review.tizen.org Git - platform/upstream/llvm.git/commit

author	Peter Collingbourne <peter@pcc.me.uk>
	Fri, 11 Sep 2015 22:18:35 +0000 (22:18 +0000)
committer	Peter Collingbourne <peter@pcc.me.uk>
	Fri, 11 Sep 2015 22:18:35 +0000 (22:18 +0000)
commit	cf303a4d8b2a0795f10f59691c98212c0951daa5
tree	2ff7a593b51a389170b50be63207abd78eb86a78	tree \| snapshot
parent	983366ab12d0d46cbeeba2e8e2c3f299bcf49ac7	commit \| diff

ubsan: Implement memory permission validation for vtables.

If the pointer passed to the getVtablePrefix function was read from a freed
object, we may end up following pointers into objects on the heap and
printing bogus dynamic type names in diagnostics. However, we know that
vtable pointers will generally only point into memory mapped from object
files, not objects on the heap.

This change causes us to only follow pointers in a vtable if the vtable
and one of the virtual functions it points to appear to have appropriate
permissions (i.e. non-writable, and maybe executable), which will generally
exclude heap pointers.

Only enabled for Linux; this hasn't been tested on FreeBSD, and vtables are
writable on Mac (PR24782) so this won't work there.

Differential Revision: http://reviews.llvm.org/D12790

llvm-svn: 247484

compiler-rt/lib/ubsan/ubsan_type_hash_itanium.cc		diff \| blob \| history
compiler-rt/test/ubsan/TestCases/TypeCheck/vptr-bad-perms.cpp	[new file with mode: 0644]	blob
compiler-rt/test/ubsan/lit.common.cfg		diff \| blob \| history