[PATCH] asan: fix overflows in isSafeAccess
Dmitry Vyukov
dvyukov at google.com
Tue Mar 10 03:24:34 PDT 2015
Hi nlopes,
As pointed out in http://reviews.llvm.org/D7583
The current checks can cause overflows when object size/access offset cross Quintillion bytes.
http://reviews.llvm.org/D8193
Files:
lib/Transforms/Instrumentation/AddressSanitizer.cpp
Index: lib/Transforms/Instrumentation/AddressSanitizer.cpp
===================================================================
--- lib/Transforms/Instrumentation/AddressSanitizer.cpp
+++ lib/Transforms/Instrumentation/AddressSanitizer.cpp
@@ -2051,12 +2051,12 @@
Value *Addr, uint64_t TypeSize) const {
SizeOffsetType SizeOffset = ObjSizeVis.compute(Addr);
if (!ObjSizeVis.bothKnown(SizeOffset)) return false;
- int64_t Size = SizeOffset.first.getSExtValue();
+ uint64_t Size = SizeOffset.first.getZExtValue();
int64_t Offset = SizeOffset.second.getSExtValue();
// Three checks are required to ensure safety:
// . Offset >= 0 (since the offset is given from the base ptr)
// . Size >= Offset (unsigned)
// . Size - Offset >= NeededSize (unsigned)
- return Offset >= 0 && Size >= Offset &&
- uint64_t(Size - Offset) >= TypeSize / 8;
+ return Offset >= 0 && Size >= uint64_t(Offset) &&
+ Size - uint64_t(Offset) >= TypeSize / 8;
}
EMAIL PREFERENCES
http://reviews.llvm.org/settings/panel/emailpreferences/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D8193.21558.patch
Type: text/x-patch
Size: 1011 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150310/17e42653/attachment.bin>
More information about the llvm-commits
mailing list