[compiler-rt] r218620 - [asan] add a test for array cookie if the operator new is defined inside the class (the cookie should not be poisoned in such case); update the related comment in asan_poisoning.cc

Kostya Serebryany kcc at google.com
Mon Sep 29 12:40:57 PDT 2014 

Author: kcc
Date: Mon Sep 29 14:40:56 2014
New Revision: 218620

URL: http://llvm.org/viewvc/llvm-project?rev=218620&view=rev
Log:
[asan] add a test for array cookie if the operator new is defined inside the class (the cookie should not be poisoned in such case); update the related comment in asan_poisoning.cc

Added:
    compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc
Modified:
    compiler-rt/trunk/lib/asan/asan_poisoning.cc

Modified: compiler-rt/trunk/lib/asan/asan_poisoning.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_poisoning.cc?rev=218620&r1=218619&r2=218620&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/asan_poisoning.cc (original)
+++ compiler-rt/trunk/lib/asan/asan_poisoning.cc Mon Sep 29 14:40:56 2014
@@ -252,7 +252,8 @@ uptr __asan_load_cxx_array_cookie(uptr *
            "expect a double-free report\n");
     return 0;
   }
-  // FIXME: apparently it can be something else; need to find a reproducer.
+  // The cookie may remain unpoisoned if e.g. it comes from a custom
+  // operator new defined inside a class.
   return *p;
 }
 

Added: compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc?rev=218620&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc Mon Sep 29 14:40:56 2014
@@ -0,0 +1,34 @@
+// Test that we do not poison the array cookie if the operator new is defined
+// inside the class.
+// RUN: %clangxx_asan  %s -o %t && %run %t
+#include <new>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <assert.h>
+struct Foo {
+  void *operator new(size_t s) { return Allocate(s); }
+  void *operator new[] (size_t s) { return Allocate(s); }
+  ~Foo();
+  static void *allocated;
+  static void *Allocate(size_t s) {
+    assert(!allocated);
+    return allocated = ::new char[s];
+  }
+};
+
+Foo::~Foo() {}
+void *Foo::allocated;
+
+Foo *getFoo(size_t n) {
+  return new Foo[n];
+}
+
+int main() {
+  Foo *foo = getFoo(10);
+  fprintf(stderr, "foo  : %p\n", foo);
+  fprintf(stderr, "alloc: %p\n", Foo::allocated);
+  assert(reinterpret_cast<uintptr_t>(foo) ==
+         reinterpret_cast<uintptr_t>(Foo::allocated) + sizeof(void*));
+  *reinterpret_cast<uintptr_t*>(Foo::allocated) = 42;
+}

More information about the llvm-commits mailing list