Age | Commit message (Collapse) | Author |
|
The dynamic type check needs to inspect vtables, but could crash if it
encounters a vtable pointer to inaccessible memory. In the first attempt
to fix the issue (r304437), we performed a memory accessibility check on
the wrong range of memory. This should *really* fix the problem.
Patch by Max Moroz!
Differential Revision: https://reviews.llvm.org/D34215
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@305489 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
There is can be a situation when vptr is not initializing
by constructor of the object, and has a junk data which should
be properly checked, because c++ standard says:
"if default constructor is not specified
16 (7.3) no initialization is performed."
Patch by Denis Khalikov!
Differential Revision: https://reviews.llvm.org/D33712
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@304437 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@283511 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@283506 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The definitions in sanitizer_common may conflict with definitions from system headers because:
The runtime includes the system headers after the project headers (as per LLVM coding guidelines).
lib/sanitizer_common/sanitizer_internal_defs.h pollutes the namespace of everything defined after it, which is all/most of the sanitizer .h and .cc files and the included system headers with: using namespace __sanitizer; // NOLINT
This patch solves the problem by introducing the namespace only within the sanitizer namespaces as proposed by Dmitry.
Differential Revision: https://reviews.llvm.org/D21947
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@281657 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
configuration"
This reverts commit 6659b10799b287ad815e49c4f1b01abc4369b03d.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@279818 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: This will allow for the sanitizers to be used when c++ abi is unavailable.
Reviewers: samsonov, beanz, pcc, rnk
Subscribers: llvm-commits, kubabrecka, compnerd, dberris
Differential Revision: https://reviews.llvm.org/D23376
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@279816 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
configuration"
This reverts commit dbb6e905684e2e9488887b26c02ee8881849f09f.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@278852 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: This will allow for the sanitizers to be used when c++ abi is unavailable.
Reviewers: samsonov, beanz, pcc, rnk
Subscribers: llvm-commits, kubabrecka, compnerd, dberris
Differential Revision: https://reviews.llvm.org/D23376
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@278848 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
configuration"
This reverts commit cd5fa595648378f38cdad8b07e18433639c28a9c.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@278800 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: This will allow for the sanitizers to be used when c++ abi is unavailable.
Reviewers: samsonov, beanz, pcc, rnk
Subscribers: llvm-commits, kubabrecka, compnerd, dberris
Differential Revision: https://reviews.llvm.org/D23376
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@278772 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
configuration"
This reverts commit 9528d86531b1289600e18c407b8e992d7fedb94f.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@278769 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: This will allow for the sanitizers to be used when c++ abi is unavailable.
Reviewers: samsonov, beanz, pcc, rnk
Subscribers: llvm-commits, kubabrecka, compnerd, dberris
Differential Revision: https://reviews.llvm.org/D23376
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@278764 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This CL adds a weak check for a Vtable prefix: for a well-formed
Vtable, we require the prefix to be within [-1<<20; 1<<20].
Practically, this solves most of the known cases when UBSan segfaults
without providing any useful diagnostics.
Reviewers: pcc
Subscribers: kubabrecka
Differential Revision: http://reviews.llvm.org/D19750
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@271560 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
iOS on ARM64 doesn't unique RTTI.
Ref: clang's iOS64CXXABI::shouldRTTIBeUnique()
Due to this, pointer-equality will not necessarily work in this
architecture, across dylib boundaries.
dynamic_cast<>() will (as expected) still work, since Apple ships with
one prepared for this, but we can't rely on the type names being
pointer-equal.
I've limited the expensive strcmp check to the specific architecture
which needs it.
Example which triggers this bug:
lib.h:
struct X {
virtual ~X() {}
};
X *libCall();
lib.mm:
X *libCall() {
return new X;
}
prog.mm:
int main() {
X *px = libCall();
delete px;
}
Expected output: Nothing
Actual output:
<unknown>: runtime error: member call on address 0x00017001ef50 which does not point to an object of type 'X'
0x00017001ef50: note: object is of type 'X'
00 00 00 00 60 00 0f 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for ‘X’
Reviewers: kubabrecka, samsonov, eugenis, rsmith
Subscribers: aemerson, llvm-commits, rengolin
Differential Revision: http://reviews.llvm.org/D11502
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@262147 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This reverts r247484 and two follow-up commits.
Breaks ppc and x86_64 sanitizer bots.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@247921 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Should fix sanitizer-ppc64-linux1 bot.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@247493 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
If the pointer passed to the getVtablePrefix function was read from a freed
object, we may end up following pointers into objects on the heap and
printing bogus dynamic type names in diagnostics. However, we know that
vtable pointers will generally only point into memory mapped from object
files, not objects on the heap.
This change causes us to only follow pointers in a vtable if the vtable
and one of the virtual functions it points to appear to have appropriate
permissions (i.e. non-writable, and maybe executable), which will generally
exclude heap pointers.
Only enabled for Linux; this hasn't been tested on FreeBSD, and vtables are
writable on Mac (PR24782) so this won't work there.
Differential Revision: http://reviews.llvm.org/D12790
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@247484 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Offset from vptr to the start of most-derived object can actually
be positive in some virtual base class vtables.
Patch by Stephan Bergmann!
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@244101 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Specifically:
- Start using %expect_crash.
- Provide an implementation of __ubsan::getDynamicTypeInfoFromVtable
for the Microsoft C++ ABI. This is all that is needed for CFI
diagnostics; UBSan's -fsanitize=vptr also requires an implementation of
__ubsan::checkDynamicType.
- Build the sanitizer runtimes against the release version of the C
runtime, even in debug builds.
- Accommodate demangling differences in tests.
Differential Revision: http://reviews.llvm.org/D11029
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@241745 91177308-0d34-0410-b5e6-96231b3b80d8
|