From 415913b28c463121c176e842ffaf6b0fd9f4a98c Mon Sep 17 00:00:00 2001 From: Alexey Samsonov Date: Fri, 18 Jul 2014 18:15:39 +0000 Subject: [PATCH] [UBsan] Skip -fsanitize=vptr instrumentations when the pointer value is null. Otherwise -fsanitize=vptr causes the program to crash when it downcasts a null pointer. Reviewed in http://reviews.llvm.org/D4412. Patch by Byoungyoung Lee! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@213393 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/CodeGen/CGExpr.cpp | 2 +- test/CodeGenCXX/catch-undef-behavior.cpp | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/CodeGen/CGExpr.cpp b/lib/CodeGen/CGExpr.cpp index b08af949b4..512b323ba1 100644 --- a/lib/CodeGen/CGExpr.cpp +++ b/lib/CodeGen/CGExpr.cpp @@ -463,7 +463,7 @@ void CodeGenFunction::EmitTypeCheck(TypeCheckKind TCK, SourceLocation Loc, llvm::Value *Cond = nullptr; llvm::BasicBlock *Done = nullptr; - if (SanOpts->Null) { + if (SanOpts->Null || TCK == TCK_DowncastPointer) { // The glvalue must not be an empty glvalue. Cond = Builder.CreateICmpNE( Address, llvm::Constant::getNullValue(Address->getType())); diff --git a/test/CodeGenCXX/catch-undef-behavior.cpp b/test/CodeGenCXX/catch-undef-behavior.cpp index f875d9299e..333855d0ba 100644 --- a/test/CodeGenCXX/catch-undef-behavior.cpp +++ b/test/CodeGenCXX/catch-undef-behavior.cpp @@ -1,5 +1,6 @@ // RUN: %clang_cc1 -std=c++11 -fsanitize=signed-integer-overflow,integer-divide-by-zero,float-divide-by-zero,shift,unreachable,return,vla-bound,alignment,null,vptr,object-size,float-cast-overflow,bool,enum,array-bounds,function -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s // RUN: %clang_cc1 -std=c++11 -fsanitize=vptr,address -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-ASAN +// RUN: %clang_cc1 -std=c++11 -fsanitize=vptr -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=DOWNCAST-NULL struct S { double d; @@ -190,10 +191,15 @@ int bad_enum_value() { } // CHECK-LABEL: @_Z20bad_downcast_pointer +// DOWNCAST-NULL-LABEL: @_Z20bad_downcast_pointer void bad_downcast_pointer(S *p) { // CHECK: %[[NONNULL:.*]] = icmp ne {{.*}}, null // CHECK: br i1 %[[NONNULL]], + // A null poiner access is guarded without -fsanitize=null. + // DOWNCAST-NULL: %[[NONNULL:.*]] = icmp ne {{.*}}, null + // DOWNCAST-NULL: br i1 %[[NONNULL]], + // CHECK: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64.p0i8( // CHECK: %[[E1:.*]] = icmp uge i64 %[[SIZE]], 24 // CHECK: %[[MISALIGN:.*]] = and i64 %{{.*}}, 7 -- 2.40.0