[libcxx-commits] [PATCH] D146815: [ASan][libc++] Annotating std::deque with all allocators
Tacet via Phabricator via libcxx-commits
libcxx-commits at lists.llvm.org
Fri Mar 24 08:25:27 PDT 2023
AdvenamTacet created this revision.
Herald added a project: All.
AdvenamTacet requested review of this revision.
Herald added a project: libc++.
Herald added a subscriber: libcxx-commits.
Herald added a reviewer: libc++.
This patch is part of our efforts to support container annotations with (almost) every allocator.
Annotating std::deque with default allocator is implemented in D132092 <https://reviews.llvm.org/D132092>.
Support in ASan API exests since rG1c5ad6d2c01294a0decde43a88e9c27d7437d157 <https://reviews.llvm.org/rG1c5ad6d2c01294a0decde43a88e9c27d7437d157>.
The motivation for a research and those changes was a bug, found by Trail of Bits, in a real code where an out-of-bounds read could happen as two strings were compared via a `std::equals` function that took `iter1_begin`, `iter1_end`, `iter2_begin` iterators (with a custom comparison function).
When object `iter1` was longer than `iter2`, read out-of-bounds on `iter2` could happen. Container sanitization would detect it.
If you have any questions, please email:
- advenam.tacet at trailofbits.com
- disconnect3d at trailofbits.com
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D146815
Files:
libcxx/include/deque
Index: libcxx/include/deque
===================================================================
--- libcxx/include/deque
+++ libcxx/include/deque
@@ -434,9 +434,6 @@
template <class _Tp, class _Allocator /*= allocator<_Tp>*/>
class _LIBCPP_TEMPLATE_VIS deque
{
-private:
- using __default_allocator_type = allocator<_Tp>;
-
public:
// types:
@@ -873,7 +870,7 @@
const void* __old_con_end,
const void* __new_con_beg,
const void* __new_con_end) const {
- if (__beg && is_same<allocator_type, __default_allocator_type>::value)
+ if (__beg != nullptr && __asan_annotate_container_with_allocator<_Allocator>::value)
__sanitizer_annotate_double_ended_contiguous_container(
__beg, __end, __old_con_beg, __old_con_end, __new_con_beg, __new_con_end);
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D146815.508106.patch
Type: text/x-patch
Size: 800 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/libcxx-commits/attachments/20230324/1ebc04d6/attachment.bin>
More information about the libcxx-commits
mailing list