diff options
| author | Vedant Kumar <vsk@apple.com> | 2017-07-13 20:55:26 +0000 |
|---|---|---|
| committer | Vedant Kumar <vsk@apple.com> | 2017-07-13 20:55:26 +0000 |
| commit | 175b6d1f283ecc42ba7fdce7d97dc8b1c4f119f2 (patch) | |
| tree | 8d192a2f0760bc31fdf931090dccc4097a417b6c /clang/lib/CodeGen/CodeGenFunction.h | |
| parent | 982060b0a484ee7ad6628c0273b78f951e486baa (diff) | |
| download | bcm5719-llvm-175b6d1f283ecc42ba7fdce7d97dc8b1c4f119f2.tar.gz bcm5719-llvm-175b6d1f283ecc42ba7fdce7d97dc8b1c4f119f2.zip | |
[ubsan] Teach the pointer overflow check that "p - <unsigned> <= p" (PR33430)
The pointer overflow check gives false negatives when dealing with
expressions in which an unsigned value is subtracted from a pointer.
This is summarized in PR33430 [1]: ubsan permits the result of the
subtraction to be greater than "p", but it should not.
To fix the issue, we should track whether or not the pointer expression
is a subtraction. If it is, and the indices are unsigned, we know to
expect "p - <unsigned> <= p".
I've tested this by running check-{llvm,clang} with a stage2
ubsan-enabled build. I've also added some tests to compiler-rt, which
are in D34122.
[1] https://bugs.llvm.org/show_bug.cgi?id=33430
Differential Revision: https://reviews.llvm.org/D34121
llvm-svn: 307955
Diffstat (limited to 'clang/lib/CodeGen/CodeGenFunction.h')
| -rw-r--r-- | clang/lib/CodeGen/CodeGenFunction.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/clang/lib/CodeGen/CodeGenFunction.h b/clang/lib/CodeGen/CodeGenFunction.h index 5933e029be8..753dd92f307 100644 --- a/clang/lib/CodeGen/CodeGenFunction.h +++ b/clang/lib/CodeGen/CodeGenFunction.h @@ -3589,12 +3589,19 @@ public: /// nonnull, if \p LHS is marked _Nonnull. void EmitNullabilityCheck(LValue LHS, llvm::Value *RHS, SourceLocation Loc); + /// An enumeration which makes it easier to specify whether or not an + /// operation is a subtraction. + enum { NotSubtraction = false, IsSubtraction = true }; + /// Same as IRBuilder::CreateInBoundsGEP, but additionally emits a check to /// detect undefined behavior when the pointer overflow sanitizer is enabled. /// \p SignedIndices indicates whether any of the GEP indices are signed. + /// \p IsSubtraction indicates whether the expression used to form the GEP + /// is a subtraction. llvm::Value *EmitCheckedInBoundsGEP(llvm::Value *Ptr, ArrayRef<llvm::Value *> IdxList, bool SignedIndices, + bool IsSubtraction, SourceLocation Loc, const Twine &Name = ""); |
