forked from OSchip/llvm-project
[asan] fix false dynamic-stack-buffer-overflow report with constantly-sized dynamic allocas, compiler-rt part
See the bug report at https://github.com/google/sanitizers/issues/691. When a dynamic alloca has a constant size, ASan instrumentation will treat it as a regular dynamic alloca (insert calls to poison and unpoison), but the backend will turn it into a regular stack variable. The poisoning/unpoisoning is then broken. This patch will treat such allocas as static. Differential Revision: http://reviews.llvm.org/D21509 llvm-svn: 273889
This commit is contained in:
parent
7d03ce480a
commit
7d1ebed0c5
|
@ -0,0 +1,44 @@
|
|||
// Regression test for https://github.com/google/sanitizers/issues/691
|
||||
|
||||
// RUN: %clangxx_asan -O0 %s -o %t -fstack-protector
|
||||
// RUN: %run %t 1 2>&1 | FileCheck %s
|
||||
// RUN: %run %t 2 2>&1 | FileCheck %s
|
||||
|
||||
#include <alloca.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
void f1_alloca() {
|
||||
char *dynamic_buffer = (char *)alloca(200);
|
||||
fprintf(stderr, "dynamic_buffer = %p\n", dynamic_buffer);
|
||||
memset(dynamic_buffer, 'y', 200);
|
||||
return;
|
||||
}
|
||||
|
||||
static const int kDynamicArraySize = 200;
|
||||
|
||||
void f1_vla() {
|
||||
char dynamic_buffer[kDynamicArraySize];
|
||||
fprintf(stderr, "dynamic_buffer = %p\n", dynamic_buffer);
|
||||
memset(dynamic_buffer, 'y', kDynamicArraySize);
|
||||
return;
|
||||
}
|
||||
|
||||
void f2() {
|
||||
char buf[1024];
|
||||
memset(buf, 'x', 1024);
|
||||
}
|
||||
|
||||
int main(int argc, const char *argv[]) {
|
||||
if (!strcmp(argv[1], "1")) {
|
||||
f1_alloca();
|
||||
} else if (!strcmp(argv[1], "2")) {
|
||||
f1_vla();
|
||||
}
|
||||
f2();
|
||||
fprintf(stderr, "Done.\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
// CHECK-NOT: ERROR: AddressSanitizer
|
||||
// CHECK: Done.
|
Loading…
Reference in New Issue