public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "kcc at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/61293] asan can not find left buffer overflow of new[]-allocated buffer, frontend help needed Date: Fri, 23 May 2014 13:51:00 -0000 [thread overview] Message-ID: <bug-61293-4-eD6Dgavc3Y@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-61293-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61293 --- Comment #2 from Kostya Serebryany <kcc at gcc dot gnu.org> --- (In reply to Jakub Jelinek from comment #1) > IMNSHO you can't change the value of extra, that is an ABI issue, > and -fsanitize=address shouldn't be an ABI changing option. Consider: > struct S { S (); ~S (); }; > S *foo (int n) { return new S[n]; } > void bar (S *p) { delete [] p; } > int main () { bar (foo (5)); } > where bar is defined in a different compilation unit/library and something > is built with -fsanitize=address, something is not. > > If the padding before structure is at least 64-bit, sure, instrumenting the > FE to put there an __asan_poison_memory_region call after the size is stored yep > there > and in delete[] again to __asan_unpoison_memory_region before reading the > size should not be that hard. Yes, but a bit more preferable is to ignore the instructions reading the size instead of calling __asan_unpoison_memory_region. Consider a case where the DTORs are accessing the array itself out of bounds. (We've seen similar things!!) That's a bit harder to implement though. > > For 32-bit code if the type doesn't need at least 64-bit alignment (again, > alignment of the type is an ABI thing), you are out of luck I'm afraid. Yea... We can theoretically request operator new to return memory that is == 4 mod 8 for these cases. That's a bit complicated too... > Thus, e.g. tests for this will need to be conditionalized.
next prev parent reply other threads:[~2014-05-23 13:51 UTC|newest] Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2014-05-23 13:08 [Bug sanitizer/61293] New: " kcc at gcc dot gnu.org 2014-05-23 13:26 ` [Bug sanitizer/61293] " jakub at gcc dot gnu.org 2014-05-23 13:51 ` kcc at gcc dot gnu.org [this message] 2014-05-23 14:14 ` jakub at gcc dot gnu.org 2014-08-28 1:19 ` kcc at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-61293-4-eD6Dgavc3Y@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).