diff options
author | Filipe Cabecinhas <me@filcab.net> | 2018-01-02 13:21:50 +0000 |
---|---|---|
committer | Filipe Cabecinhas <me@filcab.net> | 2018-01-02 13:21:50 +0000 |
commit | ec6c5b21c037ce75b94ce3e33a4fa563f2bb8f48 (patch) | |
tree | 2a5c634a7062d7bf9fce8479b0c3920869ab0c23 | |
parent | d9551a3cb4a454e0818e345bdba510e1cb6dbbdd (diff) | |
download | clang-ec6c5b21c037ce75b94ce3e33a4fa563f2bb8f48.tar.gz |
ASan+operator new[]: Fix operator new[] cookie poisoning
Summary:
The C++ Itanium ABI says:
No cookie is required if the new operator being used is ::operator new[](size_t, void*).
We should only avoid poisoning the cookie if we're calling this
operator, not others. This is dealt with before the call to
InitializeArrayCookie.
Reviewers: rjmccall, kcc, rsmith
Subscribers: cfe-commits
Differential Revision: https://reviews.llvm.org/D41301
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@321645 91177308-0d34-0410-b5e6-96231b3b80d8
-rw-r--r-- | lib/CodeGen/ItaniumCXXABI.cpp | 3 | ||||
-rw-r--r-- | test/CodeGen/address-sanitizer-and-array-cookie.cpp | 10 |
2 files changed, 10 insertions, 3 deletions
diff --git a/lib/CodeGen/ItaniumCXXABI.cpp b/lib/CodeGen/ItaniumCXXABI.cpp index c375b82ea9..bfb18aee2e 100644 --- a/lib/CodeGen/ItaniumCXXABI.cpp +++ b/lib/CodeGen/ItaniumCXXABI.cpp @@ -1847,8 +1847,7 @@ Address ItaniumCXXABI::InitializeArrayCookie(CodeGenFunction &CGF, llvm::Instruction *SI = CGF.Builder.CreateStore(NumElements, NumElementsPtr); // Handle the array cookie specially in ASan. - if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address) && AS == 0 && - expr->getOperatorNew()->isReplaceableGlobalAllocationFunction()) { + if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address) && AS == 0) { // The store to the CookiePtr does not need to be instrumented. CGM.getSanitizerMetadata()->disableSanitizerForInstruction(SI); llvm::FunctionType *FTy = diff --git a/test/CodeGen/address-sanitizer-and-array-cookie.cpp b/test/CodeGen/address-sanitizer-and-array-cookie.cpp index ea89537789..90b6ad0e05 100644 --- a/test/CodeGen/address-sanitizer-and-array-cookie.cpp +++ b/test/CodeGen/address-sanitizer-and-array-cookie.cpp @@ -7,7 +7,7 @@ namespace std { std::nothrow_t nothrow; } void *operator new[](size_t, const std::nothrow_t &) throw(); -void *operator new[](size_t, char *); +void *operator new[](size_t, void *); struct C { int x; @@ -53,3 +53,11 @@ C *CallPlacementNew() { } // ASAN-LABEL: CallPlacementNew // ASAN-NOT: __asan_poison_cxx_array_cookie + +void *operator new[](size_t n, int); + +C *CallNewWithArgs() { +// ASAN-LABEL: CallNewWithArgs +// ASAN: call void @__asan_poison_cxx_array_cookie + return new (123) C[20]; +} |