[PATCH] D123544: [randstruct] Automatically randomize a structure of function pointers
Bill Wendling via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Apr 11 13:51:32 PDT 2022
void created this revision.
void added reviewers: aaron.ballman, MaskRay.
Herald added a subscriber: StephenFan.
Herald added a project: All.
void requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
Strutures of function pointers are a good surface area for attacks. We
should therefore randomize them unless explicitly told not to.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D123544
Files:
clang/lib/Sema/SemaDecl.cpp
clang/unittests/AST/RandstructTest.cpp
Index: clang/unittests/AST/RandstructTest.cpp
===================================================================
--- clang/unittests/AST/RandstructTest.cpp
+++ clang/unittests/AST/RandstructTest.cpp
@@ -417,5 +417,49 @@
EXPECT_TRUE(AnonUnionTested);
}
+TEST(RANDSTRUCT_TEST, AutoRandomizeStructOfFunctionPointers) {
+ const std::unique_ptr<ASTUnit> AST = makeAST(R"c(
+ typedef void (*func_ptr)();
+
+ struct test {
+ func_ptr a;
+ func_ptr b;
+ func_ptr c;
+ func_ptr d;
+ func_ptr e;
+ func_ptr f;
+ func_ptr g;
+ };
+ )c");
+
+ EXPECT_FALSE(AST->getDiagnostics().hasErrorOccurred());
+
+ const RecordDecl *RD = getRecordDeclFromAST(AST->getASTContext(), "test");
+
+ EXPECT_TRUE(RD->isRandomized());
+}
+
+TEST(RANDSTRUCT_TEST, DisableAutoRandomizeStructOfFunctionPointers) {
+ const std::unique_ptr<ASTUnit> AST = makeAST(R"c(
+ typedef void (*func_ptr)();
+
+ struct test {
+ func_ptr a;
+ func_ptr b;
+ func_ptr c;
+ func_ptr d;
+ func_ptr e;
+ func_ptr f;
+ func_ptr g;
+ } __attribute__((no_randomize_layout));
+ )c");
+
+ EXPECT_FALSE(AST->getDiagnostics().hasErrorOccurred());
+
+ const RecordDecl *RD = getRecordDeclFromAST(AST->getASTContext(), "test");
+
+ EXPECT_FALSE(RD->isRandomized());
+}
+
} // namespace ast_matchers
} // namespace clang
Index: clang/lib/Sema/SemaDecl.cpp
===================================================================
--- clang/lib/Sema/SemaDecl.cpp
+++ clang/lib/Sema/SemaDecl.cpp
@@ -17969,8 +17969,22 @@
// Handle attributes before checking the layout.
ProcessDeclAttributeList(S, Record, Attrs);
- // Maybe randomize the field order.
- if (!getLangOpts().CPlusPlus && Record->hasAttr<RandomizeLayoutAttr>() &&
+ // Check to see if a FieldDecl is a pointer to a function.
+ auto IsFunctionPointer = [&](const FieldDecl *FD) {
+ QualType FieldType = FD->getType().getDesugaredType(Context);
+ if (isa<PointerType>(FieldType)) {
+ QualType PointeeType = cast<PointerType>(FieldType)->getPointeeType();
+ return PointeeType.getDesugaredType(Context)->isFunctionType();
+ }
+ return false;
+ };
+
+ // Maybe randomize the field order. We automatically randomize a structure
+ // of function pointers, unless it has the "no_randomize_layout" attribute.
+ if (!getLangOpts().CPlusPlus &&
+ (Record->hasAttr<RandomizeLayoutAttr>() ||
+ (!Record->hasAttr<NoRandomizeLayoutAttr>() &&
+ llvm::all_of(Record->fields(), IsFunctionPointer))) &&
!Record->isUnion() && !getLangOpts().RandstructSeed.empty() &&
!Record->isRandomized()) {
SmallVector<Decl *, 32> OrigFieldOrdering(Record->fields());
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D123544.422031.patch
Type: text/x-patch
Size: 2755 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20220411/cb670111/attachment.bin>
More information about the cfe-commits
mailing list