[compiler-rt] r218620 - [asan] add a test for array cookie if the operator new is defined inside the class (the cookie should not be poisoned in such case); update the related comment in asan_poisoning.cc

[Evgeniy Stepanov]

There is something wrong with this test on Android on ARM: the offset
is 8 bytes instead of sizeof(void*)==4.

http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/builds/13105/steps/run%20asan%20lit%20tests%20%5BAndroid%5D/logs/stdio

Also, main() is missing a return statement.


On Mon, Sep 29, 2014 at 11:40 PM, Kostya Serebryany <kcc at google.com> wrote:
> Author: kcc
> Date: Mon Sep 29 14:40:56 2014
> New Revision: 218620
>
> URL: http://llvm.org/viewvc/llvm-project?rev=218620&view=rev
> Log:
> [asan] add a test for array cookie if the operator new is defined inside the class (the cookie should not be poisoned in such case); update the related comment in asan_poisoning.cc
>
> Added:
>     compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc
> Modified:
>     compiler-rt/trunk/lib/asan/asan_poisoning.cc
>
> Modified: compiler-rt/trunk/lib/asan/asan_poisoning.cc
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_poisoning.cc?rev=218620&r1=218619&r2=218620&view=diff
> ==============================================================================
> --- compiler-rt/trunk/lib/asan/asan_poisoning.cc (original)
> +++ compiler-rt/trunk/lib/asan/asan_poisoning.cc Mon Sep 29 14:40:56 2014
> @@ -252,7 +252,8 @@ uptr __asan_load_cxx_array_cookie(uptr *
>             "expect a double-free report\n");
>      return 0;
>    }
> -  // FIXME: apparently it can be something else; need to find a reproducer.
> +  // The cookie may remain unpoisoned if e.g. it comes from a custom
> +  // operator new defined inside a class.
>    return *p;
>  }
>
>
> Added: compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc?rev=218620&view=auto
> ==============================================================================
> --- compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc (added)
> +++ compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc Mon Sep 29 14:40:56 2014
> @@ -0,0 +1,34 @@
> +// Test that we do not poison the array cookie if the operator new is defined
> +// inside the class.
> +// RUN: %clangxx_asan  %s -o %t && %run %t
> +#include <new>
> +#include <stdlib.h>
> +#include <stdint.h>
> +#include <stdio.h>
> +#include <assert.h>
> +struct Foo {
> +  void *operator new(size_t s) { return Allocate(s); }
> +  void *operator new[] (size_t s) { return Allocate(s); }
> +  ~Foo();
> +  static void *allocated;
> +  static void *Allocate(size_t s) {
> +    assert(!allocated);
> +    return allocated = ::new char[s];
> +  }
> +};
> +
> +Foo::~Foo() {}
> +void *Foo::allocated;
> +
> +Foo *getFoo(size_t n) {
> +  return new Foo[n];
> +}
> +
> +int main() {
> +  Foo *foo = getFoo(10);
> +  fprintf(stderr, "foo  : %p\n", foo);
> +  fprintf(stderr, "alloc: %p\n", Foo::allocated);
> +  assert(reinterpret_cast<uintptr_t>(foo) ==
> +         reinterpret_cast<uintptr_t>(Foo::allocated) + sizeof(void*));
> +  *reinterpret_cast<uintptr_t*>(Foo::allocated) = 42;
> +}
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits