[compiler-rt] r273889 - [asan] fix false dynamic-stack-buffer-overflow report with constantly-sized dynamic allocas, compiler-rt part
Kuba Brecka via llvm-commits
llvm-commits at lists.llvm.org
Mon Jun 27 08:57:53 PDT 2016
Author: kuba.brecka
Date: Mon Jun 27 10:57:53 2016
New Revision: 273889
URL: http://llvm.org/viewvc/llvm-project?rev=273889&view=rev
Log:
[asan] fix false dynamic-stack-buffer-overflow report with constantly-sized dynamic allocas, compiler-rt part
See the bug report at https://github.com/google/sanitizers/issues/691. When a dynamic alloca has a constant size, ASan instrumentation will treat it as a regular dynamic alloca (insert calls to poison and unpoison), but the backend will turn it into a regular stack variable. The poisoning/unpoisoning is then broken. This patch will treat such allocas as static.
Differential Revision: http://reviews.llvm.org/D21509
Added:
compiler-rt/trunk/test/asan/TestCases/alloca_constant_size.cc
Added: compiler-rt/trunk/test/asan/TestCases/alloca_constant_size.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/alloca_constant_size.cc?rev=273889&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/alloca_constant_size.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/alloca_constant_size.cc Mon Jun 27 10:57:53 2016
@@ -0,0 +1,44 @@
+// Regression test for https://github.com/google/sanitizers/issues/691
+
+// RUN: %clangxx_asan -O0 %s -o %t -fstack-protector
+// RUN: %run %t 1 2>&1 | FileCheck %s
+// RUN: %run %t 2 2>&1 | FileCheck %s
+
+#include <alloca.h>
+#include <stdio.h>
+#include <string.h>
+
+void f1_alloca() {
+ char *dynamic_buffer = (char *)alloca(200);
+ fprintf(stderr, "dynamic_buffer = %p\n", dynamic_buffer);
+ memset(dynamic_buffer, 'y', 200);
+ return;
+}
+
+static const int kDynamicArraySize = 200;
+
+void f1_vla() {
+ char dynamic_buffer[kDynamicArraySize];
+ fprintf(stderr, "dynamic_buffer = %p\n", dynamic_buffer);
+ memset(dynamic_buffer, 'y', kDynamicArraySize);
+ return;
+}
+
+void f2() {
+ char buf[1024];
+ memset(buf, 'x', 1024);
+}
+
+int main(int argc, const char *argv[]) {
+ if (!strcmp(argv[1], "1")) {
+ f1_alloca();
+ } else if (!strcmp(argv[1], "2")) {
+ f1_vla();
+ }
+ f2();
+ fprintf(stderr, "Done.\n");
+ return 0;
+}
+
+// CHECK-NOT: ERROR: AddressSanitizer
+// CHECK: Done.
More information about the llvm-commits
mailing list