diff options
| -rw-r--r-- | clang/docs/ClangCommandLineReference.rst | 6 | ||||
| -rw-r--r-- | clang/docs/UsersManual.rst | 8 | ||||
| -rw-r--r-- | clang/include/clang/Driver/Options.td | 12 | ||||
| -rw-r--r-- | clang/include/clang/Driver/SanitizerArgs.h | 1 | ||||
| -rw-r--r-- | clang/include/clang/Frontend/CodeGenOptions.def | 2 | ||||
| -rw-r--r-- | clang/lib/CodeGen/ItaniumCXXABI.cpp | 2 | ||||
| -rw-r--r-- | clang/lib/Driver/SanitizerArgs.cpp | 8 | ||||
| -rw-r--r-- | clang/lib/Frontend/CompilerInvocation.cpp | 8 | ||||
| -rw-r--r-- | clang/test/CodeGen/address-sanitizer-and-array-cookie.cpp | 2 | ||||
| -rw-r--r-- | clang/test/Driver/fsanitize.c | 18 |
10 files changed, 48 insertions, 19 deletions
diff --git a/clang/docs/ClangCommandLineReference.rst b/clang/docs/ClangCommandLineReference.rst index 8c2a382cb9fa..f1b865b7eb27 100644 --- a/clang/docs/ClangCommandLineReference.rst +++ b/clang/docs/ClangCommandLineReference.rst @@ -800,9 +800,11 @@ Level of field padding for AddressSanitizer Enable linker dead stripping of globals in AddressSanitizer -.. option:: -fsanitize-address-poison-class-member-array-new-cookie, -fno-sanitize-address-poison-class-member-array-new-cookie +.. option:: -fsanitize-address-poison-custom-array-cookie, -fno-sanitize-address-poison-custom-array-cookie -Enable poisoning array cookies when using class member operator new\[\] in AddressSanitizer +Enable "poisoning" array cookies when allocating arrays with a custom operator new\[\] in Address Sanitizer, preventing accesses to the cookies from user code. An array cookie is a small implementation-defined header added to certain array allocations to record metadata such as the length of the array. Accesses to array cookies from user code are technically allowed by the standard but are more likely to be the result of an out-of-bounds array access. + +An operator new\[\] is "custom" if it is not one of the allocation functions provided by the C++ standard library. Array cookies from non-custom allocation functions are always poisoned. .. option:: -fsanitize-address-use-after-scope, -fno-sanitize-address-use-after-scope diff --git a/clang/docs/UsersManual.rst b/clang/docs/UsersManual.rst index 2b83a0d5d5f5..b6ad37ea15ac 100644 --- a/clang/docs/UsersManual.rst +++ b/clang/docs/UsersManual.rst @@ -3000,8 +3000,8 @@ Execute ``clang-cl /?`` to see a list of supported options: -fno-debug-macro Do not emit macro debug information -fno-delayed-template-parsing Disable delayed template parsing - -fno-sanitize-address-poison-class-member-array-new-cookie - Disable poisoning array cookies when using class member operator new[] in AddressSanitizer + -fno-sanitize-address-poison-custom-array-cookie + Disable poisoning array cookies when using custom operator new[] in AddressSanitizer -fno-sanitize-address-use-after-scope Disable use-after-scope detection in AddressSanitizer -fno-sanitize-blacklist Don't use blacklist file for sanitizers @@ -3037,8 +3037,8 @@ Execute ``clang-cl /?`` to see a list of supported options: Level of field padding for AddressSanitizer -fsanitize-address-globals-dead-stripping Enable linker dead stripping of globals in AddressSanitizer - -fsanitize-address-poison-class-member-array-new-cookie - Enable poisoning array cookies when using class member operator new[] in AddressSanitizer + -fsanitize-address-poison-custom-array-cookie + Enable poisoning array cookies when using custom operator new[] in AddressSanitizer -fsanitize-address-use-after-scope Enable use-after-scope detection in AddressSanitizer -fsanitize-blacklist=<value> diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td index 29dc56058634..8766d1578fbf 100644 --- a/clang/include/clang/Driver/Options.td +++ b/clang/include/clang/Driver/Options.td @@ -971,14 +971,14 @@ def fno_sanitize_address_use_after_scope : Flag<["-"], "fno-sanitize-address-use Group<f_clang_Group>, Flags<[CoreOption, DriverOption]>, HelpText<"Disable use-after-scope detection in AddressSanitizer">; -def fsanitize_address_poison_class_member_array_new_cookie - : Flag<[ "-" ], "fsanitize-address-poison-class-member-array-new-cookie">, +def fsanitize_address_poison_custom_array_cookie + : Flag<[ "-" ], "fsanitize-address-poison-custom-array-cookie">, Group<f_clang_Group>, - HelpText<"Enable poisoning array cookies when using class member operator new[] in AddressSanitizer">; -def fno_sanitize_address_poison_class_member_array_new_cookie - : Flag<[ "-" ], "fno-sanitize-address-poison-class-member-array-new-cookie">, + HelpText<"Enable poisoning array cookies when using custom operator new[] in AddressSanitizer">; +def fno_sanitize_address_poison_custom_array_cookie + : Flag<[ "-" ], "fno-sanitize-address-poison-custom-array-cookie">, Group<f_clang_Group>, - HelpText<"Disable poisoning array cookies when using class member operator new[] in AddressSanitizer">; + HelpText<"Disable poisoning array cookies when using custom operator new[] in AddressSanitizer">; def fsanitize_address_globals_dead_stripping : Flag<["-"], "fsanitize-address-globals-dead-stripping">, Group<f_clang_Group>, HelpText<"Enable linker dead stripping of globals in AddressSanitizer">; diff --git a/clang/include/clang/Driver/SanitizerArgs.h b/clang/include/clang/Driver/SanitizerArgs.h index d144e488b56b..f40b376fe5d2 100644 --- a/clang/include/clang/Driver/SanitizerArgs.h +++ b/clang/include/clang/Driver/SanitizerArgs.h @@ -36,6 +36,7 @@ class SanitizerArgs { int AsanFieldPadding = 0; bool SharedRuntime = false; bool AsanUseAfterScope = true; + bool AsanPoisonCustomArrayCookie = false; bool AsanGlobalsDeadStripping = false; bool LinkCXXRuntimes = false; bool NeedPIE = false; diff --git a/clang/include/clang/Frontend/CodeGenOptions.def b/clang/include/clang/Frontend/CodeGenOptions.def index cb6cc0a846b7..3687c5907674 100644 --- a/clang/include/clang/Frontend/CodeGenOptions.def +++ b/clang/include/clang/Frontend/CodeGenOptions.def @@ -174,7 +174,7 @@ CODEGENOPT(NewStructPathTBAA , 1, 0) ///< Whether or not to use enhanced struct- CODEGENOPT(SaveTempLabels , 1, 0) ///< Save temporary labels. CODEGENOPT(SanitizeAddressUseAfterScope , 1, 0) ///< Enable use-after-scope detection ///< in AddressSanitizer -CODEGENOPT(SanitizeAddressPoisonClassMemberArrayNewCookie, 1, +CODEGENOPT(SanitizeAddressPoisonCustomArrayCookie, 1, 0) ///< Enable poisoning operator new[] which is not a replaceable ///< global allocation function in AddressSanitizer CODEGENOPT(SanitizeAddressGlobalsDeadStripping, 1, 0) ///< Enable linker dead stripping diff --git a/clang/lib/CodeGen/ItaniumCXXABI.cpp b/clang/lib/CodeGen/ItaniumCXXABI.cpp index e75532142e5b..485d6c001385 100644 --- a/clang/lib/CodeGen/ItaniumCXXABI.cpp +++ b/clang/lib/CodeGen/ItaniumCXXABI.cpp @@ -1916,7 +1916,7 @@ Address ItaniumCXXABI::InitializeArrayCookie(CodeGenFunction &CGF, // Handle the array cookie specially in ASan. if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address) && AS == 0 && (expr->getOperatorNew()->isReplaceableGlobalAllocationFunction() || - CGM.getCodeGenOpts().SanitizeAddressPoisonClassMemberArrayNewCookie)) { + CGM.getCodeGenOpts().SanitizeAddressPoisonCustomArrayCookie)) { // The store to the CookiePtr does not need to be instrumented. CGM.getSanitizerMetadata()->disableSanitizerForInstruction(SI); llvm::FunctionType *FTy = diff --git a/clang/lib/Driver/SanitizerArgs.cpp b/clang/lib/Driver/SanitizerArgs.cpp index c2e63ded6c09..030005446418 100644 --- a/clang/lib/Driver/SanitizerArgs.cpp +++ b/clang/lib/Driver/SanitizerArgs.cpp @@ -724,6 +724,11 @@ SanitizerArgs::SanitizerArgs(const ToolChain &TC, options::OPT_fsanitize_address_use_after_scope, options::OPT_fno_sanitize_address_use_after_scope, AsanUseAfterScope); + AsanPoisonCustomArrayCookie = Args.hasFlag( + options::OPT_fsanitize_address_poison_custom_array_cookie, + options::OPT_fno_sanitize_address_poison_custom_array_cookie, + AsanPoisonCustomArrayCookie); + // As a workaround for a bug in gold 2.26 and earlier, dead stripping of // globals in ASan is disabled by default on ELF targets. // See https://sourceware.org/bugzilla/show_bug.cgi?id=19002 @@ -897,6 +902,9 @@ void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args, if (AsanUseAfterScope) CmdArgs.push_back("-fsanitize-address-use-after-scope"); + if (AsanPoisonCustomArrayCookie) + CmdArgs.push_back("-fsanitize-address-poison-custom-array-cookie"); + if (AsanGlobalsDeadStripping) CmdArgs.push_back("-fsanitize-address-globals-dead-stripping"); diff --git a/clang/lib/Frontend/CompilerInvocation.cpp b/clang/lib/Frontend/CompilerInvocation.cpp index d592959d1cd9..8ccaddd4b1b5 100644 --- a/clang/lib/Frontend/CompilerInvocation.cpp +++ b/clang/lib/Frontend/CompilerInvocation.cpp @@ -969,11 +969,11 @@ static bool ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args, InputKind IK, Args.hasArg(OPT_fsanitize_cfi_icall_generalize_pointers); Opts.SanitizeStats = Args.hasArg(OPT_fsanitize_stats); if (Arg *A = Args.getLastArg( - OPT_fsanitize_address_poison_class_member_array_new_cookie, - OPT_fno_sanitize_address_poison_class_member_array_new_cookie)) { - Opts.SanitizeAddressPoisonClassMemberArrayNewCookie = + OPT_fsanitize_address_poison_custom_array_cookie, + OPT_fno_sanitize_address_poison_custom_array_cookie)) { + Opts.SanitizeAddressPoisonCustomArrayCookie = A->getOption().getID() == - OPT_fsanitize_address_poison_class_member_array_new_cookie; + OPT_fsanitize_address_poison_custom_array_cookie; } if (Arg *A = Args.getLastArg(OPT_fsanitize_address_use_after_scope, OPT_fno_sanitize_address_use_after_scope)) { diff --git a/clang/test/CodeGen/address-sanitizer-and-array-cookie.cpp b/clang/test/CodeGen/address-sanitizer-and-array-cookie.cpp index e2267a10c2be..821f1b032b61 100644 --- a/clang/test/CodeGen/address-sanitizer-and-array-cookie.cpp +++ b/clang/test/CodeGen/address-sanitizer-and-array-cookie.cpp @@ -1,6 +1,6 @@ // RUN: %clang_cc1 -triple x86_64-gnu-linux -emit-llvm -o - %s | FileCheck %s -check-prefix=PLAIN // RUN: %clang_cc1 -triple x86_64-gnu-linux -emit-llvm -o - -fsanitize=address %s | FileCheck %s -check-prefix=ASAN -// RUN: %clang_cc1 -triple x86_64-gnu-linux -emit-llvm -o - -fsanitize=address -fsanitize-address-poison-class-member-array-new-cookie %s | FileCheck %s -check-prefix=ASAN-POISON-ALL-NEW-ARRAY +// RUN: %clang_cc1 -triple x86_64-gnu-linux -emit-llvm -o - -fsanitize=address -fsanitize-address-poison-custom-array-cookie %s | FileCheck %s -check-prefix=ASAN-POISON-ALL-NEW-ARRAY typedef __typeof__(sizeof(0)) size_t; namespace std { diff --git a/clang/test/Driver/fsanitize.c b/clang/test/Driver/fsanitize.c index ac4a7d27b38c..dd282d2b08f0 100644 --- a/clang/test/Driver/fsanitize.c +++ b/clang/test/Driver/fsanitize.c @@ -223,6 +223,24 @@ // RUN: %clang -target x86_64-linux-gnu -fsanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-WITHOUT-USE-AFTER-SCOPE // CHECK-ASAN-WITHOUT-USE-AFTER-SCOPE: -cc1{{.*}}address-use-after-scope +// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-address-poison-custom-array-cookie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-POISON-CUSTOM-ARRAY-NEW-COOKIE +// RUN: %clang_cl --target=x86_64-windows -fsanitize=address -fsanitize-address-poison-custom-array-cookie -### -- %s 2>&1 | FileCheck %s --check-prefix=CHECK-POISON-CUSTOM-ARRAY-NEW-COOKIE +// CHECK-POISON-CUSTOM-ARRAY-NEW-COOKIE: -cc1{{.*}}-fsanitize-address-poison-custom-array-cookie + +// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fno-sanitize-address-poison-custom-array-cookie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-POISON-CUSTOM-ARRAY-NEW-COOKIE-OFF +// RUN: %clang_cl --target=x86_64-windows -fsanitize=address -fno-sanitize-address-poison-custom-array-cookie -### -- %s 2>&1 | FileCheck %s --check-prefix=CHECK-POISON-CUSTOM-ARRAY-NEW-COOKIE-OFF +// CHECK-POISON-CUSTOM-ARRAY-NEW-COOKIE-OFF-NOT: -cc1{{.*}}address-poison-custom-array-cookie + +// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fno-sanitize-address-poison-custom-array-cookie -fsanitize-address-poison-custom-array-cookie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-POISON-CUSTOM-ARRAY-NEW-COOKIE-BOTH +// RUN: %clang_cl --target=x86_64-windows -fsanitize=address -fno-sanitize-address-poison-custom-array-cookie -fsanitize-address-poison-custom-array-cookie -### -- %s 2>&1 | FileCheck %s --check-prefix=CHECK-POISON-CUSTOM-ARRAY-NEW-COOKIE-BOTH +// CHECK-POISON-CUSTOM-ARRAY-NEW-COOKIE-BOTH: -cc1{{.*}}-fsanitize-address-poison-custom-array-cookie + +// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-address-poison-custom-array-cookie -fno-sanitize-address-poison-custom-array-cookie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-POISON-CUSTOM-ARRAY-NEW-COOKIE-BOTH-OFF +// CHECK-POISON-CUSTOM-ARRAY-NEW-COOKIE-BOTH-OFF-NOT: -cc1{{.*}}address-poison-custom-array-cookie + +// RUN: %clang -target x86_64-linux-gnu -fsanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-WITHOUT-POISON-CUSTOM-ARRAY-NEW-COOKIE +// CHECK-ASAN-WITHOUT-POISON-CUSTOM-ARRAY-NEW-COOKIE-NOT: -cc1{{.*}}address-poison-custom-array-cookie + // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-address-globals-dead-stripping %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-GLOBALS // RUN: %clang -target x86_64-linux-gnu -fsanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-ASAN-GLOBALS // RUN: %clang_cl --target=x86_64-windows-msvc -fsanitize=address -fsanitize-address-globals-dead-stripping -### -- %s 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-GLOBALS |