From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 11524 invoked by alias); 24 Sep 2018 07:39:34 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 10104 invoked by uid 89); 24 Sep 2018 07:39:33 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_PASS autolearn=ham version=3.3.2 spammy=partition, functional, jakub, Jakub X-HELO: mx1.suse.de Received: from mx2.suse.de (HELO mx1.suse.de) (195.135.220.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 24 Sep 2018 07:39:32 +0000 Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 69AC5B0D9; Mon, 24 Sep 2018 07:39:30 +0000 (UTC) From: =?UTF-8?Q?Martin_Li=c5=a1ka?= Subject: [PATCH] Unpoison variable partition properly (PR sanitizer/85774). To: gcc-patches@gcc.gnu.org Cc: Jakub Jelinek Message-ID: <9c109e8e-0a91-3e18-6866-630431823e06@suse.cz> Date: Mon, 24 Sep 2018 07:57:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------78A05A13A49C7A32E54281C8" X-IsSubscribed: yes X-SW-Source: 2018-09/txt/msg01319.txt.bz2 This is a multi-part message in MIME format. --------------78A05A13A49C7A32E54281C8 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-length: 1049 Hi. As always Jakub provided my very nice hint how to fix the issue. It's about adding representative of a stack partitioning into asan_handled_variables when another variable of the partition lies in asan_handled_variables. Patch survives testing on ppc64le-linux-gnu. Ready for trunk? gcc/ChangeLog: 2018-09-21 Martin Liska PR sanitizer/85774 * asan.c: Make asan_handled_variables extern. * asan.h: Likewise. * cfgexpand.c (expand_stack_vars): Make sure a representative is unpoison if another variable in the partition is handled by use-after-scope sanitization. gcc/testsuite/ChangeLog: 2018-09-21 Martin Liska PR sanitizer/85774 * g++.dg/asan/pr85774.C: New test. --- gcc/asan.c | 2 +- gcc/asan.h | 2 ++ gcc/cfgexpand.c | 14 ++++++++ gcc/testsuite/g++.dg/asan/pr85774.C | 51 +++++++++++++++++++++++++++++ 4 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 gcc/testsuite/g++.dg/asan/pr85774.C --------------78A05A13A49C7A32E54281C8 Content-Type: text/x-patch; name="0001-Unpoison-variable-partition-properly-PR-sanitizer-85.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0001-Unpoison-variable-partition-properly-PR-sanitizer-85.pa"; filename*1="tch" Content-length: 2458 diff --git a/gcc/asan.c b/gcc/asan.c index e71ab2cc710..235e219479d 100644 --- a/gcc/asan.c +++ b/gcc/asan.c @@ -253,7 +253,7 @@ static tree last_alloca_addr; /* Set of variable declarations that are going to be guarded by use-after-scope sanitizer. */ -static hash_set *asan_handled_variables = NULL; +hash_set *asan_handled_variables = NULL; hash_set *asan_used_labels = NULL; diff --git a/gcc/asan.h b/gcc/asan.h index 412af220597..2f431b4f938 100644 --- a/gcc/asan.h +++ b/gcc/asan.h @@ -110,6 +110,8 @@ extern bool asan_sanitize_stack_p (void); extern bool asan_sanitize_allocas_p (void); +extern hash_set *asan_handled_variables; + /* Return TRUE if builtin with given FCODE will be intercepted by libasan. */ diff --git a/gcc/cfgexpand.c b/gcc/cfgexpand.c index c8d7805308c..35ca276e4ad 100644 --- a/gcc/cfgexpand.c +++ b/gcc/cfgexpand.c @@ -1155,6 +1155,20 @@ expand_stack_vars (bool (*pred) (size_t), struct stack_vars_data *data) if (repr_decl == NULL_TREE) repr_decl = stack_vars[i].decl; data->asan_decl_vec.safe_push (repr_decl); + + /* Make sure a representative is unpoison if another + variable in the partition is handled by + use-after-scope sanitization. */ + if (asan_handled_variables != NULL + && !asan_handled_variables->contains (repr_decl)) + { + for (j = i; j != EOC; j = stack_vars[j].next) + if (asan_handled_variables->contains (stack_vars[j].decl)) + break; + if (j != EOC) + asan_handled_variables->add (repr_decl); + } + data->asan_alignb = MAX (data->asan_alignb, alignb); if (data->asan_base == NULL) data->asan_base = gen_reg_rtx (Pmode); diff --git a/gcc/testsuite/g++.dg/asan/pr85774.C b/gcc/testsuite/g++.dg/asan/pr85774.C new file mode 100644 index 00000000000..c033abfd69b --- /dev/null +++ b/gcc/testsuite/g++.dg/asan/pr85774.C @@ -0,0 +1,51 @@ +/* PR sanitizer/85774 */ +/* { dg-do run } */ + +#include + +void +DoSomething () +{ +} + +void +DoFunc (const std::function &func) +{ + func (); +} + +void +Setup () +{ + switch (1) + { + case 1: + { + DoFunc ([]() {}); + break; + } + case 2: + { + DoFunc ([]() {}); + break; + } + default: + break; + } + + DoSomething (); +} + +void +DemostrateBadPoisoning () +{ + DoFunc ([]() {}); +} + +int +main () +{ + Setup (); + DemostrateBadPoisoning (); + return 0; +} --------------78A05A13A49C7A32E54281C8--