mirror of git://gcc.gnu.org/git/gcc.git
re PR sanitizer/69276 (Address sanitizer does not handle heap overflow)
Fix PR sanitizer/69276 * g++.dg/asan/pr69276.C: New test. PR sanitizer/PR69276 * asan.c (has_stmt_been_instrumented_p): Instrument gimple calls that are gimple_store_p. (maybe_instrument_call): Likewise. From-SVN: r233137
This commit is contained in:
Martin Liska
Martin Liska
parent
60d27907cc
commit
7db337c247
|
|
@ -1,3 +1,10 @@
|
|||
2016-02-04 Martin Liska <mliska@suse.cz>
|
||||
|
||||
PR sanitizer/69276
|
||||
* asan.c (has_stmt_been_instrumented_p): Instrument gimple calls
|
||||
that are gimple_store_p.
|
||||
(maybe_instrument_call): Likewise.
|
||||
|
||||
2016-02-04 Bin Cheng <bin.cheng@arm.com>
|
||||
|
||||
* config/aarch64/aarch64.c (aarch64_legitimize_address): Force
|
||||
|
|
|
|||
22
gcc/asan.c
22
gcc/asan.c
|
|
@ -897,6 +897,16 @@ has_stmt_been_instrumented_p (gimple *stmt)
|
|||
return true;
|
||||
}
|
||||
}
|
||||
else if (is_gimple_call (stmt) && gimple_store_p (stmt))
|
||||
{
|
||||
asan_mem_ref r;
|
||||
asan_mem_ref_init (&r, NULL, 1);
|
||||
|
||||
r.start = gimple_call_lhs (stmt);
|
||||
r.access_size = int_size_in_bytes (TREE_TYPE (r.start));
|
||||
return has_mem_ref_been_instrumented (&r);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -2038,6 +2048,18 @@ maybe_instrument_call (gimple_stmt_iterator *iter)
|
|||
gimple_set_location (g, gimple_location (stmt));
|
||||
gsi_insert_before (iter, g, GSI_SAME_STMT);
|
||||
}
|
||||
|
||||
if (gimple_store_p (stmt))
|
||||
{
|
||||
tree ref_expr = gimple_call_lhs (stmt);
|
||||
instrument_derefs (iter, ref_expr,
|
||||
gimple_location (stmt),
|
||||
/*is_store=*/true);
|
||||
|
||||
gsi_next (iter);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
2016-02-04 Martin Liska <mliska@suse.cz>
|
||||
|
||||
* g++.dg/asan/pr69276.C: New test.
|
||||
|
||||
2016-02-04 Kyrylo Tkachov <kyrylo.tkachov@arm.com>
|
||||
|
||||
PR target/65932
|
||||
|
|
|
|||
|
|
@ -0,0 +1,38 @@
|
|||
/* { dg-do run } */
|
||||
/* { dg-shouldfail "asan" } */
|
||||
/* { dg-additional-options "-O0 -fno-lto" } */
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
typedef __SIZE_TYPE__ size_t;
|
||||
inline void * operator new (size_t, void *p) { return p; }
|
||||
|
||||
|
||||
struct vec
|
||||
{
|
||||
int size;
|
||||
};
|
||||
|
||||
struct vnull
|
||||
{
|
||||
operator vec() { return vec(); }
|
||||
};
|
||||
vnull vNULL;
|
||||
|
||||
struct A
|
||||
{
|
||||
A(): value2 (vNULL), value3 (vNULL) {}
|
||||
int value;
|
||||
vec value2;
|
||||
vec value3;
|
||||
};
|
||||
|
||||
int main()
|
||||
{
|
||||
int *array = (int *)malloc (sizeof (int) * 1);
|
||||
A *a = new (array) A ();
|
||||
free (array);
|
||||
}
|
||||
|
||||
/* { dg-output "ERROR: AddressSanitizer: heap-buffer-overflow.*(\n|\r\n|\r)" } */
|
||||
/* { dg-output " #0 0x\[0-9a-f\]+ +in A::A()" } */
|
||||
Loading…
Reference in New Issue