[compiler-rt] r218620 - [asan] add a test for array cookie if the operator new is defined inside the class (the cookie should not be poisoned in such case); update the related comment in asan_poisoning.cc

Evgeniy Stepanov eugeni.stepanov at gmail.com
Tue Sep 30 11:09:46 PDT 2014 

You are right, main() is special in this regard. Thanks for bringing this up!


On Tue, Sep 30, 2014 at 7:18 PM, David Blaikie <dblaikie at gmail.com> wrote:
>
>
> On Tue, Sep 30, 2014 at 5:24 AM, Evgeniy Stepanov
> <eugeni.stepanov at gmail.com> wrote:
>>
>> There is something wrong with this test on Android on ARM: the offset
>> is 8 bytes instead of sizeof(void*)==4.
>>
>>
>> http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/builds/13105/steps/run%20asan%20lit%20tests%20%5BAndroid%5D/logs/stdio
>>
>> Also, main() is missing a return statement.
>
>
> (FWIW main implicitly returns 0 if no return is given in C++ - so this is
> well defined (though coding styles/etc may vary on whether they prefer to
> use this language feature or prefer to be explicit))
>
>>
>>
>>
>> On Mon, Sep 29, 2014 at 11:40 PM, Kostya Serebryany <kcc at google.com>
>> wrote:
>> > Author: kcc
>> > Date: Mon Sep 29 14:40:56 2014
>> > New Revision: 218620
>> >
>> > URL: http://llvm.org/viewvc/llvm-project?rev=218620&view=rev
>> > Log:
>> > [asan] add a test for array cookie if the operator new is defined inside
>> > the class (the cookie should not be poisoned in such case); update the
>> > related comment in asan_poisoning.cc
>> >
>> > Added:
>> >
>> > compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc
>> > Modified:
>> >     compiler-rt/trunk/lib/asan/asan_poisoning.cc
>> >
>> > Modified: compiler-rt/trunk/lib/asan/asan_poisoning.cc
>> > URL:
>> > http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_poisoning.cc?rev=218620&r1=218619&r2=218620&view=diff
>> >
>> > ==============================================================================
>> > --- compiler-rt/trunk/lib/asan/asan_poisoning.cc (original)
>> > +++ compiler-rt/trunk/lib/asan/asan_poisoning.cc Mon Sep 29 14:40:56
>> > 2014
>> > @@ -252,7 +252,8 @@ uptr __asan_load_cxx_array_cookie(uptr *
>> >             "expect a double-free report\n");
>> >      return 0;
>> >    }
>> > -  // FIXME: apparently it can be something else; need to find a
>> > reproducer.
>> > +  // The cookie may remain unpoisoned if e.g. it comes from a custom
>> > +  // operator new defined inside a class.
>> >    return *p;
>> >  }
>> >
>> >
>> > Added:
>> > compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc
>> > URL:
>> > http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc?rev=218620&view=auto
>> >
>> > ==============================================================================
>> > ---
>> > compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc
>> > (added)
>> > +++
>> > compiler-rt/trunk/test/asan/TestCases/Linux/new_array_cookie_with_new_from_class.cc
>> > Mon Sep 29 14:40:56 2014
>> > @@ -0,0 +1,34 @@
>> > +// Test that we do not poison the array cookie if the operator new is
>> > defined
>> > +// inside the class.
>> > +// RUN: %clangxx_asan  %s -o %t && %run %t
>> > +#include <new>
>> > +#include <stdlib.h>
>> > +#include <stdint.h>
>> > +#include <stdio.h>
>> > +#include <assert.h>
>> > +struct Foo {
>> > +  void *operator new(size_t s) { return Allocate(s); }
>> > +  void *operator new[] (size_t s) { return Allocate(s); }
>> > +  ~Foo();
>> > +  static void *allocated;
>> > +  static void *Allocate(size_t s) {
>> > +    assert(!allocated);
>> > +    return allocated = ::new char[s];
>> > +  }
>> > +};
>> > +
>> > +Foo::~Foo() {}
>> > +void *Foo::allocated;
>> > +
>> > +Foo *getFoo(size_t n) {
>> > +  return new Foo[n];
>> > +}
>> > +
>> > +int main() {
>> > +  Foo *foo = getFoo(10);
>> > +  fprintf(stderr, "foo  : %p\n", foo);
>> > +  fprintf(stderr, "alloc: %p\n", Foo::allocated);
>> > +  assert(reinterpret_cast<uintptr_t>(foo) ==
>> > +         reinterpret_cast<uintptr_t>(Foo::allocated) + sizeof(void*));
>> > +  *reinterpret_cast<uintptr_t*>(Foo::allocated) = 42;
>> > +}
>> >
>> >
>> > _______________________________________________
>> > llvm-commits mailing list
>> > llvm-commits at cs.uiuc.edu
>> > http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>> _______________________________________________
>> llvm-commits mailing list
>> llvm-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>
>

More information about the llvm-commits mailing list