[PATCH] D21509: [asan] fix false dynamic-stack-buffer-overflow report with constantly-sized dynamic allocas
Kuba Brecka via llvm-commits
llvm-commits at lists.llvm.org
Sun Jun 19 13:02:54 PDT 2016
kubabrecka created this revision.
kubabrecka added reviewers: ygribov, kcc, m.ostapenko, eugenis.
kubabrecka added subscribers: llvm-commits, zaks.anna.
kubabrecka added a project: Sanitizers.
Herald added a subscriber: kubabrecka.
See the bug report at https://github.com/google/sanitizers/issues/691. When a dynamic alloca has a constant size, ASan instrumentation will treat it as a regular dynamic alloca (insert calls to poison and unpoison), but the backend will turn it into a regular stack variable. The poisoning/unpoisoning is then broken. This patch will treat such allocas as static.
http://reviews.llvm.org/D21509
Files:
lib/Transforms/Instrumentation/AddressSanitizer.cpp
projects/compiler-rt/test/asan/TestCases/alloca_constant_size.cc
projects/compiler-rt/test/asan/TestCases/alloca_constant_size2.cc
Index: projects/compiler-rt/test/asan/TestCases/alloca_constant_size2.cc
===================================================================
--- projects/compiler-rt/test/asan/TestCases/alloca_constant_size2.cc
+++ projects/compiler-rt/test/asan/TestCases/alloca_constant_size2.cc
@@ -0,0 +1,31 @@
+// Regression test for https://github.com/google/sanitizers/issues/691
+
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: %run %t 2>&1 | FileCheck %s
+
+#include <alloca.h>
+#include <stdio.h>
+#include <string.h>
+
+static const int kDynamicArraySize = 200;
+
+void f1() {
+ char dynamic_buffer[kDynamicArraySize];
+ fprintf(stderr, "dynamic_buffer = %p\n", dynamic_buffer);
+ return;
+}
+
+void f2() {
+ char buf[1024];
+ memset(buf, 'x', 1024);
+}
+
+int main(int argc, const char *argv[]) {
+ f1();
+ f2();
+ fprintf(stderr, "Done.\n");
+ return 0;
+}
+
+// CHECK-NOT: ERROR: AddressSanitizer
+// CHECK: Done.
Index: projects/compiler-rt/test/asan/TestCases/alloca_constant_size.cc
===================================================================
--- projects/compiler-rt/test/asan/TestCases/alloca_constant_size.cc
+++ projects/compiler-rt/test/asan/TestCases/alloca_constant_size.cc
@@ -0,0 +1,29 @@
+// Regression test for https://github.com/google/sanitizers/issues/691
+
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: %run %t 2>&1 | FileCheck %s
+
+#include <alloca.h>
+#include <stdio.h>
+#include <string.h>
+
+void f1() {
+ char *dynamic_buffer = (char *)alloca(200);
+ fprintf(stderr, "dynamic_buffer = %p\n", dynamic_buffer);
+ return;
+}
+
+void f2() {
+ char buf[1024];
+ memset(buf, 'x', 1024);
+}
+
+int main(int argc, const char *argv[]) {
+ f1();
+ f2();
+ fprintf(stderr, "Done.\n");
+ return 0;
+}
+
+// CHECK-NOT: ERROR: AddressSanitizer
+// CHECK: Done.
Index: lib/Transforms/Instrumentation/AddressSanitizer.cpp
===================================================================
--- lib/Transforms/Instrumentation/AddressSanitizer.cpp
+++ lib/Transforms/Instrumentation/AddressSanitizer.cpp
@@ -460,7 +460,7 @@
// Check if we have dynamic alloca.
bool isDynamicAlloca(AllocaInst &AI) const {
- return AI.isArrayAllocation() || !AI.isStaticAlloca();
+ return !AI.isStaticAlloca();
}
/// If it is an interesting memory access, return the PointerOperand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D21509.61221.patch
Type: text/x-patch
Size: 2313 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160619/567bfc6d/attachment.bin>
More information about the llvm-commits
mailing list