re PR sanitizer/62089 (Sanitizer may fail to instrument struct accesses)

2014-08-18 Yury Gribov <y.gribov@samsung.com> PR sanitizer/62089 gcc/ * asan.c (instrument_derefs): Fix bitfield check. gcc/testsuite/ * c-c++-common/asan/pr62089.c: New test. * c-c++-common/asan/bitfield-1.c: New test. * c-c++-common/asan/bitfield-2.c: New test. * c-c++-common/asan/bitfield-3.c: New test. * c-c++-common/asan/bitfield-4.c: New test. From-SVN: r214086

re PR sanitizer/62089 (Sanitizer may fail to instrument struct accesses)
2014-08-18 Yury Gribov <y.gribov@samsung.com> PR sanitizer/62089 gcc/ * asan.c (instrument_derefs): Fix bitfield check. gcc/testsuite/ * c-c++-common/asan/pr62089.c: New test. * c-c++-common/asan/bitfield-1.c: New test. * c-c++-common/asan/bitfield-2.c: New test. * c-c++-common/asan/bitfield-3.c: New test. * c-c++-common/asan/bitfield-4.c: New test. From-SVN: r214086
87d1d65a · Yury Gribov · Yury Gribov · 495e77b3 · 87d1d65a · 87d1d65a
Commit 87d1d65a authored Aug 18, 2014 by Yury Gribov Committed by Yury Gribov Aug 18, 2014
8 changed files
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
+2014-08-18  Yury Gribov  <y.gribov@samsung.com>
+
+	PR sanitizer/62089
+	* asan.c (instrument_derefs): Fix bitfield check.
+
 2014-08-17  Segher Boessenkool  <segher@kernel.crashing.org>

 	* config/rs6000/constraints.md ("S"): Require TARGET_POWERPC64.

--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -1690,21 +1690,19 @@ instrument_derefs (gimple_stmt_iterator *iter, tree t,
  int volatilep = 0, unsignedp = 0;
  tree inner = get_inner_reference (t, &bitsize, &bitpos, &offset,
 				    &mode, &unsignedp, &volatilep, false);
-  if (((size_in_bytes & (size_in_bytes - 1)) == 0
-       && (bitpos % (size_in_bytes * BITS_PER_UNIT)))
-      || bitsize != size_in_bytes * BITS_PER_UNIT)
+
+  if (TREE_CODE (t) == COMPONENT_REF
+      && DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1)) != NULL_TREE)
    {
-      if (TREE_CODE (t) == COMPONENT_REF
-	  && DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1)) != NULL_TREE)
-	{
-	  tree repr = DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1));
-	  instrument_derefs (iter, build3 (COMPONENT_REF, TREE_TYPE (repr),
-					   TREE_OPERAND (t, 0), repr,
-					   NULL_TREE), location, is_store);
-	}
+      tree repr = DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1));
+      instrument_derefs (iter, build3 (COMPONENT_REF, TREE_TYPE (repr),
+				       TREE_OPERAND (t, 0), repr,
+				       NULL_TREE), location, is_store);
      return;
    }
-  if (bitpos % BITS_PER_UNIT)
+
+  if (bitpos % BITS_PER_UNIT
+      || bitsize != size_in_bytes * BITS_PER_UNIT)
    return;

  if (TREE_CODE (inner) == VAR_DECL

--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
+2014-08-18  Yury Gribov  <y.gribov@samsung.com>
+
+	PR sanitizer/62089
+	* c-c++-common/asan/pr62089.c: New test.
+	* c-c++-common/asan/bitfield-1.c: New test.
+	* c-c++-common/asan/bitfield-2.c: New test.
+	* c-c++-common/asan/bitfield-3.c: New test.
+	* c-c++-common/asan/bitfield-4.c: New test.
+
 2014-08-18  Kugan Vivekanandarajah  <kuganv@linaro.org>

 	PR tree-optimization/52904

--- a/gcc/testsuite/c-c++-common/asan/bitfield-1.c
+++ b/gcc/testsuite/c-c++-common/asan/bitfield-1.c
+/* Check that Asan correctly instruments bitfields with non-round size.  */
+
+/* { dg-do run } */
+/* { dg-shouldfail "asan" } */
+
+struct A
+{
+  char base;
+  int : 4;
+  long x : 7;
+};
+
+int __attribute__ ((noinline, noclone))
+f (void *p) {
+  return ((struct A *)p)->x;
+}
+
+int
+main ()
+{
+  char a = 0;
+  return f (&a);
+}
+
+/* { dg-output "ERROR: AddressSanitizer: stack-buffer-overflow" } */
--- a/gcc/testsuite/c-c++-common/asan/bitfield-2.c
+++ b/gcc/testsuite/c-c++-common/asan/bitfield-2.c
+/* Check that Asan correctly instruments bitfields with non-round offset.  */
+
+/* { dg-do run } */
+/* { dg-shouldfail "asan" } */
+
+struct A
+{
+  char base;
+  int : 7;
+  int x : 8;
+};
+
+int __attribute__ ((noinline, noclone))
+f (void *p) {
+  return ((struct A *)p)->x;
+}
+
+int
+main ()
+{
+  char a = 0;
+  return f (&a);
+}
+
+/* { dg-output "ERROR: AddressSanitizer: stack-buffer-overflow" } */
--- a/gcc/testsuite/c-c++-common/asan/bitfield-3.c
+++ b/gcc/testsuite/c-c++-common/asan/bitfield-3.c
+/* Check that Asan correctly instruments bitfields with round offset.  */
+
+/* { dg-do run } */
+/* { dg-shouldfail "asan" } */
+
+struct A
+{
+  char base;
+  int : 8;
+  int x : 8;
+};
+
+int __attribute__ ((noinline, noclone))
+f (void *p) {
+  return ((struct A *)p)->x;
+}
+
+int
+main ()
+{
+  char a = 0;
+  return f (&a);
+}
+
+/* { dg-output "ERROR: AddressSanitizer: stack-buffer-overflow" } */
--- a/gcc/testsuite/c-c++-common/asan/bitfield-4.c
+++ b/gcc/testsuite/c-c++-common/asan/bitfield-4.c
+/* Check that Asan correctly instruments bitfields with round offset.  */
+
+/* { dg-do run } */
+/* { dg-shouldfail "asan" } */
+
+struct A
+{
+  char base;
+  int : 0;
+  int x : 8;
+};
+
+int __attribute__ ((noinline, noclone))
+f (void *p) {
+  return ((struct A *)p)->x;
+}
+
+int
+main ()
+{
+  char a = 0;
+  return f (&a);
+}
+
+/* { dg-output "ERROR: AddressSanitizer: stack-buffer-overflow" } */
--- a/gcc/testsuite/c-c++-common/asan/pr62089.c
+++ b/gcc/testsuite/c-c++-common/asan/pr62089.c
+/* { dg-do run } */
+/* { dg-shouldfail "asan" } */
+
+#include <sanitizer/asan_interface.h>
+
+struct vfsmount {};
+struct dentry {};
+
+struct path {
+  struct vfsmount *mnt;
+  struct dentry *dentry;
+};
+
+struct fs_struct {
+  int users;
+  int lock;
+  int seq;
+  int umask;
+  int in_exec;
+  struct path root, pwd;
+};
+
+void __attribute__((noinline, noclone))
+copy_fs_struct(struct fs_struct *a, struct fs_struct *b) {
+  a->root = b->root;
+}
+
+struct fs_struct a, b;
+
+int
+main () {
+  __asan_poison_memory_region (&a.root, sizeof (a.root));
+  copy_fs_struct (&a, &b);
+  return 0;
+}
+
+/* { dg-output "ERROR: AddressSanitizer: use-after-poison" } */