[PATCH] D25199: [ubsan] Sanitize deleted pointers
Richard Smith via cfe-commits
cfe-commits at lists.llvm.org
Fri Oct 21 12:45:27 PDT 2016
On Tue, Oct 4, 2016 at 11:43 AM, Matt Gingell <gingell at google.com> wrote:
> Hi Richard,
>
> Thanks for your analysis.
>
> This patch is intended to mitigate use-after-free bugs. In that context a
> “define strict behavior for invalid pointer values” we could deploy in
> production code would be very useful. Maybe calling this a sanitizer is
> misleading, and instead it could be presented as “change implementation
> defined behavior to be less convenient but more security friendly."
OK, but you still need to address points #1-#3 of my email, which show
things that go wrong with this patch if you interpret it in that way. Point
#3 seems especially problematic. You can't store through the pointer before
the destructor runs, because the destructor is permitted to look at the
pointer, and you can't store through the pointer *after* the destructor
runs, because the destructor might have (say) deallocated the memory
containing the pointer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20161021/cbade62e/attachment-0001.html>
More information about the cfe-commits
mailing list