2015-06-16 05:08:47 +08:00
|
|
|
// RUN: %clang_safestack %s -o %t
|
|
|
|
|
// RUN: %run %t
|
|
|
|
|
|
|
|
|
|
// RUN: %clang_nosafestack -fno-stack-protector %s -o %t
|
|
|
|
|
// RUN: not %run %t
|
|
|
|
|
|
|
|
|
|
// Test that buffer overflows on the unsafe stack do not affect variables on the
|
|
|
|
|
// safe stack.
|
|
|
|
|
|
2015-12-14 19:58:43 +08:00
|
|
|
// REQUIRES: stable-runtime
|
|
|
|
|
|
2015-06-16 05:08:47 +08:00
|
|
|
__attribute__((noinline))
|
|
|
|
|
void fct(volatile int *buffer)
|
|
|
|
|
{
|
|
|
|
|
memset(buffer - 1, 0, 7 * sizeof(int));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int main(int argc, char **argv)
|
|
|
|
|
{
|
Ensure safestack overflow test doesn't segfault
Summary:
In rL255491, the safestack overflow test was disabled for aarch64, since
it "is currently failing on an AArch64 buildbot with a segfault, but it
is currently passing on other configuration".
While testing on FreeBSD on x86, I also encountered a segfault. This is
because the `fct()` function actually writes before and after `buffer`,
and on FreeBSD this crashes because `buffer` is usually allocated at the
end of a page. That this runs correctly on Linux is probably just by
accident.
I propose to fix this by adding a pre and post buffer, to act as a
safety zone. The pre and post buffers must be accessed in an 'unsafe'
way, otherwise -fsanitize=safestack will allocate them on the safe
stack, and they will not bookend `buffer` itself. Therefore, I create
them large enough for `fct()`, and call it on both of them.
On FreeBSD, this makes the test run as expected, without segfaulting,
and I suppose this will also fix the segfault on AArch64. I do not have
AArch64 testing capabilities, so if someone could try that out, I would
be much obliged.
Reviewers: pcc, kcc, zatrazz
Subscribers: llvm-commits, aemerson, emaste
Differential Revision: http://reviews.llvm.org/D15725
llvm-svn: 257106
2016-01-08 06:19:12 +08:00
|
|
|
int prebuf[7];
|
2015-06-16 05:08:47 +08:00
|
|
|
int value1 = 42;
|
|
|
|
|
int buffer[5];
|
|
|
|
|
int value2 = 42;
|
Ensure safestack overflow test doesn't segfault
Summary:
In rL255491, the safestack overflow test was disabled for aarch64, since
it "is currently failing on an AArch64 buildbot with a segfault, but it
is currently passing on other configuration".
While testing on FreeBSD on x86, I also encountered a segfault. This is
because the `fct()` function actually writes before and after `buffer`,
and on FreeBSD this crashes because `buffer` is usually allocated at the
end of a page. That this runs correctly on Linux is probably just by
accident.
I propose to fix this by adding a pre and post buffer, to act as a
safety zone. The pre and post buffers must be accessed in an 'unsafe'
way, otherwise -fsanitize=safestack will allocate them on the safe
stack, and they will not bookend `buffer` itself. Therefore, I create
them large enough for `fct()`, and call it on both of them.
On FreeBSD, this makes the test run as expected, without segfaulting,
and I suppose this will also fix the segfault on AArch64. I do not have
AArch64 testing capabilities, so if someone could try that out, I would
be much obliged.
Reviewers: pcc, kcc, zatrazz
Subscribers: llvm-commits, aemerson, emaste
Differential Revision: http://reviews.llvm.org/D15725
llvm-svn: 257106
2016-01-08 06:19:12 +08:00
|
|
|
int postbuf[7];
|
|
|
|
|
fct(prebuf + 1);
|
|
|
|
|
fct(postbuf + 1);
|
2015-06-16 05:08:47 +08:00
|
|
|
fct(buffer);
|
|
|
|
|
return value1 != 42 || value2 != 42;
|
|
|
|
|
}
|