From patchwork Fri Oct 27 10:47:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Martin_Li=C5=A1ka?= X-Patchwork-Id: 831193 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-465318-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="f2pJRp4n"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yNgYm5s2lz9t2Z for ; Fri, 27 Oct 2017 21:47:24 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :subject:to:cc:message-id:date:mime-version:content-type; q=dns; s=default; b=q30Zy/ydYQE2Lhd0vKnyY484fBkqqyLkZAruMN8MNe8TLvmWlW yBD/cnhvCbIDhGPL27qU9oZfuQ7QVW/BuIm0/Q7AxLjvTUr6qMUb366l0OcDFp4t 5KuC5a9oDQ+ftEkFrzedkOdA15Ibew1K49PIsCgsY1IEc40CVl7Na73fI= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :subject:to:cc:message-id:date:mime-version:content-type; s= default; bh=5t98epD2XYitq792E5KsifasVL0=; b=f2pJRp4n5/C/TlNmtoWX reJgC/1Xa1EkhmwIYN8ejBt6pIZNj3paHJHyYkN+5FejW6CMK4zI2eY/n+ZNQYvf IujZcpQLGeMuvEFA9GkKR9FNq6sGAITRj3C8g+Me3DmIu38gr+qp5XUdYG8de57P TGjqfcuvdCuH4tOGyPzeZz4= Received: (qmail 81029 invoked by alias); 27 Oct 2017 10:47:17 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 80666 invoked by uid 89); 27 Oct 2017 10:47:16 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, SPF_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mx2.suse.de Received: from mx2.suse.de (HELO mx2.suse.de) (195.135.220.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 27 Oct 2017 10:47:15 +0000 Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id B21C3ABED; Fri, 27 Oct 2017 10:47:13 +0000 (UTC) From: =?utf-8?q?Martin_Li=C5=A1ka?= Subject: [PATCH] Zero vptr in dtor for -fsanitize=vptr. To: gcc-patches@gcc.gnu.org Cc: Jason Merrill , Jakub Jelinek Message-ID: <1d468e04-9f25-65f4-04a1-51b35abb3582@suse.cz> Date: Fri, 27 Oct 2017 12:47:12 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 X-IsSubscribed: yes Hello. This is small improvement that can catch a virtual call after a lifetime scope of an object. Patch can bootstrap on ppc64le-redhat-linux and survives regression tests. Ready to be installed? Martin gcc/cp/ChangeLog: 2017-10-27 Martin Liska * decl.c (begin_destructor_body): In case of disabled recovery, we can zero object in order to catch virtual calls after an object lifetime. gcc/testsuite/ChangeLog: 2017-10-27 Martin Liska * g++.dg/ubsan/vptr-12.C: New test. --- gcc/cp/decl.c | 3 ++- gcc/testsuite/g++.dg/ubsan/vptr-12.C | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 gcc/testsuite/g++.dg/ubsan/vptr-12.C diff --git a/gcc/cp/decl.c b/gcc/cp/decl.c index 15a8d283353..69636e30008 100644 --- a/gcc/cp/decl.c +++ b/gcc/cp/decl.c @@ -15281,7 +15281,8 @@ begin_destructor_body (void) /* Clobbering an empty base is harmful if it overlays real data. */ && !is_empty_class (current_class_type)) { - if (sanitize_flags_p (SANITIZE_VPTR)) + if (sanitize_flags_p (SANITIZE_VPTR) + && (flag_sanitize_recover & SANITIZE_VPTR) == 0) { tree fndecl = builtin_decl_explicit (BUILT_IN_MEMSET); tree call = build_call_expr (fndecl, 3, diff --git a/gcc/testsuite/g++.dg/ubsan/vptr-12.C b/gcc/testsuite/g++.dg/ubsan/vptr-12.C new file mode 100644 index 00000000000..96c8473d757 --- /dev/null +++ b/gcc/testsuite/g++.dg/ubsan/vptr-12.C @@ -0,0 +1,26 @@ +// { dg-do run } +// { dg-shouldfail "ubsan" } +// { dg-options "-fsanitize=vptr -fno-sanitize-recover=vptr" } + +struct MyClass +{ + virtual ~MyClass () {} + virtual void + Doit () + { + } +}; + +int +main () +{ + MyClass *c = new MyClass; + c->~MyClass (); + c->Doit (); + + return 0; +} + +// { dg-output "\[^\n\r]*vptr-12.C:19:\[0-9]*: runtime error: member call on address 0x\[0-9a-fA-F]* which does not point to an object of type 'MyClass'(\n|\r\n|\r)" } +// { dg-output "0x\[0-9a-fA-F]*: note: object has invalid vptr(\n|\r\n|\r)" } +