diff options
| author | Kostya Serebryany <kcc@google.com> | 2014-08-26 02:29:59 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2014-08-26 02:29:59 +0000 |
| commit | 4ee6904288f1fde659fa00952ec0778bcca5e2b4 (patch) | |
| tree | 9459f63b23ad880c6f8682cd0235dffdba2929b6 /clang/lib/CodeGen/ItaniumCXXABI.cpp | |
| parent | b06f77b608a449ad7342977085dbab8c8e124b40 (diff) | |
| download | bcm5719-llvm-4ee6904288f1fde659fa00952ec0778bcca5e2b4.tar.gz bcm5719-llvm-4ee6904288f1fde659fa00952ec0778bcca5e2b4.zip | |
[clang/asan] call __asan_poison_cxx_array_cookie after operator new[]
Summary:
PR19838
When operator new[] is called and an array cookie is created
we want asan to detect buffer overflow bugs that touch the cookie.
For that we need to
a) poison the shadow for the array cookie (call __asan_poison_cxx_array_cookie).
b) ignore the legal accesses to the cookie generated by clang (add 'nosanitize' metadata)
Reviewers: timurrrr, samsonov, rsmith
Reviewed By: rsmith
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D4774
llvm-svn: 216434
Diffstat (limited to 'clang/lib/CodeGen/ItaniumCXXABI.cpp')
| -rw-r--r-- | clang/lib/CodeGen/ItaniumCXXABI.cpp | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/clang/lib/CodeGen/ItaniumCXXABI.cpp b/clang/lib/CodeGen/ItaniumCXXABI.cpp index 5fd0499f67b..5df3e43f488 100644 --- a/clang/lib/CodeGen/ItaniumCXXABI.cpp +++ b/clang/lib/CodeGen/ItaniumCXXABI.cpp @@ -1472,10 +1472,19 @@ llvm::Value *ItaniumCXXABI::InitializeArrayCookie(CodeGenFunction &CGF, CookieOffset.getQuantity()); // Write the number of elements into the appropriate slot. - llvm::Value *NumElementsPtr - = CGF.Builder.CreateBitCast(CookiePtr, - CGF.ConvertType(SizeTy)->getPointerTo(AS)); - CGF.Builder.CreateStore(NumElements, NumElementsPtr); + llvm::Type *NumElementsTy = CGF.ConvertType(SizeTy)->getPointerTo(AS); + llvm::Value *NumElementsPtr = + CGF.Builder.CreateBitCast(CookiePtr, NumElementsTy); + llvm::Instruction *SI = CGF.Builder.CreateStore(NumElements, NumElementsPtr); + if (CGM.getLangOpts().Sanitize.Address && + expr->getOperatorNew()->isReplaceableGlobalAllocationFunction()) { + CGM.getSanitizerMetadata()->disableSanitizerForInstruction(SI); + llvm::FunctionType *FTy = + llvm::FunctionType::get(CGM.VoidTy, NumElementsTy, false); + llvm::Constant *F = + CGM.CreateRuntimeFunction(FTy, "__asan_poison_cxx_array_cookie"); + CGF.Builder.CreateCall(F, NumElementsPtr); + } // Finally, compute a pointer to the actual data buffer by skipping // over the cookie completely. @@ -1498,7 +1507,10 @@ llvm::Value *ItaniumCXXABI::readArrayCookieImpl(CodeGenFunction &CGF, unsigned AS = allocPtr->getType()->getPointerAddressSpace(); numElementsPtr = CGF.Builder.CreateBitCast(numElementsPtr, CGF.SizeTy->getPointerTo(AS)); - return CGF.Builder.CreateLoad(numElementsPtr); + llvm::Instruction *LI = CGF.Builder.CreateLoad(numElementsPtr); + if (CGM.getLangOpts().Sanitize.Address) + CGM.getSanitizerMetadata()->disableSanitizerForInstruction(LI); + return LI; } CharUnits ARMCXXABI::getArrayCookieSizeImpl(QualType elementType) { |
