Index: lib/asan/asan_interceptors.h =================================================================== --- lib/asan/asan_interceptors.h +++ lib/asan/asan_interceptors.h @@ -85,8 +85,17 @@ !(SANITIZER_ANDROID && defined(__i386)) && \ !SANITIZER_SOLARIS # define ASAN_INTERCEPT___CXA_THROW 1 +# define ASAN_INTERCEPT___CXA_RETHROW_PRIMARY_EXCEPTION 1 +# ifdef _GLIBCXX_SJLJ_EXCEPTIONS +# define ASAN_INTERCEPT__UNWIND_SJLJ_RAISEEXCEPTION 1 +# else +# define ASAN_INTERCEPT__UNWIND_RAISEEXCEPTION 1 +# endif #else # define ASAN_INTERCEPT___CXA_THROW 0 +# define ASAN_INTERCEPT___CXA_RETHROW_PRIMARY_EXCEPTION 0 +# define ASAN_INTERCEPT__UNWIND_RAISEEXCEPTION 0 +# define ASAN_INTERCEPT__UNWIND_SJLJ_RAISEEXCEPTION 0 #endif #if !SANITIZER_WINDOWS Index: lib/asan/asan_interceptors.cc =================================================================== --- lib/asan/asan_interceptors.cc +++ lib/asan/asan_interceptors.cc @@ -33,6 +33,11 @@ #include "sanitizer_common/sanitizer_posix.h" #endif +#if ASAN_INTERCEPT__UNWIND_RAISEEXCEPTION || \ + ASAN_INTERCEPT__SJLJ_UNWIND_RAISEEXCEPTION +#include +#endif + #if defined(__i386) && SANITIZER_LINUX #define ASAN_PTHREAD_CREATE_VERSION "GLIBC_2.1" #elif defined(__mips__) && SANITIZER_LINUX @@ -319,6 +324,32 @@ } #endif +#if ASAN_INTERCEPT___CXA_RETHROW_PRIMARY_EXCEPTION +INTERCEPTOR(void, __cxa_rethrow_primary_exception, void *a) { + CHECK(REAL(__cxa_rethrow_primary_exception)); + __asan_handle_no_return(); + REAL(__cxa_rethrow_primary_exception)(a); +} +#endif + +#if ASAN_INTERCEPT__UNWIND_RAISEEXCEPTION +INTERCEPTOR(_Unwind_Reason_Code, _Unwind_RaiseException, + struct _Unwind_Exception *object) { + CHECK(REAL(_Unwind_RaiseException)); + __asan_handle_no_return(); + return REAL(_Unwind_RaiseException)(object); +} +#endif + +#if ASAN_INTERCEPT__SJLJ_UNWIND_RAISEEXCEPTION +INTERCEPTOR(_Unwind_Reason_Code, _Unwind_SjLj_RaiseException, + struct _Unwind_Exception *object) { + CHECK(REAL(_Unwind_SjLj_RaiseException)); + __asan_handle_no_return(); + return REAL(_Unwind_SjLj_RaiseException)(object); +} +#endif + #if ASAN_INTERCEPT_INDEX # if ASAN_USE_ALIAS_ATTRIBUTE_FOR_INDEX INTERCEPTOR(char*, index, const char *string, int c) @@ -599,6 +630,17 @@ #if ASAN_INTERCEPT___CXA_THROW ASAN_INTERCEPT_FUNC(__cxa_throw); #endif +#if ASAN_INTERCEPT___CXA_RETHROW_PRIMARY_EXCEPTION + ASAN_INTERCEPT_FUNC(__cxa_rethrow_primary_exception); +#endif + // Indirectly intercept std::rethrow_exception. +#if ASAN_INTERCEPT__UNWIND_RAISEEXCEPTION + INTERCEPT_FUNCTION(_Unwind_RaiseException); +#endif + // Indirectly intercept std::rethrow_exception. +#if ASAN_INTERCEPT__UNWIND_SJLJ_RAISEEXCEPTION + INTERCEPT_FUNCTION(_Unwind_SjLj_RaiseException); +#endif // Intercept threading-related functions #if ASAN_INTERCEPT_PTHREAD_CREATE Index: test/asan/TestCases/intercept-rethrow-exception.cc =================================================================== --- test/asan/TestCases/intercept-rethrow-exception.cc +++ test/asan/TestCases/intercept-rethrow-exception.cc @@ -0,0 +1,64 @@ +// Regression test for +// https://bugs.llvm.org/show_bug.cgi?id=32434 + +// RUN: %clangxx_asan -O0 %s -o %t +// RUN: %run %t + +#include +#include +#include + +namespace { + +// Not instrumented because std::rethrow_exception is a [[noreturn]] function, +// for which the compiler would emit a call to __asan_handle_no_return which +// unpoisons the stack. +// We emulate here some code not compiled with asan. This function is not +// [[noreturn]] because the scenario we're emulating doesn't always throw. If it +// were [[noreturn]], the calling code would emit a call to +// __asan_handle_no_return. +void __attribute__((no_sanitize("address"))) +uninstrumented_rethrow_exception(std::exception_ptr const &exc_ptr) { + std::rethrow_exception(exc_ptr); +} + +char *poisoned1; +char *poisoned2; + +// Create redzones for stack variables in shadow memory and call +// std::rethrow_exception which should unpoison the entire stack. +void create_redzones_and_throw(std::exception_ptr const &exc_ptr) { + char a[100]; + poisoned1 = a - 1; + poisoned2 = a + sizeof(a); + assert(__asan_address_is_poisoned(poisoned1)); + assert(__asan_address_is_poisoned(poisoned2)); + uninstrumented_rethrow_exception(exc_ptr); +} + +} // namespace + +// Check that std::rethrow_exception is intercepted by asan and the interception +// unpoisons the stack. +// If std::rethrow_exception is NOT intercepted, then calls to this function +// from instrumented code will still unpoison the stack because +// std::rethrow_exception is a [[noreturn]] function and any [[noreturn]] +// function call will be instrumented with __asan_handle_no_return. +// However, calls to std::rethrow_exception from UNinstrumented code will not +// unpoison the stack, so we need to intercept std::rethrow_exception to +// unpoison the stack. +int main() { + // In some implementations of std::make_exception_ptr, e.g. libstdc++ prior to + // gcc 7, this function calls __cxa_throw. The __cxa_throw is intercepted by + // asan to unpoison the entire stack; since this test essentially tests that + // the stack is unpoisoned by a call to std::rethrow_exception, we need to + // generate the exception_ptr BEFORE we have the local variables poison the + // stack. + std::exception_ptr my_exception_ptr = std::make_exception_ptr("up"); + + try { + create_redzones_and_throw(my_exception_ptr); + } catch(char const *) { + assert(!__asan_region_is_poisoned(poisoned1, poisoned2 - poisoned1 + 1)); + } +}