2014-06-18 Yury Gribov <y.gribov@samsung.com>

gcc/
	* asan.c (instrument_strlen_call): Fixed instrumentation of
	trailing byte.

gcc/testsuite/
	* c-c++-common/asan/strlen-overflow-1.c: New test.

git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@211849 138bc75d-0d04-0410-961f-82ee72b054a4

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index fde7c417e10236b7f20a7531554f4337f6acd08a..9aaab6e3f6b0afbbf197d34a7fbd8cbce700d1b6 100644 (file)
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,10 @@
+2014-06-20  Yury Gribov  <y.gribov@samsung.com>
+           Max Ostapenko  <m.ostapenko@partner.samsung.com>
+
+       PR sanitizer/61547
+       * asan.c (instrument_strlen_call): Fixed instrumentation of
+       trailing byte.
+
 2014-06-20  Martin Jambor  <mjambor@suse.cz>
 
        PR ipa/61540

diff --git a/gcc/asan.c b/gcc/asan.c
index 4d87dad701144d7de68975dfb9a4de39686cb274..9e696a4c0840c0b54d51fdc2be3544d149a1068f 100644 (file)
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -2037,19 +2037,19 @@ instrument_strlen_call (gimple_stmt_iterator *iter)
 
   build_check_stmt (loc, gimple_assign_lhs (str_arg_ssa), NULL_TREE, 1, iter,
                    /*non_zero_len_p*/true, /*before_p=*/true,
-                   /*is_store=*/false, /*is_scalar_access*/false, /*align*/0);
+                   /*is_store=*/false, /*is_scalar_access*/true, /*align*/0);
 
-  gimple stmt =
-    gimple_build_assign_with_ops (PLUS_EXPR,
-                                 make_ssa_name (TREE_TYPE (len), NULL),
-                                 len,
-                                 build_int_cst (TREE_TYPE (len), 1));
-  gimple_set_location (stmt, loc);
-  gsi_insert_after (iter, stmt, GSI_NEW_STMT);
+  gimple g =
+    gimple_build_assign_with_ops (POINTER_PLUS_EXPR,
+                                 make_ssa_name (cptr_type, NULL),
+                                 gimple_assign_lhs (str_arg_ssa),
+                                 len);
+  gimple_set_location (g, loc);
+  gsi_insert_after (iter, g, GSI_NEW_STMT);
 
-  build_check_stmt (loc, gimple_assign_lhs (stmt), len, 1, iter,
+  build_check_stmt (loc, gimple_assign_lhs (g), NULL_TREE, 1, iter,
                    /*non_zero_len_p*/true, /*before_p=*/false,
-                   /*is_store=*/false, /*is_scalar_access*/false, /*align*/0);
+                   /*is_store=*/false, /*is_scalar_access*/true, /*align*/0);
 
   return true;
 }

diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 0cceea515760fc374923b6a75eb88349686106e4..79bbeb4247f0ba0281b83e2379195ba6bafa3f6a 100644 (file)
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,9 @@
+2014-06-20  Yury Gribov  <y.gribov@samsung.com>
+           Max Ostapenko  <m.ostapenko@partner.samsung.com>
+
+       PR sanitizer/61547
+       * c-c++-common/asan/strlen-overflow-1.c: New test.
+
 2014-06-20  Martin Jambor  <mjambor@suse.cz>
 
        PR ipa/61540

diff --git a/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c b/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
new file mode 100644 (file)
index 0000000..bf6bf66
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/asan/strlen-overflow-1.c
@@ -0,0 +1,29 @@
+/* { dg-do run } */
+/* { dg-skip-if "" { *-*-* } { "-flto" } { "" } } */
+/* { dg-shouldfail "asan" } */
+
+#include <sanitizer/asan_interface.h>
+
+char a[2] = "0";
+
+#ifdef __cplusplus
+extern "C"
+#endif
+
+__attribute__((no_sanitize_address, noinline)) __SIZE_TYPE__
+strlen (const char *p) {
+
+  __SIZE_TYPE__ n = 0;
+  for (; *p; ++n, ++p);
+  return n;
+}
+
+int main () {
+  char *p = &a[0];
+  asm ("" : "+r"(p));
+  __asan_poison_memory_region ((char *)&a[1], 1);
+  return __builtin_strlen (a);
+}
+
+/* { dg-output "READ of size 1 at 0x\[0-9a-f\]+ thread T0.*(\n|\r\n|\r)" } */
+/* { dg-output "    #0 0x\[0-9a-f\]+ (in _*main (\[^\n\r]*strlen-overflow-1.c:24|\[^\n\r]*:0)|\[(\]).*(\n|\r\n|\r)" } */