From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 539 invoked by alias); 16 Oct 2014 08:38:50 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 527 invoked by uid 89); 16 Oct 2014 08:38:48 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: mailout1.w1.samsung.com Received: from mailout1.w1.samsung.com (HELO mailout1.w1.samsung.com) (210.118.77.11) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (DES-CBC3-SHA encrypted) ESMTPS; Thu, 16 Oct 2014 08:38:47 +0000 Received: from eucpsbgm1.samsung.com (unknown [203.254.199.244]) by mailout1.w1.samsung.com (Oracle Communications Messaging Server 7u4-24.01(7.0.4.24.0) 64bit (built Nov 17 2011)) with ESMTP id <0NDJ00EDD45EYC20@mailout1.w1.samsung.com> for gcc-patches@gcc.gnu.org; Thu, 16 Oct 2014 09:41:38 +0100 (BST) Received: from eusync3.samsung.com ( [203.254.199.213]) by eucpsbgm1.samsung.com (EUCPMTA) with SMTP id A7.E3.25543.3148F345; Thu, 16 Oct 2014 09:38:44 +0100 (BST) Received: from [106.109.9.145] by eusync3.samsung.com (Oracle Communications Messaging Server 7u4-23.01(7.0.4.23.0) 64bit (built Aug 10 2011)) with ESMTPA id <0NDJ00E9S40J1C80@eusync3.samsung.com>; Thu, 16 Oct 2014 09:38:43 +0100 (BST) Message-id: <543F841B.3040105@samsung.com> Date: Thu, 16 Oct 2014 08:39:00 -0000 From: Yury Gribov User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-version: 1.0 To: GCC Patches Cc: Jakub Jelinek , Dmitry Vyukov , Konstantin Khlebnikov , Andrey Ryabinin , Viacheslav Garbuzov Subject: [PATCH 7/17] Fix for PR 61547 References: <543F831B.4090502@samsung.com> In-reply-to: <543F831B.4090502@samsung.com> Content-type: multipart/mixed; boundary=------------020001040505060608050509 X-IsSubscribed: yes X-SW-Source: 2014-10/txt/msg01480.txt.bz2 This is a multi-part message in MIME format. --------------020001040505060608050509 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-length: 109 Difference from mainline: replaced non-C-friendly bool with unsigned char (see patch 0001 for explanation). --------------020001040505060608050509 Content-Type: text/x-patch; name="0007-2014-10-15-Yury-Gribov-y.gribov-samsung.com.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="0007-2014-10-15-Yury-Gribov-y.gribov-samsung.com.patch" Content-length: 2575 2014-10-15 Yury Gribov Backport from mainline 2014-06-18 Yury Gribov PR sanitizer/61547 * asan.c (instrument_strlen_call): Fixed instrumentation of trailing byte. * c-c++-common/asan/strlen-overflow-1.c: New test. diff --git a/gcc/asan.c b/gcc/asan.c index c838423..06177ac 100644 --- a/gcc/asan.c +++ b/gcc/asan.c @@ -2037,19 +2037,19 @@ instrument_strlen_call (gimple_stmt_iterator *iter) build_check_stmt (loc, gimple_assign_lhs (str_arg_ssa), NULL_TREE, 1, iter, /*non_zero_len_p*/true, /*before_p=*/true, - /*is_store=*/false, /*is_scalar_access*/false, /*align*/0); + /*is_store=*/false, /*is_scalar_access*/true, /*align*/0); - gimple stmt = - gimple_build_assign_with_ops (PLUS_EXPR, - make_ssa_name (TREE_TYPE (len), NULL), - len, - build_int_cst (TREE_TYPE (len), 1)); - gimple_set_location (stmt, loc); - gsi_insert_after (iter, stmt, GSI_NEW_STMT); + gimple g = + gimple_build_assign_with_ops (POINTER_PLUS_EXPR, + make_ssa_name (cptr_type, NULL), + gimple_assign_lhs (str_arg_ssa), + len); + gimple_set_location (g, loc); + gsi_insert_after (iter, g, GSI_NEW_STMT); - build_check_stmt (loc, gimple_assign_lhs (stmt), len, 1, iter, + build_check_stmt (loc, gimple_assign_lhs (g), NULL_TREE, 1, iter, /*non_zero_len_p*/true, /*before_p=*/false, - /*is_store=*/false, /*is_scalar_access*/false, /*align*/0); + /*is_store=*/false, /*is_scalar_access*/true, /*align*/0); return true; } diff --git a/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c b/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c new file mode 100644 index 0000000..426c8fe --- /dev/null +++ b/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c @@ -0,0 +1,33 @@ +/* { dg-do run } */ +/* { dg-skip-if "" { *-*-* } { "-flto" } { "" } } */ +/* { dg-shouldfail "asan" } */ + +#ifndef __cplusplus +#define bool unsigned char +#endif + +#include + +char a[2] = "0"; + +#ifdef __cplusplus +extern "C" +#endif + +__attribute__((no_sanitize_address, noinline)) __SIZE_TYPE__ +strlen (const char *p) { + + __SIZE_TYPE__ n = 0; + for (; *p; ++n, ++p); + return n; +} + +int main () { + char *p = &a[0]; + asm ("" : "+r"(p)); + __asan_poison_memory_region ((char *)&a[1], 1); + return __builtin_strlen (a); +} + +/* { dg-output "READ of size 1 at 0x\[0-9a-f\]+ thread T0.*(\n|\r\n|\r)" } */ +/* { dg-output " #0 0x\[0-9a-f\]+ (in _*main (\[^\n\r]*strlen-overflow-1.c:29|\[^\n\r]*:0)|\[(\]).*(\n|\r\n|\r)" } */ --------------020001040505060608050509--