diff options
| author | Florian Weimer <fweimer@redhat.com> | 2014-05-09 14:23:46 +0200 |
|---|---|---|
| committer | Florian Weimer <fw@gcc.gnu.org> | 2014-05-09 14:23:46 +0200 |
| commit | 6545746e3c784d94300954ccb155e6510c598ffa (patch) | |
| tree | 6da35ec3f858b95d454e7bb32fb9dd5f8dc6c95c /gcc/cfgexpand.c | |
| parent | b8d29c66597d6ff2a41ca6a190c0bd52126f491d (diff) | |
| download | gcc-6545746e3c784d94300954ccb155e6510c598ffa.tar.gz | |
-fstack-protector-strong: Instrumentation for return slots
This patch fixes a loophole in the -fstack-protector-strong protection.
If a function call uses a return slot, the caller needs stack protector
instrumentation because the return slot is addressable.
gcc/
2014-05-09 Florian Weimer <fweimer@redhat.com>
* cfgexpand.c (stack_protect_decl_p): New function, extracted from
expand_used_vars.
(stack_protect_return_slot_p): New function.
(expand_used_vars): Call stack_protect_decl_p and
stack_protect_return_slot_p for -fstack-protector-strong.
gcc/testsuite/
2014-05-09 Florian Weimer <fweimer@redhat.com>
* gcc.dg/fstack-protector-strong.c: Add coverage for return slots.
* g++.dg/fstack-protector-strong.C: Likewise.
* gcc.target/i386/ssp-strong-reg.c: New file.
From-SVN: r210275
Diffstat (limited to 'gcc/cfgexpand.c')
| -rw-r--r-- | gcc/cfgexpand.c | 64 |
1 files changed, 48 insertions, 16 deletions
diff --git a/gcc/cfgexpand.c b/gcc/cfgexpand.c index b57fac17eae..934f40d0627 100644 --- a/gcc/cfgexpand.c +++ b/gcc/cfgexpand.c @@ -1611,6 +1611,52 @@ record_or_union_type_has_array_p (const_tree tree_type) return 0; } +/* Check if the current function has local referenced variables that + have their addresses taken, contain an array, or are arrays. */ + +static bool +stack_protect_decl_p () +{ + unsigned i; + tree var; + + FOR_EACH_LOCAL_DECL (cfun, i, var) + if (!is_global_var (var)) + { + tree var_type = TREE_TYPE (var); + if (TREE_CODE (var) == VAR_DECL + && (TREE_CODE (var_type) == ARRAY_TYPE + || TREE_ADDRESSABLE (var) + || (RECORD_OR_UNION_TYPE_P (var_type) + && record_or_union_type_has_array_p (var_type)))) + return true; + } + return false; +} + +/* Check if the current function has calls that use a return slot. */ + +static bool +stack_protect_return_slot_p () +{ + basic_block bb; + + FOR_ALL_BB_FN (bb, cfun) + for (gimple_stmt_iterator gsi = gsi_start_bb (bb); + !gsi_end_p (gsi); gsi_next (&gsi)) + { + gimple stmt = gsi_stmt (gsi); + /* This assumes that calls to internal-only functions never + use a return slot. */ + if (is_gimple_call (stmt) + && !gimple_call_internal_p (stmt) + && aggregate_value_p (TREE_TYPE (gimple_call_fntype (stmt)), + gimple_call_fndecl (stmt))) + return true; + } + return false; +} + /* Expand all variables used in the function. */ static rtx @@ -1683,22 +1729,8 @@ expand_used_vars (void) pointer_map_destroy (ssa_name_decls); if (flag_stack_protect == SPCT_FLAG_STRONG) - FOR_EACH_LOCAL_DECL (cfun, i, var) - if (!is_global_var (var)) - { - tree var_type = TREE_TYPE (var); - /* Examine local referenced variables that have their addresses taken, - contain an array, or are arrays. */ - if (TREE_CODE (var) == VAR_DECL - && (TREE_CODE (var_type) == ARRAY_TYPE - || TREE_ADDRESSABLE (var) - || (RECORD_OR_UNION_TYPE_P (var_type) - && record_or_union_type_has_array_p (var_type)))) - { - gen_stack_protect_signal = true; - break; - } - } + gen_stack_protect_signal + = stack_protect_decl_p () || stack_protect_return_slot_p (); /* At this point all variables on the local_decls with TREE_USED set are not associated with any block scope. Lay them out. */ |