[Bug sanitizer/61293] asan can not find left buffer overflow of new[]-allocated buffer, frontend help needed

["kcc at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61293

--- Comment #2 from Kostya Serebryany <kcc at gcc dot gnu.org> ---
(In reply to Jakub Jelinek from comment #1)
> IMNSHO you can't change the value of extra, that is an ABI issue,
> and -fsanitize=address shouldn't be an ABI changing option.  Consider:
> struct S { S (); ~S (); };
> S *foo (int n) { return new S[n]; }
> void bar (S *p) { delete [] p; }
> int main () { bar (foo (5)); }
> where bar is defined in a different compilation unit/library and something
> is built with -fsanitize=address, something is not.
> 
> If the padding before structure is at least 64-bit, sure, instrumenting the
> FE to put there an __asan_poison_memory_region call after the size is stored

yep

> there
> and in delete[] again to __asan_unpoison_memory_region before reading the
> size should not be that hard.

Yes, but a bit more preferable is to ignore the instructions
reading the size instead of calling __asan_unpoison_memory_region. 
Consider a case where the DTORs are accessing the array itself out of bounds.
(We've seen similar things!!)
That's a bit harder to implement though. 

> 
> For 32-bit code if the type doesn't need at least 64-bit alignment (again,
> alignment of the type is an ABI thing), you are out of luck I'm afraid.
Yea... We can theoretically request operator new to 
return memory that is == 4 mod 8 for these cases. 
That's a bit complicated too...



> Thus, e.g. tests for this will need to be conditionalized.