[PATCH] Support nested functions (PR sanitize/78541).

Tue, 29 Nov 2016 02:45:13 -0800 

Currently we an assert that prevents proper use-after-scope sanitization
in nested functions. With the attached patch, we are able to do so.
I'm adding 2 test-cases, first one is the ICE reported in PR and the second
one tests proper report of use-after-scope passed by FRAME belonging to a
nested function call.

Patch can bootstrap on ppc64le-redhat-linux and survives regression tests.

Ready to be installed?
Martin

>From 8e02ebdf64a82f0dfc7be531a38702497dece26b Mon Sep 17 00:00:00 2001
From: marxin <mli...@suse.cz>
Date: Mon, 28 Nov 2016 13:05:33 +0100
Subject: [PATCH] Support nested functions (PR sanitize/78541).

gcc/testsuite/ChangeLog:

2016-11-28  Martin Liska  <mli...@suse.cz>

	PR sanitize/78541
	* gcc.dg/asan/pr78541-2.c: New test.
	* gcc.dg/asan/pr78541.c: New test.

gcc/ChangeLog:

2016-11-28  Martin Liska  <mli...@suse.cz>

	PR sanitize/78541
	* asan.c (asan_expand_mark_ifn): Properly
	select a VAR_DECL from FRAME.* component reference.
---
 gcc/asan.c                            |  6 ++++++
 gcc/testsuite/gcc.dg/asan/pr78541-2.c | 10 ++++++++++
 gcc/testsuite/gcc.dg/asan/pr78541.c   | 25 +++++++++++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 gcc/testsuite/gcc.dg/asan/pr78541-2.c
 create mode 100644 gcc/testsuite/gcc.dg/asan/pr78541.c

diff --git a/gcc/asan.c b/gcc/asan.c
index 6e93ea3..cb5d615 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -2713,6 +2713,12 @@ asan_expand_mark_ifn (gimple_stmt_iterator *iter)
   tree base = gimple_call_arg (g, 1);
   gcc_checking_assert (TREE_CODE (base) == ADDR_EXPR);
   tree decl = TREE_OPERAND (base, 0);
+
+  /* For a nested function, we can have: ASAN_MARK (2, &FRAME.2.fp_input, 4) */
+  if (TREE_CODE (decl) == COMPONENT_REF
+      && DECL_NONLOCAL_FRAME (TREE_OPERAND (decl, 0)))
+    decl = TREE_OPERAND (decl, 0);
+
   gcc_checking_assert (TREE_CODE (decl) == VAR_DECL);
   if (asan_handled_variables == NULL)
     asan_handled_variables = new hash_set<tree> (16);
diff --git a/gcc/testsuite/gcc.dg/asan/pr78541-2.c b/gcc/testsuite/gcc.dg/asan/pr78541-2.c
new file mode 100644
index 0000000..44be19c
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/pr78541-2.c
@@ -0,0 +1,10 @@
+/* PR sanitizer/78560 */
+/* { dg-do compile } */
+
+void __quadmath_mpn_extract_flt128 (long *fp_input);
+
+int fn1 ()
+{
+  long fp_input[1];
+  int hack_digit () { __quadmath_mpn_extract_flt128 (fp_input); }
+}
diff --git a/gcc/testsuite/gcc.dg/asan/pr78541.c b/gcc/testsuite/gcc.dg/asan/pr78541.c
new file mode 100644
index 0000000..fb02082
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/pr78541.c
@@ -0,0 +1,25 @@
+// PR sanitizer/78560
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+void foo (double a, double b)
+{
+  double *ptr;
+    {
+      double x = a + b;
+      ptr = &x;
+    }
+ double square () { __builtin_printf ("", *ptr); }
+
+ square ();
+}
+
+int main()
+{
+  foo (1.2f, 2.3f);
+  return 0;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size.*" }
+// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" }
-- 
2.10.2

Reply via email to