[llvm] r232358 - asan: fix overflows in isSafeAccess

Mon Mar 16 01:04:26 PDT 2015

Author: dvyukov
Date: Mon Mar 16 03:04:26 2015
New Revision: 232358

URL: http://llvm.org/viewvc/llvm-project?rev=232358&view=rev
Log:
asan: fix overflows in isSafeAccess

As pointed out in http://reviews.llvm.org/D7583
The current checks can cause overflows when object size/access offset cross Quintillion bytes.

http://reviews.llvm.org/D8193


Modified:
    llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp

Modified: llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp?rev=232358&r1=232357&r2=232358&view=diff
==============================================================================

--- llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp (original)
+++ llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp Mon Mar 16 03:04:26 2015
@@ -2051,12 +2051,12 @@ bool AddressSanitizer::isSafeAccess(Obje
                                     Value *Addr, uint64_t TypeSize) const {
   SizeOffsetType SizeOffset = ObjSizeVis.compute(Addr);
   if (!ObjSizeVis.bothKnown(SizeOffset)) return false;
-  int64_t Size = SizeOffset.first.getSExtValue();
+  uint64_t Size = SizeOffset.first.getZExtValue();
   int64_t Offset = SizeOffset.second.getSExtValue();
   // Three checks are required to ensure safety:
   // . Offset >= 0  (since the offset is given from the base ptr)
   // . Size >= Offset  (unsigned)
   // . Size - Offset >= NeededSize  (unsigned)
-  return Offset >= 0 && Size >= Offset &&
-         uint64_t(Size - Offset) >= TypeSize / 8;
+  return Offset >= 0 && Size >= uint64_t(Offset) &&
+         Size - uint64_t(Offset) >= TypeSize / 8;
 }



