git
/
gcc
mirror of git://gcc.gnu.org/git/gcc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

re PR sanitizer/69276 (Address sanitizer does not handle heap overflow) 

Fix PR sanitizer/69276

	* g++.dg/asan/pr69276.C: New test.
	PR sanitizer/PR69276
	* asan.c (has_stmt_been_instrumented_p): Instrument gimple calls
	that are gimple_store_p.
	(maybe_instrument_call): Likewise.

From-SVN: r233137
This commit is contained in:
Martin Liska 2016-02-04 12:50:40 +01:00 committed by Martin Liska
parent 60d27907cc
commit 7db337c247
4 changed files with 71 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
gcc/ChangeLog
View File

@ -1,3 +1,10 @@
2016-02-04 Martin Liska <mliska@suse.cz>
PR sanitizer/69276
* asan.c (has_stmt_been_instrumented_p): Instrument gimple calls
that are gimple_store_p.
(maybe_instrument_call): Likewise.
2016-02-04 Bin Cheng <bin.cheng@arm.com> 2016-02-04 Bin Cheng <bin.cheng@arm.com>
* config/aarch64/aarch64.c (aarch64_legitimize_address): Force * config/aarch64/aarch64.c (aarch64_legitimize_address): Force

22
gcc/asan.c
View File

@ -897,6 +897,16 @@ has_stmt_been_instrumented_p (gimple *stmt)
return true; return true;
} }
} }
else if (is_gimple_call (stmt) && gimple_store_p (stmt))
{
asan_mem_ref r;
asan_mem_ref_init (&r, NULL, 1);
r.start = gimple_call_lhs (stmt);
r.access_size = int_size_in_bytes (TREE_TYPE (r.start));
return has_mem_ref_been_instrumented (&r);
}
return false; return false;
} }
@ -2038,6 +2048,18 @@ maybe_instrument_call (gimple_stmt_iterator *iter)
gimple_set_location (g, gimple_location (stmt)); gimple_set_location (g, gimple_location (stmt));
gsi_insert_before (iter, g, GSI_SAME_STMT); gsi_insert_before (iter, g, GSI_SAME_STMT);
} }
if (gimple_store_p (stmt))
{
tree ref_expr = gimple_call_lhs (stmt);
instrument_derefs (iter, ref_expr,
gimple_location (stmt),
/*is_store=*/true);
gsi_next (iter);
return true;
}
return false; return false;
} }

4
gcc/testsuite/ChangeLog
View File

@ -1,3 +1,7 @@
2016-02-04 Martin Liska <mliska@suse.cz>
* g++.dg/asan/pr69276.C: New test.
2016-02-04 Kyrylo Tkachov <kyrylo.tkachov@arm.com> 2016-02-04 Kyrylo Tkachov <kyrylo.tkachov@arm.com>
PR target/65932 PR target/65932

38
gcc/testsuite/g++.dg/asan/pr69276.C Normal file
View File

@ -0,0 +1,38 @@
/* { dg-do run } */
/* { dg-shouldfail "asan" } */
/* { dg-additional-options "-O0 -fno-lto" } */
#include <stdlib.h>
typedef __SIZE_TYPE__ size_t;
inline void * operator new (size_t, void *p) { return p; }
struct vec
{
int size;
};
struct vnull
{
operator vec() { return vec(); }
};
vnull vNULL;
struct A
{
A(): value2 (vNULL), value3 (vNULL) {}
int value;
vec value2;
vec value3;
};
int main()
{
int *array = (int *)malloc (sizeof (int) * 1);
A *a = new (array) A ();
free (array);
}
/* { dg-output "ERROR: AddressSanitizer: heap-buffer-overflow.*(\n|\r\n|\r)" } */
/* { dg-output " #0 0x\[0-9a-f\]+ +in A::A()" } */