diff options
| author | Vedant Kumar <vsk@apple.com> | 2017-06-12 18:42:51 +0000 |
|---|---|---|
| committer | Vedant Kumar <vsk@apple.com> | 2017-06-12 18:42:51 +0000 |
| commit | 8c31c2a5467f904ea2a7b1fd39dd7b3c1b17f097 (patch) | |
| tree | 4797c475f48ebe3feb35d64adc7b6896f5491b84 | |
| parent | 6dbf4274a5275116a79bb23d68d1ac42d54fb266 (diff) | |
| download | bcm5719-llvm-8c31c2a5467f904ea2a7b1fd39dd7b3c1b17f097.tar.gz bcm5719-llvm-8c31c2a5467f904ea2a7b1fd39dd7b3c1b17f097.zip | |
[ubsan] Detect invalid unsigned pointer index expression (compiler-rt)
Compiler-rt part of: https://reviews.llvm.org/D33910
Differential Revision: https://reviews.llvm.org/D33911
llvm-svn: 305217
| -rw-r--r-- | compiler-rt/lib/ubsan/ubsan_handlers.cc | 10 | ||||
| -rw-r--r-- | compiler-rt/test/ubsan/TestCases/Pointer/unsigned-index-expression.cpp | 13 |
2 files changed, 21 insertions, 2 deletions
diff --git a/compiler-rt/lib/ubsan/ubsan_handlers.cc b/compiler-rt/lib/ubsan/ubsan_handlers.cc index 80cc8ad2579..5dabbd8e08c 100644 --- a/compiler-rt/lib/ubsan/ubsan_handlers.cc +++ b/compiler-rt/lib/ubsan/ubsan_handlers.cc @@ -566,8 +566,14 @@ static void handlePointerOverflowImpl(PointerOverflowData *Data, ScopedReport R(Opts, Loc, ET); - Diag(Loc, DL_Error, "pointer index expression with base %0 overflowed to %1") - << (void *)Base << (void*)Result; + if ((sptr(Base) >= 0) == (sptr(Result) >= 0)) + Diag(Loc, DL_Error, "unsigned pointer index expression result is %0, " + "preceding its base %1") + << (void *)Result << (void *)Base; + else + Diag(Loc, DL_Error, + "pointer index expression with base %0 overflowed to %1") + << (void *)Base << (void *)Result; } void __ubsan::__ubsan_handle_pointer_overflow(PointerOverflowData *Data, diff --git a/compiler-rt/test/ubsan/TestCases/Pointer/unsigned-index-expression.cpp b/compiler-rt/test/ubsan/TestCases/Pointer/unsigned-index-expression.cpp new file mode 100644 index 00000000000..991374b5a67 --- /dev/null +++ b/compiler-rt/test/ubsan/TestCases/Pointer/unsigned-index-expression.cpp @@ -0,0 +1,13 @@ +// RUN: %clangxx -fsanitize=pointer-overflow %s -o %t +// RUN: %t 2>&1 | FileCheck %s + +int main(int argc, char *argv[]) { + char c; + char *p = &c; + unsigned long long offset = -1; + + // CHECK: unsigned-index-expression.cpp:[[@LINE+1]]:15: runtime error: unsigned pointer index expression result is 0x{{.*}}, preceding its base 0x{{.*}} + char *q = p + offset; + + return 0; +} |
