[ubsan] Runtime support for pointer overflow checking

Patch by John Regehr and Will Dietz! Differential Revision: https://reviews.llvm.org/D20323 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@304461 91177308-0d34-0410-b5e6-96231b3b80d8
author: Vedant Kumar <vsk@apple.com> 2017-06-01 19:40:59 +0000
committer: Vedant Kumar <vsk@apple.com> 2017-06-01 19:40:59 +0000
commit: efd9e1ef2ba69497829dde2af6a879b789662e9b (patch)
tree: 41de6808c18c9e698b4c4ce1e3027056e91fcc5b
parent: 0c1676c0068c7bda6cba4a7d24ba1aa500201086 (diff)
download: compiler-rt-efd9e1ef2ba69497829dde2af6a879b789662e9b.tar.gz
5 files changed, 60 insertions, 0 deletions
diff --git a/lib/ubsan/ubsan_checks.inc b/lib/ubsan/ubsan_checks.inc
index 6e0864140..0a87e6e8e 100644
--- a/lib/ubsan/ubsan_checks.inc
+++ b/lib/ubsan/ubsan_checks.inc
@@ -19,6 +19,7 @@
 
 UBSAN_CHECK(GenericUB, "undefined-behavior", "undefined")
 UBSAN_CHECK(NullPointerUse, "null-pointer-use", "null")
+UBSAN_CHECK(PointerOverflow, "pointer-overflow", "pointer-overflow")
 UBSAN_CHECK(MisalignedPointerUse, "misaligned-pointer-use", "alignment")
 UBSAN_CHECK(InsufficientObjectSize, "insufficient-object-size", "object-size")
 UBSAN_CHECK(SignedIntegerOverflow, "signed-integer-overflow",
diff --git a/lib/ubsan/ubsan_handlers.cc b/lib/ubsan/ubsan_handlers.cc
index d6a8f52a2..80cc8ad25 100644
--- a/lib/ubsan/ubsan_handlers.cc
+++ b/lib/ubsan/ubsan_handlers.cc
@@ -554,6 +554,37 @@ void __ubsan::__ubsan_handle_nullability_arg_abort(NonNullArgData *Data) {
   Die();
 }
 
+static void handlePointerOverflowImpl(PointerOverflowData *Data,
+                                      ValueHandle Base,
+                                      ValueHandle Result,
+                                      ReportOptions Opts) {
+  SourceLocation Loc = Data->Loc.acquire();
+  ErrorType ET = ErrorType::PointerOverflow;
+
+  if (ignoreReport(Loc, Opts, ET))
+    return;
+
+  ScopedReport R(Opts, Loc, ET);
+
+  Diag(Loc, DL_Error, "pointer index expression with base %0 overflowed to %1")
+    << (void *)Base << (void*)Result;
+}
+
+void __ubsan::__ubsan_handle_pointer_overflow(PointerOverflowData *Data,
+                                              ValueHandle Base,
+                                              ValueHandle Result) {
+  GET_REPORT_OPTIONS(false);
+  handlePointerOverflowImpl(Data, Base, Result, Opts);
+}
+
+void __ubsan::__ubsan_handle_pointer_overflow_abort(PointerOverflowData *Data,
+                                                    ValueHandle Base,
+                                                    ValueHandle Result) {
+  GET_REPORT_OPTIONS(true);
+  handlePointerOverflowImpl(Data, Base, Result, Opts);
+  Die();
+}
+
 static void handleCFIBadIcall(CFICheckFailData *Data, ValueHandle Function,
                               ReportOptions Opts) {
   if (Data->CheckKind != CFITCK_ICall)
diff --git a/lib/ubsan/ubsan_handlers.h b/lib/ubsan/ubsan_handlers.h
index 5857bc249..483c18ced 100644
--- a/lib/ubsan/ubsan_handlers.h
+++ b/lib/ubsan/ubsan_handlers.h
@@ -152,6 +152,13 @@ struct NonNullArgData {
 RECOVERABLE(nonnull_arg, NonNullArgData *Data)
 RECOVERABLE(nullability_arg, NonNullArgData *Data)
 
+struct PointerOverflowData {
+  SourceLocation Loc;
+};
+
+RECOVERABLE(pointer_overflow, PointerOverflowData *Data, ValueHandle Base,
+            ValueHandle Result)
+
 /// \brief Known CFI check kinds.
 /// Keep in sync with the enum of the same name in CodeGenFunction.h
 enum CFITypeCheckKind : unsigned char {
diff --git a/lib/ubsan/ubsan_interface.inc b/lib/ubsan/ubsan_interface.inc
index 0e43ebc68..681476b3c 100644
--- a/lib/ubsan/ubsan_interface.inc
+++ b/lib/ubsan/ubsan_interface.inc
@@ -36,6 +36,8 @@ INTERFACE_FUNCTION(__ubsan_handle_nullability_return)
 INTERFACE_FUNCTION(__ubsan_handle_nullability_return_abort)
 INTERFACE_FUNCTION(__ubsan_handle_out_of_bounds)
 INTERFACE_FUNCTION(__ubsan_handle_out_of_bounds_abort)
+INTERFACE_FUNCTION(__ubsan_handle_pointer_overflow)
+INTERFACE_FUNCTION(__ubsan_handle_pointer_overflow_abort)
 INTERFACE_FUNCTION(__ubsan_handle_shift_out_of_bounds)
 INTERFACE_FUNCTION(__ubsan_handle_shift_out_of_bounds_abort)
 INTERFACE_FUNCTION(__ubsan_handle_sub_overflow)
diff --git a/test/ubsan/TestCases/Pointer/index-overflow.cpp b/test/ubsan/TestCases/Pointer/index-overflow.cpp
new file mode 100644
index 000000000..eb7f95e85
--- /dev/null
+++ b/test/ubsan/TestCases/Pointer/index-overflow.cpp
@@ -0,0 +1,19 @@
+// RUN: %clangxx -fsanitize=pointer-overflow %s -o %t
+// RUN: %t 1 2>&1 | FileCheck %s --check-prefix=ERR
+// RUN: %t 0 2>&1 | FileCheck %s --check-prefix=SAFE
+// RUN: %t -1 2>&1 | FileCheck %s --check-prefix=SAFE
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+int main(int argc, char *argv[]) {
+  // SAFE-NOT: runtime error
+  // ERR: runtime error: pointer index expression with base {{.*}} overflowed to
+
+  char *p = (char *)(UINTPTR_MAX);
+
+  printf("%p\n", p + atoi(argv[1]));
+
+  return 0;
+}
author	Vedant Kumar <vsk@apple.com>	2017-06-01 19:40:59 +0000
committer	Vedant Kumar <vsk@apple.com>	2017-06-01 19:40:59 +0000
commit	efd9e1ef2ba69497829dde2af6a879b789662e9b (patch)
tree	41de6808c18c9e698b4c4ce1e3027056e91fcc5b
parent	0c1676c0068c7bda6cba4a7d24ba1aa500201086 (diff)
download	compiler-rt-efd9e1ef2ba69497829dde2af6a879b789662e9b.tar.gz