This is an archive of the discontinued LLVM Phabricator instance.

Differential D20323

[ubsan] runtime support for pointer overflow checking
ClosedPublic

Authored by regehr on May 17 2016, 4:59 AM.

Download Raw Diff

Details

Reviewers

filcab
rsmith

Commits

rG41dfc4f1faa6: [ubsan] Runtime support for pointer overflow checking
rCRT304461: [ubsan] Runtime support for pointer overflow checking
rL304461: [ubsan] Runtime support for pointer overflow checking

Summary

This is the runtime support for this cfe patch to support pointer overflow checking:

http://reviews.llvm.org/D20322

Diff Detail

Event Timeline

regehr updated this revision to Diff 57461.May 17 2016, 4:59 AM

regehr retitled this revision from to [ubsan] runtime support for pointer overflow checking.

regehr updated this object.

regehr added reviewers: filcab, rsmith.

regehr added a subscriber: dtzWill.

Herald added a subscriber: kubamracek. · View Herald TranscriptMay 17 2016, 4:59 AM

regehr added a child revision: D20322: [ubsan] add pointer overflow checking.May 17 2016, 5:00 AM

LGTM with the test fix.

test/ubsan/TestCases/Pointer/index-overflow.cpp
20	Something happened here... :-)

This revision is now accepted and ready to land.May 17 2016, 8:31 AM

Hmm, this test actually is wonky if argv[0] happens to be negative when represented as intptr_t... which happens on -m32 for my machine. I'll see about constructing a better test case!

Doing this in a 'portable' manner is amusingly challenging...

Fixed test:

// RUN: %clangxx -fsanitize=pointer-overflow %s -o %t
// RUN: %t 1 2>&1 | FileCheck %s --check-prefix=ERR
// RUN: %t 0 2>&1 | FileCheck %s --check-prefix=SAFE
// RUN: %t -1 2>&1 | FileCheck %s --check-prefix=SAFE

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>

int main(int argc, char *argv[]) {
  // SAFE-NOT: runtime error
  // ERR: runtime error: pointer index expression with base {{.*}} overflowed to

  char *p = (char *)(UINTPTR_MAX);

  printf("%p\n", p + atoi(argv[1]));

  return 0;
}

I'm not sure how to update the revision, but this test should do the trick :).

Fix borked test. Thanks folks!

0x64616E69656C added a subscriber: 0x64616E69656C.Jul 28 2016, 9:11 AM

Looks like patch was not committed.

Closed by commit rL304461: [ubsan] Runtime support for pointer overflow checking (authored by vedantk). · Explain WhyJun 1 2017, 12:41 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

lib/

ubsan/

ubsan_checks.inc

1 line

ubsan_handlers.h

7 lines

ubsan_handlers.cc

31 lines

test/

ubsan/

TestCases/

Pointer/

index-overflow.cpp

19 lines

Diff 57565

lib/ubsan/ubsan_checks.inc

Context not available.

	UBSAN_CHECK(GenericUB, "undefined-behavior", "undefined")	UBSAN_CHECK(GenericUB, "undefined-behavior", "undefined")
	UBSAN_CHECK(NullPointerUse, "null-pointer-use", "null")	UBSAN_CHECK(NullPointerUse, "null-pointer-use", "null")
		UBSAN_CHECK(PointerOverflow, "pointer-overflow", "pointer-overflow")
	UBSAN_CHECK(MisalignedPointerUse, "misaligned-pointer-use", "alignment")	UBSAN_CHECK(MisalignedPointerUse, "misaligned-pointer-use", "alignment")
	UBSAN_CHECK(InsufficientObjectSize, "insufficient-object-size", "object-size")	UBSAN_CHECK(InsufficientObjectSize, "insufficient-object-size", "object-size")
	UBSAN_CHECK(SignedIntegerOverflow, "signed-integer-overflow",	UBSAN_CHECK(SignedIntegerOverflow, "signed-integer-overflow",
Context not available.

lib/ubsan/ubsan_handlers.h

Context not available.
	/// \brief Handle passing null pointer to function with nonnull attribute.	/// \brief Handle passing null pointer to function with nonnull attribute.
	RECOVERABLE(nonnull_arg, NonNullArgData *Data)	RECOVERABLE(nonnull_arg, NonNullArgData *Data)

		struct PointerOverflowData {
		SourceLocation Loc;
		};

		RECOVERABLE(pointer_overflow, PointerOverflowData *Data, ValueHandle Base,
		ValueHandle Result)

	/// \brief Known CFI check kinds.	/// \brief Known CFI check kinds.
	/// Keep in sync with the enum of the same name in CodeGenFunction.h	/// Keep in sync with the enum of the same name in CodeGenFunction.h
	enum CFITypeCheckKind : unsigned char {	enum CFITypeCheckKind : unsigned char {
Context not available.

lib/ubsan/ubsan_handlers.cc

Context not available.
	Die();	Die();
	}	}

		static void handlePointerOverflowImpl(PointerOverflowData *Data,
		ValueHandle Base,
		ValueHandle Result,
		ReportOptions Opts) {
		SourceLocation Loc = Data->Loc.acquire();
		ErrorType ET = ErrorType::PointerOverflow;

		if (ignoreReport(Loc, Opts, ET))
		return;

		ScopedReport R(Opts, Loc, ET);

		Diag(Loc, DL_Error, "pointer index expression with base %0 overflowed to %1")
		<< (void )Base << (void)Result;
		}

		void __ubsan::__ubsan_handle_pointer_overflow(PointerOverflowData *Data,
		ValueHandle Base,
		ValueHandle Result) {
		GET_REPORT_OPTIONS(false);
		handlePointerOverflowImpl(Data, Base, Result, Opts);
		}

		void __ubsan::__ubsan_handle_pointer_overflow_abort(PointerOverflowData *Data,
		ValueHandle Base,
		ValueHandle Result) {
		GET_REPORT_OPTIONS(true);
		handlePointerOverflowImpl(Data, Base, Result, Opts);
		Die();
		}

	static void handleCFIBadIcall(CFICheckFailData *Data, ValueHandle Function,	static void handleCFIBadIcall(CFICheckFailData *Data, ValueHandle Function,
	ReportOptions Opts) {	ReportOptions Opts) {
	if (Data->CheckKind != CFITCK_ICall)	if (Data->CheckKind != CFITCK_ICall)
Context not available.

test/ubsan/TestCases/Pointer/index-overflow.cpp

				// RUN: %clangxx -fsanitize=pointer-overflow %s -o %t
				// RUN: %t 1 2>&1 \| FileCheck %s --check-prefix=ERR
				// RUN: %t 0 2>&1 \| FileCheck %s --check-prefix=SAFE
				// RUN: %t -1 2>&1 \| FileCheck %s --check-prefix=SAFE

				#include <stdio.h>
				#include <stdint.h>
				#include <stdlib.h>

				int main(int argc, char *argv[]) {
				// SAFE-NOT: runtime error
				// ERR: runtime error: pointer index expression with base {{.*}} overflowed to

				char p = (char )(UINTPTR_MAX);

				printf("%p\n", p + atoi(argv[1]));

				return 0;
				}
				filcabUnsubmitted Not Done Reply Inline Actions Something happened here... :-) filcab: Something happened here... :-)