, i16, i16*, i16*,

...) @__dfsw_snprintf(i8* nonnull %98, i64 200, i8* getelementptr inbounds ([19

x i8], [19 x i8]* @.str.94.1284, i64 0, i64 0), i16 zeroext 0, i16 zeroext 0,

i16 nonnull zeroext 0, i16* %130, i16* %labelreturn, i64 %118, i8* %97, i8*

%126)

Note that the "nonnull" attribute stays in the same position, although it

should have been shifted to the end of the argument list.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>