diff options
| author | Chris Lattner <sabre@nondot.org> | 2010-07-20 20:19:24 +0000 |
|---|---|---|
| committer | Chris Lattner <sabre@nondot.org> | 2010-07-20 20:19:24 +0000 |
| commit | 26008e07dea3ca4e4ee1f7634923059ea7f17f7a (patch) | |
| tree | 8c49fce66759baecc9e1497120a425d04adc8af6 /clang/test/CodeGenCXX/operator-new.cpp | |
| parent | 47a0f0d56f7a229bf2646c7b69fbe1ed43b87715 (diff) | |
| download | bcm5719-llvm-26008e07dea3ca4e4ee1f7634923059ea7f17f7a.tar.gz bcm5719-llvm-26008e07dea3ca4e4ee1f7634923059ea7f17f7a.zip | |
implement rdar://5739832 - operator new should check for overflow in multiply,
causing clang to compile this code into something that correctly throws a
length error, fixing a potential integer overflow security attack:
void *test(long N) {
return new int[N];
}
int main() {
test(1L << 62);
}
We do this even when exceptions are disabled, because it is better for the
code to abort than for the attack to succeed.
This is heavily based on a patch that Fariborz wrote.
llvm-svn: 108915
Diffstat (limited to 'clang/test/CodeGenCXX/operator-new.cpp')
| -rw-r--r-- | clang/test/CodeGenCXX/operator-new.cpp | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/clang/test/CodeGenCXX/operator-new.cpp b/clang/test/CodeGenCXX/operator-new.cpp index f718faebef0..f5cb2fb6c5d 100644 --- a/clang/test/CodeGenCXX/operator-new.cpp +++ b/clang/test/CodeGenCXX/operator-new.cpp @@ -11,7 +11,21 @@ public: }; void f1() { - // CHECK-SANE: declare noalias i8* @_Znwj( - // CHECK-SANENOT: declare i8* @_Znwj( + // SANE: declare noalias i8* @_Znwj( + // SANENOT: declare i8* @_Znwj( new teste(); } + + +// rdar://5739832 - operator new should check for overflow in multiply. +void *f2(long N) { + return new int[N]; + +// SANE: call{{.*}}@llvm.umul.with.overflow +// SANE: extractvalue +// SANE: br i1{{.*}}, label %throw_length_error, label %no_overflow + +// SANE: throw_length_error: +// SANE: call void @_ZSt20__throw_length_errorPKc +// SANE: unreachable +} |
