asan.c (instrument_strlen_call): Fixed instrumentation of trailing byte.

2014-06-18 Yury Gribov <y.gribov@samsung.com> gcc/ * asan.c (instrument_strlen_call): Fixed instrumentation of trailing byte. gcc/testsuite/ * c-c++-common/asan/strlen-overflow-1.c: New test. Co-Authored-By: Max Ostapenko <m.ostapenko@partner.samsung.com> From-SVN: r211849

asan.c (instrument_strlen_call): Fixed instrumentation of trailing byte.
2014-06-18 Yury Gribov <y.gribov@samsung.com> gcc/ * asan.c (instrument_strlen_call): Fixed instrumentation of trailing byte. gcc/testsuite/ * c-c++-common/asan/strlen-overflow-1.c: New test. Co-Authored-By: Max Ostapenko <m.ostapenko@partner.samsung.com> From-SVN: r211849
0cbf438b · Yury Gribov · Maxim Ostapenko · bec81025 · 0cbf438b · 0cbf438b
Commit 0cbf438b authored Jun 20, 2014 by Yury Gribov Committed by Maxim Ostapenko Jun 20, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 52 additions and 10 deletions

gcc/ChangeLog
+7 -0

gcc/asan.c
+10 -10

gcc/testsuite/ChangeLog
+6 -0

gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
+29 -0

No files found.
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
+2014-06-20  Yury Gribov  <y.gribov@samsung.com>
+	    Max Ostapenko  <m.ostapenko@partner.samsung.com>
+
+	PR sanitizer/61547
+	* asan.c (instrument_strlen_call): Fixed instrumentation of
+	trailing byte.
+
 2014-06-20  Martin Jambor  <mjambor@suse.cz>

 	PR ipa/61540

--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -2037,19 +2037,19 @@ instrument_strlen_call (gimple_stmt_iterator *iter)

  build_check_stmt (loc, gimple_assign_lhs (str_arg_ssa), NULL_TREE, 1, iter,
 		    /*non_zero_len_p*/true, /*before_p=*/true,
-		    /*is_store=*/false, /*is_scalar_access*/false, /*align*/0);
+		    /*is_store=*/false, /*is_scalar_access*/true, /*align*/0);

-  gimple stmt =
-    gimple_build_assign_with_ops (PLUS_EXPR,
-				  make_ssa_name (TREE_TYPE (len), NULL),
-				  len,
-				  build_int_cst (TREE_TYPE (len), 1));
-  gimple_set_location (stmt, loc);
-  gsi_insert_after (iter, stmt, GSI_NEW_STMT);
+  gimple g =
+    gimple_build_assign_with_ops (POINTER_PLUS_EXPR,
+				  make_ssa_name (cptr_type, NULL),
+				  gimple_assign_lhs (str_arg_ssa),
+				  len);
+  gimple_set_location (g, loc);
+  gsi_insert_after (iter, g, GSI_NEW_STMT);

-  build_check_stmt (loc, gimple_assign_lhs (stmt), len, 1, iter,
+  build_check_stmt (loc, gimple_assign_lhs (g), NULL_TREE, 1, iter,
 		    /*non_zero_len_p*/true, /*before_p=*/false,
-		    /*is_store=*/false, /*is_scalar_access*/false, /*align*/0);
+		    /*is_store=*/false, /*is_scalar_access*/true, /*align*/0);

  return true;
 }

--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
+2014-06-20  Yury Gribov  <y.gribov@samsung.com>
+	    Max Ostapenko  <m.ostapenko@partner.samsung.com>
+
+	PR sanitizer/61547
+	* c-c++-common/asan/strlen-overflow-1.c: New test.
+
 2014-06-20  Martin Jambor  <mjambor@suse.cz>

 	PR ipa/61540

--- a/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
+++ b/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
+/* { dg-do run } */
+/* { dg-skip-if "" { *-*-* } { "-flto" } { "" } } */
+/* { dg-shouldfail "asan" } */
+
+#include <sanitizer/asan_interface.h>
+
+char a[2] = "0";
+
+#ifdef __cplusplus
+extern "C"
+#endif
+
+__attribute__((no_sanitize_address, noinline)) __SIZE_TYPE__
+strlen (const char *p) {
+
+  __SIZE_TYPE__ n = 0;
+  for (; *p; ++n, ++p);
+  return n;
+}
+
+int main () {
+  char *p = &a[0];
+  asm ("" : "+r"(p));
+  __asan_poison_memory_region ((char *)&a[1], 1);
+  return __builtin_strlen (a);
+}
+
+/* { dg-output "READ of size 1 at 0x\[0-9a-f\]+ thread T0.*(\n|\r\n|\r)" } */
+/* { dg-output "    #0 0x\[0-9a-f\]+ (in _*main (\[^\n\r]*strlen-overflow-1.c:24|\[^\n\r]*:0)|\[(\]).*(\n|\r\n|\r)" } */