[compiler-rt] r273889 - [asan] fix false dynamic-stack-buffer-overflow report with constantly-sized dynamic allocas, compiler-rt part

Kuba Brecka via llvm-commits llvm-commits at lists.llvm.org
Mon Jun 27 08:57:53 PDT 2016 

Author: kuba.brecka
Date: Mon Jun 27 10:57:53 2016
New Revision: 273889

URL: http://llvm.org/viewvc/llvm-project?rev=273889&view=rev
Log:
[asan] fix false dynamic-stack-buffer-overflow report with constantly-sized dynamic allocas, compiler-rt part

See the bug report at https://github.com/google/sanitizers/issues/691. When a dynamic alloca has a constant size, ASan instrumentation will treat it as a regular dynamic alloca (insert calls to poison and unpoison), but the backend will turn it into a regular stack variable. The poisoning/unpoisoning is then broken. This patch will treat such allocas as static.

Differential Revision: http://reviews.llvm.org/D21509


Added:
    compiler-rt/trunk/test/asan/TestCases/alloca_constant_size.cc

Added: compiler-rt/trunk/test/asan/TestCases/alloca_constant_size.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/alloca_constant_size.cc?rev=273889&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/alloca_constant_size.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/alloca_constant_size.cc Mon Jun 27 10:57:53 2016
@@ -0,0 +1,44 @@
+// Regression test for https://github.com/google/sanitizers/issues/691
+
+// RUN: %clangxx_asan -O0 %s -o %t -fstack-protector
+// RUN: %run %t 1 2>&1 | FileCheck %s
+// RUN: %run %t 2 2>&1 | FileCheck %s
+
+#include <alloca.h>
+#include <stdio.h>
+#include <string.h>
+
+void f1_alloca() {
+  char *dynamic_buffer = (char *)alloca(200);
+  fprintf(stderr, "dynamic_buffer = %p\n", dynamic_buffer);
+  memset(dynamic_buffer, 'y', 200);
+  return;
+}
+
+static const int kDynamicArraySize = 200;
+
+void f1_vla() {
+  char dynamic_buffer[kDynamicArraySize];
+  fprintf(stderr, "dynamic_buffer = %p\n", dynamic_buffer);
+  memset(dynamic_buffer, 'y', kDynamicArraySize);
+  return;
+}
+
+void f2() {
+  char buf[1024];
+  memset(buf, 'x', 1024);
+}
+
+int main(int argc, const char *argv[]) {
+  if (!strcmp(argv[1], "1")) {
+    f1_alloca();
+  } else if (!strcmp(argv[1], "2")) {
+    f1_vla();
+  }
+  f2();
+  fprintf(stderr, "Done.\n");
+  return 0;
+}
+
+// CHECK-NOT: ERROR: AddressSanitizer
+// CHECK: Done.

More information about the llvm-commits mailing list