[compiler-rt] r218620 - [asan] add a test for array cookie if the operator new is defined inside the class (the cookie should not be poisoned in such case); update the related comment in asan_poisoning.cc

David Blaikie dblaikie at gmail.com
Tue Sep 30 08:18:06 PDT 2014 

On Tue, Sep 30, 2014 at 5:24 AM, Evgeniy Stepanov <eugeni.stepanov at gmail.com
> wrote:

> There is something wrong with this test on Android on ARM: the offset
> is 8 bytes instead of sizeof(void*)==4.
>
>
> http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/builds/13105/steps/run%20asan%20lit%20tests%20%5BAndroid%5D/logs/stdio
>
> Also, main() is missing a return statement.
>

(FWIW main implicitly returns 0 if no return is given in C++ - so this is
well defined (though coding styles/etc may vary on whether they prefer to
use this language feature or prefer to be explicit))


>
>
> On Mon, Sep 29, 2014 at 11:40 PM, Kostya Serebryany <kcc at google.com>
> wrote:
> > Author: kcc
> > Date: Mon Sep 29 14:40:56 2014
> > New Revision: 218620
> >
> > URL: http://llvm.org/viewvc/llvm-project?rev=218620&view=rev
> > Log:
> > [asan] add a test for array cookie if the operator new is defined inside
> the class (the cookie should not be poisoned in such case); update the
> related comment in asan_poisoning.cc
> >
> > Added:
> >
>  compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc
> > Modified:
> >     compiler-rt/trunk/lib/asan/asan_poisoning.cc
> >
> > Modified: compiler-rt/trunk/lib/asan/asan_poisoning.cc
> > URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_poisoning.cc?rev=218620&r1=218619&r2=218620&view=diff
> >
> ==============================================================================
> > --- compiler-rt/trunk/lib/asan/asan_poisoning.cc (original)
> > +++ compiler-rt/trunk/lib/asan/asan_poisoning.cc Mon Sep 29 14:40:56 2014
> > @@ -252,7 +252,8 @@ uptr __asan_load_cxx_array_cookie(uptr *
> >             "expect a double-free report\n");
> >      return 0;
> >    }
> > -  // FIXME: apparently it can be something else; need to find a
> reproducer.
> > +  // The cookie may remain unpoisoned if e.g. it comes from a custom
> > +  // operator new defined inside a class.
> >    return *p;
> >  }
> >
> >
> > Added:
> compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc
> > URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc?rev=218620&view=auto
> >
> ==============================================================================
> > ---
> compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc
> (added)
> > +++
> compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc
> Mon Sep 29 14:40:56 2014
> > @@ -0,0 +1,34 @@
> > +// Test that we do not poison the array cookie if the operator new is
> defined
> > +// inside the class.
> > +// RUN: %clangxx_asan  %s -o %t && %run %t
> > +#include <new>
> > +#include <stdlib.h>
> > +#include <stdint.h>
> > +#include <stdio.h>
> > +#include <assert.h>
> > +struct Foo {
> > +  void *operator new(size_t s) { return Allocate(s); }
> > +  void *operator new[] (size_t s) { return Allocate(s); }
> > +  ~Foo();
> > +  static void *allocated;
> > +  static void *Allocate(size_t s) {
> > +    assert(!allocated);
> > +    return allocated = ::new char[s];
> > +  }
> > +};
> > +
> > +Foo::~Foo() {}
> > +void *Foo::allocated;
> > +
> > +Foo *getFoo(size_t n) {
> > +  return new Foo[n];
> > +}
> > +
> > +int main() {
> > +  Foo *foo = getFoo(10);
> > +  fprintf(stderr, "foo  : %p\n", foo);
> > +  fprintf(stderr, "alloc: %p\n", Foo::allocated);
> > +  assert(reinterpret_cast<uintptr_t>(foo) ==
> > +         reinterpret_cast<uintptr_t>(Foo::allocated) + sizeof(void*));
> > +  *reinterpret_cast<uintptr_t*>(Foo::allocated) = 42;
> > +}
> >
> >
> > _______________________________________________
> > llvm-commits mailing list
> > llvm-commits at cs.uiuc.edu
> > http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20140930/da684d88/attachment.html>

More information about the llvm-commits mailing list