6502/llvm-6502
1
0
Fork 0
mirror of https://github.com/c64scene-ar/llvm-6502.git synced 2024-07-02 22:30:36 +00:00
Code Issues Projects Releases Wiki Activity

asan: fix overflows in isSafeAccess

Browse Source 
As pointed out in http://reviews.llvm.org/D7583
The current checks can cause overflows when object size/access offset cross Quintillion bytes.

http://reviews.llvm.org/D8193



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@232358 91177308-0d34-0410-b5e6-96231b3b80d8
This commit is contained in:
Dmitry Vyukov 2015-03-16 08:04:26 +00:00
parent 56150f2724
commit 828c4066dd
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/Transforms/Instrumentation/AddressSanitizer.cpp
View File

@ -2051,12 +2051,12 @@ bool AddressSanitizer::isSafeAccess(ObjectSizeOffsetVisitor &ObjSizeVis,
Value *Addr, uint64_t TypeSize) const {
SizeOffsetType SizeOffset = ObjSizeVis.compute(Addr);
if (!ObjSizeVis.bothKnown(SizeOffset)) return false;
int64_t Size = SizeOffset.first.getSExtValue();
uint64_t Size = SizeOffset.first.getZExtValue();
int64_t Offset = SizeOffset.second.getSExtValue();
// Three checks are required to ensure safety:
// . Offset >= 0 (since the offset is given from the base ptr)
// . Size >= Offset (unsigned)
// . Size - Offset >= NeededSize (unsigned)
return Offset >= 0 && Size >= Offset &&
uint64_t(Size - Offset) >= TypeSize / 8;
return Offset >= 0 && Size >= uint64_t(Offset) &&
Size - uint64_t(Offset) >= TypeSize / 8;
}