From patchwork Tue Nov 29 10:44:11 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Martin_Li=C5=A1ka?= <mliska@suse.cz>
X-Patchwork-Id: 84551
Delivered-To: patch@linaro.org
Received: by 10.140.20.101 with SMTP id 92csp1535756qgi;
 Tue, 29 Nov 2016 02:44:37 -0800 (PST)
X-Received: by 10.84.143.68 with SMTP id 62mr13968203ply.63.1480416277725;
 Tue, 29 Nov 2016 02:44:37 -0800 (PST)
Return-Path: <gcc-patches-return-442872-patch=linaro.org@gcc.gnu.org>
Received: from sourceware.org (server1.sourceware.org. [209.132.180.131])
 by mx.google.com with ESMTPS id
 c68si59334301pfj.98.2016.11.29.02.44.37 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 29 Nov 2016 02:44:37 -0800 (PST)
Received-SPF: pass (google.com: domain of
 gcc-patches-return-442872-patch=linaro.org@gcc.gnu.org
 designates 209.132.180.131 as permitted sender)
 client-ip=209.132.180.131; 
Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org;
 spf=pass (google.com: domain of
 gcc-patches-return-442872-patch=linaro.org@gcc.gnu.org
 designates 209.132.180.131 as permitted sender)
 smtp.mailfrom=gcc-patches-return-442872-patch=linaro.org@gcc.gnu.org
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
 :list-unsubscribe:list-archive:list-post:list-help:sender:to:cc
 :from:subject:message-id:date:mime-version:content-type; q=dns;
 s=default; b=eLVBG+Ragw0OxHn6/+hPbD5fgQD5zdzfbvpCSDI3HpsPFqd2D1
 VlOo7KHZpXwLNSI0GL6TB3w7qwCHBUQpKkW+p2o8biwJH44llwD4qjx8gVtBi48K
 VeUIIBpm9CU8qxbPRFLwRO+b4I4QGYuTO43O0z6jbI4x/BsoPAEcMMMzs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
 :list-unsubscribe:list-archive:list-post:list-help:sender:to:cc
 :from:subject:message-id:date:mime-version:content-type; s=
 default; bh=buEy8bAWVG14DCusvEHqKyW8r9c=; b=rmyg0I+EhSZy54EzDFjO
 SECTERh1EbIkNiiFkbc7WERdKE6H+kHzMao2BDoMzL2qPGZbKynt7A76DdkEVDJl
 0KlD/JV0aSa5OkiZZJTBNj2kiv80CJrePUtejCpwnzJPXghEyHg583UOGLE4wML1
 1HE80Lk0tsppZPtYIaNCeiI=
Received: (qmail 72147 invoked by alias); 29 Nov 2016 10:44:24 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <mailto:gcc-patches-unsubscribe-patch=linaro.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 72126 invoked by uid 89); 29 Nov 2016 10:44:23 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
 SPF_PASS autolearn=ham version=3.3.2 spammy=belonging, READ,
 *x, Hx-languages-length:3087
X-HELO: mx2.suse.de
Received: from mx2.suse.de (HELO mx2.suse.de) (195.135.220.15) by
 sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;
 Tue, 29 Nov 2016 10:44:13 +0000
Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254])	by
 mx2.suse.de (Postfix) with ESMTP id 7362FABE7;
 Tue, 29 Nov 2016 10:44:11 +0000 (UTC)
To: GCC Patches <gcc-patches@gcc.gnu.org>
Cc: Jakub Jelinek <jakub@redhat.com>
From: =?UTF-8?Q?Martin_Li=c5=a1ka?= <mliska@suse.cz>
Subject: [PATCH] Support nested functions (PR sanitize/78541).
Message-ID: <470f7038-bf95-714c-f9b0-4ce7f32a76f6@suse.cz>
Date: Tue, 29 Nov 2016 11:44:11 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
X-IsSubscribed: yes

Currently we an assert that prevents proper use-after-scope sanitization
in nested functions. With the attached patch, we are able to do so.
I'm adding 2 test-cases, first one is the ICE reported in PR and the second
one tests proper report of use-after-scope passed by FRAME belonging to a
nested function call.

Patch can bootstrap on ppc64le-redhat-linux and survives regression tests.

Ready to be installed?
Martin

>From 8e02ebdf64a82f0dfc7be531a38702497dece26b Mon Sep 17 00:00:00 2001
From: marxin <mliska@suse.cz>
Date: Mon, 28 Nov 2016 13:05:33 +0100
Subject: [PATCH] Support nested functions (PR sanitize/78541).

gcc/testsuite/ChangeLog:

2016-11-28  Martin Liska  <mliska@suse.cz>

	PR sanitize/78541
	* gcc.dg/asan/pr78541-2.c: New test.
	* gcc.dg/asan/pr78541.c: New test.

gcc/ChangeLog:

2016-11-28  Martin Liska  <mliska@suse.cz>

	PR sanitize/78541
	* asan.c (asan_expand_mark_ifn): Properly
	select a VAR_DECL from FRAME.* component reference.
---
 gcc/asan.c                            |  6 ++++++
 gcc/testsuite/gcc.dg/asan/pr78541-2.c | 10 ++++++++++
 gcc/testsuite/gcc.dg/asan/pr78541.c   | 25 +++++++++++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 gcc/testsuite/gcc.dg/asan/pr78541-2.c
 create mode 100644 gcc/testsuite/gcc.dg/asan/pr78541.c

diff --git a/gcc/asan.c b/gcc/asan.c
index 6e93ea3..cb5d615 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -2713,6 +2713,12 @@ asan_expand_mark_ifn (gimple_stmt_iterator *iter)
   tree base = gimple_call_arg (g, 1);
   gcc_checking_assert (TREE_CODE (base) == ADDR_EXPR);
   tree decl = TREE_OPERAND (base, 0);
+
+  /* For a nested function, we can have: ASAN_MARK (2, &FRAME.2.fp_input, 4) */
+  if (TREE_CODE (decl) == COMPONENT_REF
+      && DECL_NONLOCAL_FRAME (TREE_OPERAND (decl, 0)))
+    decl = TREE_OPERAND (decl, 0);
+
   gcc_checking_assert (TREE_CODE (decl) == VAR_DECL);
   if (asan_handled_variables == NULL)
     asan_handled_variables = new hash_set<tree> (16);
diff --git a/gcc/testsuite/gcc.dg/asan/pr78541-2.c b/gcc/testsuite/gcc.dg/asan/pr78541-2.c
new file mode 100644
index 0000000..44be19c
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/pr78541-2.c
@@ -0,0 +1,10 @@
+/* PR sanitizer/78560 */
+/* { dg-do compile } */
+
+void __quadmath_mpn_extract_flt128 (long *fp_input);
+
+int fn1 ()
+{
+  long fp_input[1];
+  int hack_digit () { __quadmath_mpn_extract_flt128 (fp_input); }
+}
diff --git a/gcc/testsuite/gcc.dg/asan/pr78541.c b/gcc/testsuite/gcc.dg/asan/pr78541.c
new file mode 100644
index 0000000..fb02082
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/pr78541.c
@@ -0,0 +1,25 @@
+// PR sanitizer/78560
+// { dg-do run }
+// { dg-shouldfail "asan" }
+
+void foo (double a, double b)
+{
+  double *ptr;
+    {
+      double x = a + b;
+      ptr = &x;
+    }
+ double square () { __builtin_printf ("", *ptr); }
+
+ square ();
+}
+
+int main()
+{
+  foo (1.2f, 2.3f);
+  return 0;
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size.*" }
+// { dg-output ".*'x' <== Memory access at offset \[0-9\]* is inside this variable.*" }
-- 
2.10.2