[PATCH] [clang/asan] call __asan_poison_cxx_array_cookie after operator new[]
Richard Smith
richard at metafoo.co.uk
Mon Aug 25 12:47:05 PDT 2014
On Mon, Aug 25, 2014 at 11:21 AM, Kostya Serebryany <kcc at google.com> wrote:
> >>! In D4774#11, @samsonov wrote:>>! In D4774#10, @rsmith wrote:
> > Is this change correct? Suppose I do this:
> >
> > char Buffer[32];
> > // ...
> > new (Buffer) int[4];
> > // ...
> > new (Buffer) int(0);
> >
> > Won't we get a false positive on the last line?
>
> Not sure I understand this test.
> First, with arrays of PODs you don't have cookies at all.
> Second, do we have the cookie with placement new at all?
>
Good point. Here's a complete test case:
void *operator new[](unsigned long, char *);
struct S { S(); ~S(); int n; };
char Buffer[20];
S *p = new (Buffer) S[20];
int main() { return Buffer[0]; }
I think it's fine to activate the sanitizer for new-expressions that call
the usual (replaceable) global array new, since in that case the program
really can't use those bytes, and the only way to free them is with a
'delete[]' expression. But I don't think you can do this for a placement
array new.
(The good news is that placement array new's are not widely used and are
mostly useless so we don't lose much by adding this restriction.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20140825/0b6fa44a/attachment.html>
More information about the cfe-commits
mailing list