diff options
| author | Vedant Kumar <vsk@apple.com> | 2017-07-25 19:34:23 +0000 |
|---|---|---|
| committer | Vedant Kumar <vsk@apple.com> | 2017-07-25 19:34:23 +0000 |
| commit | 5d285dac56238b64d4ed057dab2babdd21301f14 (patch) | |
| tree | d3ea4fa95fb7531586cc6b5c50a351608c107cf2 /test/CodeGenCXX/ubsan-devirtualized-calls.cpp | |
| parent | deada24dc0a86d17b03a53e437069e60756c8656 (diff) | |
[ubsan] Null-check pointers in -fsanitize=vptr (PR33881)
The instrumentation generated by -fsanitize=vptr does not null check a
user pointer before loading from it. This causes crashes in the face of
UB member calls (this=nullptr), i.e it's causing user programs to crash
only after UBSan is turned on.
The fix is to make run-time null checking a prerequisite for enabling
-fsanitize=vptr, and to then teach UBSan to reuse these run-time null
checks to make -fsanitize=vptr safe.
Testing: check-clang, check-ubsan, a stage2 ubsan-enabled build
Differential Revision: https://reviews.llvm.org/D35735
https://bugs.llvm.org/show_bug.cgi?id=33881
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@309007 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test/CodeGenCXX/ubsan-devirtualized-calls.cpp')
| -rw-r--r-- | test/CodeGenCXX/ubsan-devirtualized-calls.cpp | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/test/CodeGenCXX/ubsan-devirtualized-calls.cpp b/test/CodeGenCXX/ubsan-devirtualized-calls.cpp index bc8861aa83..f4ccdbf647 100644 --- a/test/CodeGenCXX/ubsan-devirtualized-calls.cpp +++ b/test/CodeGenCXX/ubsan-devirtualized-calls.cpp @@ -1,4 +1,4 @@ -// RUN: %clang_cc1 -std=c++11 -triple %itanium_abi_triple -emit-llvm -fsanitize=vptr %s -o - | FileCheck %s +// RUN: %clang_cc1 -std=c++11 -triple %itanium_abi_triple -emit-llvm -fsanitize=null,vptr %s -o - | FileCheck %s struct Base1 { virtual void f1() {} @@ -64,6 +64,11 @@ void t4() { // CHECK-NEXT: call void @__ubsan_handle_dynamic_type_cache{{[_a-z]*}}({{.*}} [[UBSAN_TI_DERIVED3]] {{.*}}, i{{[0-9]+}} %[[P1]] static_cast<Base1 *>(badp)->f1(); //< No devirt, test 'badp isa Base1'. + // We were able to skip the null check on the first type check because 'p' + // is backed by an alloca. We can't skip the second null check because 'badp' + // is a (bitcast (load ...)). + // CHECK: call void @__ubsan_handle_type_mismatch + // // CHECK: %[[BADP1:[0-9]+]] = ptrtoint %struct.Base1* {{%[0-9]+}} to i{{[0-9]+}}, !nosanitize // CHECK-NEXT: call void @__ubsan_handle_dynamic_type_cache{{[_a-z]*}}({{.*}} [[UBSAN_TI_BASE1]] {{.*}}, i{{[0-9]+}} %[[BADP1]] } @@ -76,6 +81,8 @@ void t5() { // CHECK-NEXT: call void @__ubsan_handle_dynamic_type_cache{{[_a-z]*}}({{.*}} [[UBSAN_TI_DERIVED4_1]] {{.*}}, i{{[0-9]+}} %[[P1]] static_cast<Base1 *>(badp)->f1(); //< Devirt Base1::f1 to Derived4::f1. + // CHECK: call void @__ubsan_handle_type_mismatch + // // CHECK: %[[BADP1:[0-9]+]] = ptrtoint %struct.Derived4* {{%[0-9]+}} to i{{[0-9]+}}, !nosanitize // CHECK-NEXT: call void @__ubsan_handle_dynamic_type_cache{{[_a-z]*}}({{.*}} [[UBSAN_TI_DERIVED4_2]] {{.*}}, i{{[0-9]+}} %[[BADP1]] } |