[ubsan] Detect invalid unsigned pointer index expression (clang)
Adding an unsigned offset to a base pointer has undefined behavior if
the result of the expression would precede the base. An example from
@regehr:
int foo(char *p, unsigned offset) {
return p + offset >= p; // This may be optimized to '1'.
}
foo(p, -1); // UB.
This patch extends the pointer overflow check in ubsan to detect invalid
unsigned pointer index expressions. It changes the instrumentation to
only permit non-negative offsets in pointer index expressions when all
of the GEP indices are unsigned.
Testing: check-llvm, check-clang run on a stage2, ubsan-instrumented
build.
Differential Revision: https://reviews.llvm.org/D33910
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@305216 91177308-0d34-0410-b5e6-96231b3b80d8
Showing
- lib/CodeGen/CGExpr.cpp 20 additions, 17 deletionslib/CodeGen/CGExpr.cpp
- lib/CodeGen/CGExprScalar.cpp 31 additions, 20 deletionslib/CodeGen/CGExprScalar.cpp
- lib/CodeGen/CodeGenFunction.h 2 additions, 0 deletionslib/CodeGen/CodeGenFunction.h
- test/CodeGen/ubsan-pointer-overflow.m 57 additions, 15 deletionstest/CodeGen/ubsan-pointer-overflow.m
Loading
Please register or sign in to comment