diff options
| author | Kostya Serebryany <kcc@google.com> | 2014-08-29 01:01:32 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2014-08-29 01:01:32 +0000 |
| commit | 4a9187a8105416b17349d4b589d073fe62a106eb (patch) | |
| tree | 57493fc67d09e083d66edbdf023235b8783036ad /clang/lib/CodeGen | |
| parent | 4ee2675dfea34926a75dfb61f9ced6a79c7d7eb5 (diff) | |
| download | bcm5719-llvm-4a9187a8105416b17349d4b589d073fe62a106eb.tar.gz bcm5719-llvm-4a9187a8105416b17349d4b589d073fe62a106eb.zip | |
call __asan_load_cxx_array_cookie when loading array cookie in asan mode.
Summary:
The current implementation of asan cookie is incorrect:
we add nosanitize metadata to the cookie load, but the metadata may be lost
and we will instrument the load from poisoned memory.
This change replaces the load with a call to __asan_load_cxx_array_cookie (r216692)
Reviewers: rsmith
Reviewed By: rsmith
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D5111
llvm-svn: 216702
Diffstat (limited to 'clang/lib/CodeGen')
| -rw-r--r-- | clang/lib/CodeGen/ItaniumCXXABI.cpp | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/clang/lib/CodeGen/ItaniumCXXABI.cpp b/clang/lib/CodeGen/ItaniumCXXABI.cpp index 5df3e43f488..f861af3e457 100644 --- a/clang/lib/CodeGen/ItaniumCXXABI.cpp +++ b/clang/lib/CodeGen/ItaniumCXXABI.cpp @@ -1476,8 +1476,9 @@ llvm::Value *ItaniumCXXABI::InitializeArrayCookie(CodeGenFunction &CGF, llvm::Value *NumElementsPtr = CGF.Builder.CreateBitCast(CookiePtr, NumElementsTy); llvm::Instruction *SI = CGF.Builder.CreateStore(NumElements, NumElementsPtr); - if (CGM.getLangOpts().Sanitize.Address && + if (CGM.getLangOpts().Sanitize.Address && AS == 0 && expr->getOperatorNew()->isReplaceableGlobalAllocationFunction()) { + // The store to the CookiePtr does not need to be instrumented. CGM.getSanitizerMetadata()->disableSanitizerForInstruction(SI); llvm::FunctionType *FTy = llvm::FunctionType::get(CGM.VoidTy, NumElementsTy, false); @@ -1507,10 +1508,18 @@ llvm::Value *ItaniumCXXABI::readArrayCookieImpl(CodeGenFunction &CGF, unsigned AS = allocPtr->getType()->getPointerAddressSpace(); numElementsPtr = CGF.Builder.CreateBitCast(numElementsPtr, CGF.SizeTy->getPointerTo(AS)); - llvm::Instruction *LI = CGF.Builder.CreateLoad(numElementsPtr); - if (CGM.getLangOpts().Sanitize.Address) - CGM.getSanitizerMetadata()->disableSanitizerForInstruction(LI); - return LI; + if (!CGM.getLangOpts().Sanitize.Address || AS != 0) + return CGF.Builder.CreateLoad(numElementsPtr); + // In asan mode emit a function call instead of a regular load and let the + // run-time deal with it: if the shadow is properly poisoned return the + // cookie, otherwise return 0 to avoid an infinite loop calling DTORs. + // We can't simply ignore this load using nosanitize metadata because + // the metadata may be lost. + llvm::FunctionType *FTy = + llvm::FunctionType::get(CGF.SizeTy, CGF.SizeTy->getPointerTo(0), false); + llvm::Constant *F = + CGM.CreateRuntimeFunction(FTy, "__asan_load_cxx_array_cookie"); + return CGF.Builder.CreateCall(F, numElementsPtr); } CharUnits ARMCXXABI::getArrayCookieSizeImpl(QualType elementType) { |
