This is an archive of the discontinued LLVM Phabricator instance.

Differential D33149

Avoid a UB pointer overflow in the ArrayRef unit test
ClosedPublic

Authored by vsk on May 12 2017, 1:08 PM.

Details

Reviewers
ab
Commits
rG877e3cefb88a: Avoid a UB pointer overflow in the ArrayRef unit test
rL304353: Avoid a UB pointer overflow in the ArrayRef unit test
Summary

The intent of the test is to check that array lengths greater than
UINT_MAX work properly. Change the test to stress that scenario, without
triggering pointer overflow UB.

Caught by a WIP pointer overflow checker in clang.

Diff Detail

Repository
rL LLVM

Event Timeline

vsk created this revision.May 12 2017, 1:08 PM
ab edited edge metadata.May 15 2017, 9:38 AM

Huh, interesting.. Not a big deal, but can you avoid the #ifdef? Where was the overflow?

vsk added a comment.May 15 2017, 9:47 AM
In D33149#755166, @ab wrote:

Huh, interesting.. Not a big deal, but can you avoid the #ifdef? Where was the overflow?

The overflow occurred in drop_front etc. The start of the array moved from 0x10000 to 2^64 - 2.

I think these tests need to add UINT_MAX or greater to a pointer to check that size_t-sized lengths work. For 32-bit machines, I don't think there's a way to add such a large offset to a pointer and not overflow.

dtzWill added a subscriber: dtzWill.May 17 2017, 7:18 PM
vsk added a comment.May 31 2017, 11:49 AM

@ab Ping, would you be ok with leaving the ifdef in?

vsk added a comment.May 31 2017, 2:39 PM

Ahmed and I chatted about this. We discussed an alternative to this patch, which is to test with a length of max<ptroff_t>. This version of the test wouldn't require any ifdefs, and would still add some coverage for r271546.

Closed by commit rL304353: Avoid a UB pointer overflow in the ArrayRef unit test (authored by vedantk). · Explain WhyMay 31 2017, 2:48 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
unittests/
ADT/
30 lines

Diff 100923

llvm/trunk/unittests/ADT/ArrayRefTest.cpp

//===- llvm/unittest/ADT/ArrayRefTest.cpp - ArrayRef unit tests -----------===// //===- llvm/unittest/ADT/ArrayRefTest.cpp - ArrayRef unit tests -----------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "llvm/ADT/ArrayRef.h" #include "llvm/ADT/ArrayRef.h"
#include "llvm/Support/Allocator.h" #include "llvm/Support/Allocator.h"
#include "llvm/Support/raw_ostream.h" #include "llvm/Support/raw_ostream.h"
#include "gtest/gtest.h" #include "gtest/gtest.h"
#include <limits>
#include <vector> #include <vector>
using namespace llvm; using namespace llvm;
// Check that the ArrayRef-of-pointer converting constructor only allows adding // Check that the ArrayRef-of-pointer converting constructor only allows adding
// cv qualifiers (not removing them, or otherwise changing the type) // cv qualifiers (not removing them, or otherwise changing the type)
static_assert( static_assert(
std::is_convertible<ArrayRef<int *>, ArrayRef<const int *>>::value, std::is_convertible<ArrayRef<int *>, ArrayRef<const int *>>::value,
"Adding const"); "Adding const");
▲ Show 20 LinesShow All 53 Lines▼ Show 20 Lines struct NonAssignable {
void operator=(const NonAssignable &RHS) { assert(RHS.Ptr != nullptr); } void operator=(const NonAssignable &RHS) { assert(RHS.Ptr != nullptr); }
bool operator==(const NonAssignable &RHS) const { return Ptr == RHS.Ptr; } bool operator==(const NonAssignable &RHS) const { return Ptr == RHS.Ptr; }
} Array3Src[] = {"hello", "world"}; } Array3Src[] = {"hello", "world"};
ArrayRef<NonAssignable> Array3Copy = makeArrayRef(Array3Src).copy(Alloc); ArrayRef<NonAssignable> Array3Copy = makeArrayRef(Array3Src).copy(Alloc);
EXPECT_EQ(makeArrayRef(Array3Src), Array3Copy); EXPECT_EQ(makeArrayRef(Array3Src), Array3Copy);
EXPECT_NE(makeArrayRef(Array3Src).data(), Array3Copy.data()); EXPECT_NE(makeArrayRef(Array3Src).data(), Array3Copy.data());
} }
TEST(ArrayRefTest, SizeTSizedOperations) {
ArrayRef<char> AR(nullptr, std::numeric_limits<ptrdiff_t>::max());
// Check that drop_back accepts size_t-sized numbers.
EXPECT_EQ(1U, AR.drop_back(AR.size() - 1).size());
// Check that drop_front accepts size_t-sized numbers.
EXPECT_EQ(1U, AR.drop_front(AR.size() - 1).size());
// Check that slice accepts size_t-sized numbers.
EXPECT_EQ(1U, AR.slice(AR.size() - 1).size());
EXPECT_EQ(AR.size() - 1, AR.slice(1, AR.size() - 1).size());
}
TEST(ArrayRefTest, DropBack) { TEST(ArrayRefTest, DropBack) {
static const int TheNumbers[] = {4, 8, 15, 16, 23, 42}; static const int TheNumbers[] = {4, 8, 15, 16, 23, 42};
ArrayRef<int> AR1(TheNumbers); ArrayRef<int> AR1(TheNumbers);
ArrayRef<int> AR2(TheNumbers, AR1.size() - 1); ArrayRef<int> AR2(TheNumbers, AR1.size() - 1);
EXPECT_TRUE(AR1.drop_back().equals(AR2)); EXPECT_TRUE(AR1.drop_back().equals(AR2));
// Check that drop_back accepts size_t-sized numbers.
ArrayRef<char> AR3((const char *)0x10000, SIZE_MAX - 0x10000);
EXPECT_EQ(1U, AR3.drop_back(AR3.size() - 1).size());
} }
TEST(ArrayRefTest, DropFront) { TEST(ArrayRefTest, DropFront) {
static const int TheNumbers[] = {4, 8, 15, 16, 23, 42}; static const int TheNumbers[] = {4, 8, 15, 16, 23, 42};
ArrayRef<int> AR1(TheNumbers); ArrayRef<int> AR1(TheNumbers);
ArrayRef<int> AR2(&TheNumbers[2], AR1.size() - 2); ArrayRef<int> AR2(&TheNumbers[2], AR1.size() - 2);
EXPECT_TRUE(AR1.drop_front(2).equals(AR2)); EXPECT_TRUE(AR1.drop_front(2).equals(AR2));
// Check that drop_front accepts size_t-sized numbers.
ArrayRef<char> AR3((const char *)0x10000, SIZE_MAX - 0x10000);
EXPECT_EQ(1U, AR3.drop_front(AR3.size() - 1).size());
} }
TEST(ArrayRefTest, DropWhile) { TEST(ArrayRefTest, DropWhile) {
static const int TheNumbers[] = {1, 3, 5, 8, 10, 11}; static const int TheNumbers[] = {1, 3, 5, 8, 10, 11};
ArrayRef<int> AR1(TheNumbers); ArrayRef<int> AR1(TheNumbers);
ArrayRef<int> Expected = AR1.drop_front(3); ArrayRef<int> Expected = AR1.drop_front(3);
EXPECT_EQ(Expected, AR1.drop_while([](const int &N) { return N % 2 == 1; })); EXPECT_EQ(Expected, AR1.drop_while([](const int &N) { return N % 2 == 1; }));
▲ Show 20 LinesShow All 71 Lines▼ Show 20 LinesTEST(ArrayRefTest, Equals) {
EXPECT_FALSE(AR1b.equals({2, 3, 4, 5, 6})); EXPECT_FALSE(AR1b.equals({2, 3, 4, 5, 6}));
EXPECT_FALSE(AR1b.equals({3, 4, 5, 6, 7})); EXPECT_FALSE(AR1b.equals({3, 4, 5, 6, 7}));
} }
TEST(ArrayRefTest, EmptyEquals) { TEST(ArrayRefTest, EmptyEquals) {
EXPECT_TRUE(ArrayRef<unsigned>() == ArrayRef<unsigned>()); EXPECT_TRUE(ArrayRef<unsigned>() == ArrayRef<unsigned>());
} }
TEST(ArrayRefTest, Slice) {
// Check that slice accepts size_t-sized numbers.
ArrayRef<char> AR((const char *)0x10000, SIZE_MAX - 0x10000);
EXPECT_EQ(1U, AR.slice(AR.size() - 1).size());
EXPECT_EQ(AR.size() - 1, AR.slice(1, AR.size() - 1).size());
}
TEST(ArrayRefTest, ConstConvert) { TEST(ArrayRefTest, ConstConvert) {
int buf[4]; int buf[4];
for (int i = 0; i < 4; ++i) for (int i = 0; i < 4; ++i)
buf[i] = i; buf[i] = i;
static int *A[] = {&buf[0], &buf[1], &buf[2], &buf[3]}; static int *A[] = {&buf[0], &buf[1], &buf[2], &buf[3]};
ArrayRef<const int *> a((ArrayRef<int *>(A))); ArrayRef<const int *> a((ArrayRef<int *>(A)));
a = ArrayRef<int *>(A); a = ArrayRef<int *>(A);
▲ Show 20 LinesShow All 48 LinesShow Last 20 Lines