This is an archive of the discontinued LLVM Phabricator instance.

ASan+operator new[]: Fix operator new[] cookie poisoning
ClosedPublic

Authored by filcab on Feb 7 2018, 3:18 AM.

Details

Summary

Right now clang is skipping array cookie poisoning for any operator
new[] which is not part of the set of replaceable global allocation
functions.

This commit adds a flag to tell clang to poison all operator new[]
cookies.

A previous review was poisoning all array cookies unconditionally, but
there is an edge case which would stop working under ASan (a custom
operator new[] saves whatever pointer it returned, and then accesses
it).

This newer revision adds a command line argument to toggle this feature.

Original revision: https://reviews.llvm.org/D41301
Compiler-rt test revision with an explanation of the edge case: https://reviews.llvm.org/D41664

Diff Detail

Repository
rC Clang

Event Timeline

filcab created this revision.Feb 7 2018, 3:18 AM

I don't understand why your description of this patch mentions the void* placement new[] operator. There's no cookie to poison for that operator.

filcab added a comment.Feb 8 2018, 2:25 AM

I don't understand why your description of this patch mentions the void* placement new[] operator. There's no cookie to poison for that operator.

Hah, sorry. In writing this commit log I used parts of the old patch one. I'll update with a better commit log.

filcab updated this revision to Diff 133389.Feb 8 2018, 2:29 AM

Update commit message.

filcab edited the summary of this revision. (Show Details)Feb 8 2018, 2:31 AM
filcab edited the summary of this revision. (Show Details)
rjmccall accepted this revision.Feb 8 2018, 11:03 AM

Okay, thanks. LGTM.

This revision is now accepted and ready to land.Feb 8 2018, 11:03 AM
This revision was automatically updated to reflect the committed changes.