re PR sanitizer/69276 (Address sanitizer does not handle heap overflow)

Fix PR sanitizer/69276 * g++.dg/asan/pr69276.C: New test. PR sanitizer/PR69276 * asan.c (has_stmt_been_instrumented_p): Instrument gimple calls that are gimple_store_p. (maybe_instrument_call): Likewise. From-SVN: r233137

re PR sanitizer/69276 (Address sanitizer does not handle heap overflow)
Fix PR sanitizer/69276 * g++.dg/asan/pr69276.C: New test. PR sanitizer/PR69276 * asan.c (has_stmt_been_instrumented_p): Instrument gimple calls that are gimple_store_p. (maybe_instrument_call): Likewise. From-SVN: r233137
7db337c2 · Martin Liska · Martin Liska · 60d27907 · 7db337c2 · 7db337c2
Commit 7db337c2 authored Feb 04, 2016 by Martin Liska Committed by Martin Liska Feb 04, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 71 additions and 0 deletions

gcc/ChangeLog
+7 -0

gcc/asan.c
+22 -0

gcc/testsuite/ChangeLog
+4 -0

gcc/testsuite/g++.dg/asan/pr69276.C
+38 -0

No files found.
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
+2016-02-04  Martin Liska  <mliska@suse.cz>
+
+	PR sanitizer/69276
+	* asan.c (has_stmt_been_instrumented_p): Instrument gimple calls
+	that are gimple_store_p.
+	(maybe_instrument_call): Likewise.
+
 2016-02-04  Bin Cheng  <bin.cheng@arm.com>

 	* config/aarch64/aarch64.c (aarch64_legitimize_address): Force

--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -897,6 +897,16 @@ has_stmt_been_instrumented_p (gimple *stmt)
 	  return true;
 	}
    }
+  else if (is_gimple_call (stmt) && gimple_store_p (stmt))
+    {
+      asan_mem_ref r;
+      asan_mem_ref_init (&r, NULL, 1);
+
+      r.start = gimple_call_lhs (stmt);
+      r.access_size = int_size_in_bytes (TREE_TYPE (r.start));
+      return has_mem_ref_been_instrumented (&r);
+    }
+
  return false;
 }

@@ -2038,6 +2048,18 @@ maybe_instrument_call (gimple_stmt_iterator *iter)
      gimple_set_location (g, gimple_location (stmt));
      gsi_insert_before (iter, g, GSI_SAME_STMT);
    }
+
+  if (gimple_store_p (stmt))
+    {
+      tree ref_expr = gimple_call_lhs (stmt);
+      instrument_derefs (iter, ref_expr,
+			 gimple_location (stmt),
+			 /*is_store=*/true);
+
+      gsi_next (iter);
+      return true;
+    }
+
  return false;
 }


--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
+2016-02-04  Martin Liska  <mliska@suse.cz>
+
+	* g++.dg/asan/pr69276.C: New test.
+
 2016-02-04  Kyrylo Tkachov  <kyrylo.tkachov@arm.com>

 	PR target/65932

--- a/gcc/testsuite/g++.dg/asan/pr69276.C
+++ b/gcc/testsuite/g++.dg/asan/pr69276.C
+/* { dg-do run } */
+/* { dg-shouldfail "asan" } */
+/* { dg-additional-options "-O0 -fno-lto" } */
+
+#include <stdlib.h>
+
+typedef __SIZE_TYPE__ size_t;
+inline void * operator new (size_t, void *p) { return p; }
+
+
+struct vec
+{
+  int size;
+};
+
+struct vnull
+{
+  operator vec() { return vec(); }
+};
+vnull vNULL;
+
+struct A
+{
+  A(): value2 (vNULL), value3 (vNULL) {}
+  int value;
+  vec value2;
+  vec value3;
+};
+
+int main()
+{
+  int *array = (int *)malloc (sizeof (int) * 1);
+  A *a = new (array) A ();
+  free (array);
+}
+
+/* { dg-output "ERROR: AddressSanitizer: heap-buffer-overflow.*(\n|\r\n|\r)" } */
+/* { dg-output "    #0 0x\[0-9a-f\]+ +in A::A()" } */