[PATCH] D34122: [ubsan] Teach the pointer overflow check that "p - <unsigned> <= p" (compiler-rt)

Vedant Kumar via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Mon Jun 12 15:34:15 PDT 2017 

vsk created this revision.
Herald added subscribers: dberris, kubamracek.

Compiler-rt changes associated with: https://reviews.llvm.org/D34121


https://reviews.llvm.org/D34122

Files:
  lib/ubsan/ubsan_handlers.cc
  test/ubsan/TestCases/Pointer/unsigned-index-expression.cpp


Index: test/ubsan/TestCases/Pointer/unsigned-index-expression.cpp
===================================================================
--- test/ubsan/TestCases/Pointer/unsigned-index-expression.cpp
+++ test/ubsan/TestCases/Pointer/unsigned-index-expression.cpp
@@ -1,13 +1,20 @@
-// RUN: %clangxx -fsanitize=pointer-overflow %s -o %t
+// RUN: %clangxx -std=c++11 -fsanitize=pointer-overflow %s -o %t
 // RUN: %t 2>&1 | FileCheck %s
 
 int main(int argc, char *argv[]) {
   char c;
   char *p = &c;
-  unsigned long long offset = -1;
+  unsigned long long neg_1 = -1;
 
-  // CHECK: unsigned-index-expression.cpp:[[@LINE+1]]:15: runtime error: unsigned pointer index expression result is 0x{{.*}}, preceding its base 0x{{.*}}
-  char *q = p + offset;
+  // CHECK: unsigned-index-expression.cpp:[[@LINE+1]]:15: runtime error: addition of unsigned offset to 0x{{.*}} overflowed to 0x{{.*}}
+  char *q = p + neg_1;
+
+  // CHECK: unsigned-index-expression.cpp:[[@LINE+1]]:16: runtime error: subtraction of unsigned offset from 0x{{.*}} overflowed to 0x{{.*}}
+  char *q1 = p - neg_1;
+
+  // CHECK: unsigned-index-expression.cpp:[[@LINE+2]]:16: runtime error: pointer index expression with base 0x{{0*}} overflowed to 0x{{.*}}
+  char *n = nullptr;
+  char *q2 = n - 1ULL;
 
   return 0;
 }
Index: lib/ubsan/ubsan_handlers.cc
===================================================================
--- lib/ubsan/ubsan_handlers.cc
+++ lib/ubsan/ubsan_handlers.cc
@@ -566,14 +566,19 @@
 
   ScopedReport R(Opts, Loc, ET);
 
-  if ((sptr(Base) >= 0) == (sptr(Result) >= 0))
-    Diag(Loc, DL_Error, "unsigned pointer index expression result is %0, "
-                        "preceding its base %1")
-        << (void *)Result << (void *)Base;
-  else
+  if ((sptr(Base) >= 0) == (sptr(Result) >= 0)) {
+    if (Base > Result)
+      Diag(Loc, DL_Error, "addition of unsigned offset to %0 overflowed to %1")
+          << (void *)Base << (void *)Result;
+    else
+      Diag(Loc, DL_Error,
+           "subtraction of unsigned offset from %0 overflowed to %1")
+          << (void *)Base << (void *)Result;
+  } else {
     Diag(Loc, DL_Error,
          "pointer index expression with base %0 overflowed to %1")
         << (void *)Base << (void *)Result;
+  }
 }
 
 void __ubsan::__ubsan_handle_pointer_overflow(PointerOverflowData *Data,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D34122.102252.patch
Type: text/x-patch
Size: 2329 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170612/0548c5c9/attachment.bin>

More information about the llvm-commits mailing list