Unpoison variable partition properly (PR sanitizer/85774).

2018-09-24 Martin Liska <mliska@suse.cz> PR sanitizer/85774 * asan.c: Make asan_handled_variables extern. * asan.h: Likewise. * cfgexpand.c (expand_stack_vars): Make sure a representative is unpoison if another variable in the partition is handled by use-after-scope sanitization. 2018-09-24 Martin Liska <mliska@suse.cz> PR sanitizer/85774 * g++.dg/asan/pr85774.C: New test. From-SVN: r264528
2025-03-31 18:40:52 +08:00 · 2018-09-24 13:22:38 +02:00 · 2018-09-24 13:22:38 +02:00 · bf9f929213
commit bf9f929213
parent 54b7d98ec4
6 changed files with 83 additions and 1 deletions
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@ -1,3 +1,13 @@
+2018-09-24  Martin Liska  <mliska@suse.cz>
+
+	PR sanitizer/85774
+	* asan.c: Make asan_handled_variables extern.
+	* asan.h: Likewise.
+	* cfgexpand.c (expand_stack_vars): Make sure
+	a representative is unpoison if another
+	variable in the partition is handled by
+	use-after-scope sanitization.
+
 2018-09-24  Richard Biener  <rguenther@suse.de>

 	PR tree-optimization/63155
--- a/gcc/asan.c
+++ b/gcc/asan.c
@ -253,7 +253,7 @@ static tree last_alloca_addr;
 /* Set of variable declarations that are going to be guarded by
   use-after-scope sanitizer.  */

-static hash_set<tree> *asan_handled_variables = NULL;
+hash_set<tree> *asan_handled_variables = NULL;

 hash_set <tree> *asan_used_labels = NULL;

--- a/gcc/asan.h
+++ b/gcc/asan.h
@ -110,6 +110,8 @@ extern bool asan_sanitize_stack_p (void);

 extern bool asan_sanitize_allocas_p (void);

+extern hash_set<tree> *asan_handled_variables;
+
 /* Return TRUE if builtin with given FCODE will be intercepted by
   libasan.  */

--- a/gcc/cfgexpand.c
+++ b/gcc/cfgexpand.c
@ -1155,6 +1155,20 @@ expand_stack_vars (bool (*pred) (size_t), struct stack_vars_data *data)
 	      if (repr_decl == NULL_TREE)
 		repr_decl = stack_vars[i].decl;
 	      data->asan_decl_vec.safe_push (repr_decl);
+
+	      /* Make sure a representative is unpoison if another
+		 variable in the partition is handled by
+		 use-after-scope sanitization.  */
+	      if (asan_handled_variables != NULL
+		  && !asan_handled_variables->contains (repr_decl))
+		{
+		  for (j = i; j != EOC; j = stack_vars[j].next)
+		    if (asan_handled_variables->contains (stack_vars[j].decl))
+		      break;
+		  if (j != EOC)
+		    asan_handled_variables->add (repr_decl);
+		}
+
 	      data->asan_alignb = MAX (data->asan_alignb, alignb);
 	      if (data->asan_base == NULL)
 		data->asan_base = gen_reg_rtx (Pmode);
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@ -1,3 +1,8 @@
+2018-09-24  Martin Liska  <mliska@suse.cz>
+
+	PR sanitizer/85774
+	* g++.dg/asan/pr85774.C: New test.
+
 2018-09-24  Alexandre Oliva <oliva@adacore.com>

 	PR middle-end/87054
--- a/gcc/testsuite/g++.dg/asan/pr85774.C
+++ b/gcc/testsuite/g++.dg/asan/pr85774.C
@ -0,0 +1,51 @@
+/* PR sanitizer/85774 */
+/* { dg-do run } */
+
+#include <functional>
+
+void
+DoSomething ()
+{
+}
+
+void
+DoFunc (const std::function<void(void)> &func)
+{
+  func ();
+}
+
+void
+Setup ()
+{
+  switch (1)
+    {
+    case 1:
+      {
+	DoFunc ([]() {});
+	break;
+      }
+    case 2:
+      {
+	DoFunc ([]() {});
+	break;
+      }
+    default:
+      break;
+    }
+
+  DoSomething ();
+}
+
+void
+DemostrateBadPoisoning ()
+{
+  DoFunc ([]() {});
+}
+
+int
+main ()
+{
+  Setup ();
+  DemostrateBadPoisoning ();
+  return 0;
+}