subject:"\[PATCH\] D41301\: ASan\+operator new\[\]\: Fix operator new\[\] cookie poisoning"

[PATCH] D41301: ASan+operator new[]: Fix operator new[] cookie poisoning

2018-01-02 Thread Filipe Cabecinhas via Phabricator via cfe-commits

This revision was automatically updated to reflect the committed changes.
Closed by commit rL321645: ASan+operator new[]: Fix operator new[] cookie 
poisoning (authored by filcab, committed by ).

Repository:
  rL LLVM

https://reviews.llvm.org/D41301

Files:
  cfe/trunk/lib/CodeGen/ItaniumCXXABI.cpp
  cfe/trunk/test/CodeGen/address-sanitizer-and-array-cookie.cpp


Index: cfe/trunk/test/CodeGen/address-sanitizer-and-array-cookie.cpp
===
--- cfe/trunk/test/CodeGen/address-sanitizer-and-array-cookie.cpp
+++ cfe/trunk/test/CodeGen/address-sanitizer-and-array-cookie.cpp
@@ -7,7 +7,7 @@
   std::nothrow_t nothrow;
 }
 void *operator new[](size_t, const std::nothrow_t &) throw();
-void *operator new[](size_t, char *);
+void *operator new[](size_t, void *);
 
 struct C {
   int x;
@@ -53,3 +53,11 @@
 }
 // ASAN-LABEL: CallPlacementNew
 // ASAN-NOT: __asan_poison_cxx_array_cookie
+
+void *operator new[](size_t n, int);
+
+C *CallNewWithArgs() {
+// ASAN-LABEL: CallNewWithArgs
+// ASAN: call void @__asan_poison_cxx_array_cookie
+  return new (123) C[20];
+}
Index: cfe/trunk/lib/CodeGen/ItaniumCXXABI.cpp
===
--- cfe/trunk/lib/CodeGen/ItaniumCXXABI.cpp
+++ cfe/trunk/lib/CodeGen/ItaniumCXXABI.cpp
@@ -1847,8 +1847,7 @@
   llvm::Instruction *SI = CGF.Builder.CreateStore(NumElements, NumElementsPtr);
 
   // Handle the array cookie specially in ASan.
-  if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address) && AS == 0 &&
-  expr->getOperatorNew()->isReplaceableGlobalAllocationFunction()) {
+  if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address) && AS == 0) {
 // The store to the CookiePtr does not need to be instrumented.
 CGM.getSanitizerMetadata()->disableSanitizerForInstruction(SI);
 llvm::FunctionType *FTy =


Index: cfe/trunk/test/CodeGen/address-sanitizer-and-array-cookie.cpp
===
--- cfe/trunk/test/CodeGen/address-sanitizer-and-array-cookie.cpp
+++ cfe/trunk/test/CodeGen/address-sanitizer-and-array-cookie.cpp
@@ -7,7 +7,7 @@
   std::nothrow_t nothrow;
 }
 void *operator new[](size_t, const std::nothrow_t &) throw();
-void *operator new[](size_t, char *);
+void *operator new[](size_t, void *);
 
 struct C {
   int x;
@@ -53,3 +53,11 @@
 }
 // ASAN-LABEL: CallPlacementNew
 // ASAN-NOT: __asan_poison_cxx_array_cookie
+
+void *operator new[](size_t n, int);
+
+C *CallNewWithArgs() {
+// ASAN-LABEL: CallNewWithArgs
+// ASAN: call void @__asan_poison_cxx_array_cookie
+  return new (123) C[20];
+}
Index: cfe/trunk/lib/CodeGen/ItaniumCXXABI.cpp
===
--- cfe/trunk/lib/CodeGen/ItaniumCXXABI.cpp
+++ cfe/trunk/lib/CodeGen/ItaniumCXXABI.cpp
@@ -1847,8 +1847,7 @@
   llvm::Instruction *SI = CGF.Builder.CreateStore(NumElements, NumElementsPtr);
 
   // Handle the array cookie specially in ASan.
-  if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address) && AS == 0 &&
-  expr->getOperatorNew()->isReplaceableGlobalAllocationFunction()) {
+  if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address) && AS == 0) {
 // The store to the CookiePtr does not need to be instrumented.
 CGM.getSanitizerMetadata()->disableSanitizerForInstruction(SI);
 llvm::FunctionType *FTy =
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D41301: ASan+operator new[]: Fix operator new[] cookie poisoning

2017-12-15 Thread John McCall via Phabricator via cfe-commits

rjmccall accepted this revision.
rjmccall added a comment.
This revision is now accepted and ready to land.

LGTM.


Repository:
  rC Clang

https://reviews.llvm.org/D41301



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D41301: ASan+operator new[]: Fix operator new[] cookie poisoning

2017-12-15 Thread Filipe Cabecinhas via Phabricator via cfe-commits

filcab created this revision.
filcab added reviewers: rjmccall, kcc, rsmith.

The C++ Itanium ABI says:
No cookie is required if the new operator being used is ::operator 
new[](size_t, void*).

We should only avoid poisoning the cookie if we're calling this
operator, not others. This is dealt with before the call to
InitializeArrayCookie.


Repository:
  rC Clang

https://reviews.llvm.org/D41301

Files:
  lib/CodeGen/ItaniumCXXABI.cpp
  test/CodeGen/address-sanitizer-and-array-cookie.cpp


Index: test/CodeGen/address-sanitizer-and-array-cookie.cpp
===
--- test/CodeGen/address-sanitizer-and-array-cookie.cpp
+++ test/CodeGen/address-sanitizer-and-array-cookie.cpp
@@ -7,7 +7,7 @@
   std::nothrow_t nothrow;
 }
 void *operator new[](size_t, const std::nothrow_t &) throw();
-void *operator new[](size_t, char *);
+void *operator new[](size_t, void *);
 
 struct C {
   int x;
@@ -53,3 +53,11 @@
 }
 // ASAN-LABEL: CallPlacementNew
 // ASAN-NOT: __asan_poison_cxx_array_cookie
+
+void *operator new[](size_t n, int);
+
+C *CallNewWithArgs() {
+// ASAN-LABEL: CallNewWithArgs
+// ASAN: call void @__asan_poison_cxx_array_cookie
+  return new (123) C[20];
+}
Index: lib/CodeGen/ItaniumCXXABI.cpp
===
--- lib/CodeGen/ItaniumCXXABI.cpp
+++ lib/CodeGen/ItaniumCXXABI.cpp
@@ -1843,8 +1843,7 @@
   llvm::Instruction *SI = CGF.Builder.CreateStore(NumElements, NumElementsPtr);
 
   // Handle the array cookie specially in ASan.
-  if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address) && AS == 0 &&
-  expr->getOperatorNew()->isReplaceableGlobalAllocationFunction()) {
+  if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address) && AS == 0) {
 // The store to the CookiePtr does not need to be instrumented.
 CGM.getSanitizerMetadata()->disableSanitizerForInstruction(SI);
 llvm::FunctionType *FTy =


Index: test/CodeGen/address-sanitizer-and-array-cookie.cpp
===
--- test/CodeGen/address-sanitizer-and-array-cookie.cpp
+++ test/CodeGen/address-sanitizer-and-array-cookie.cpp
@@ -7,7 +7,7 @@
   std::nothrow_t nothrow;
 }
 void *operator new[](size_t, const std::nothrow_t &) throw();
-void *operator new[](size_t, char *);
+void *operator new[](size_t, void *);
 
 struct C {
   int x;
@@ -53,3 +53,11 @@
 }
 // ASAN-LABEL: CallPlacementNew
 // ASAN-NOT: __asan_poison_cxx_array_cookie
+
+void *operator new[](size_t n, int);
+
+C *CallNewWithArgs() {
+// ASAN-LABEL: CallNewWithArgs
+// ASAN: call void @__asan_poison_cxx_array_cookie
+  return new (123) C[20];
+}
Index: lib/CodeGen/ItaniumCXXABI.cpp
===
--- lib/CodeGen/ItaniumCXXABI.cpp
+++ lib/CodeGen/ItaniumCXXABI.cpp
@@ -1843,8 +1843,7 @@
   llvm::Instruction *SI = CGF.Builder.CreateStore(NumElements, NumElementsPtr);
 
   // Handle the array cookie specially in ASan.
-  if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address) && AS == 0 &&
-  expr->getOperatorNew()->isReplaceableGlobalAllocationFunction()) {
+  if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address) && AS == 0) {
 // The store to the CookiePtr does not need to be instrumented.
 CGM.getSanitizerMetadata()->disableSanitizerForInstruction(SI);
 llvm::FunctionType *FTy =
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D41301: ASan+operator new[]: Fix operator new[] cookie poisoning

[PATCH] D41301: ASan+operator new[]: Fix operator new[] cookie poisoning

[PATCH] D41301: ASan+operator new[]: Fix operator new[] cookie poisoning

3 matches

Site Navigation

Mail list logo

Footer information