forked from llvm/llvm-project
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[libc++] Add an ABI setting to harden unique_ptr<T[]>::operator[] (ll…
…vm#91798) This allows catching OOB accesses inside `unique_ptr<T[]>` when the size of the allocation is known. The size of the allocation can be known when the unique_ptr has been created with make_unique & friends or when the type necessitates an array cookie before the allocation. This is a re-aplpication of 45a09d1 which had been reverted in f11abac due to unrelated CI failures.
- Loading branch information
Showing
13 changed files
with
645 additions
and
58 deletions.
There are no files selected for viewing
2 changes: 1 addition & 1 deletion
2
libcxx/cmake/caches/Generic-hardening-mode-fast-with-abi-breaks.cmake
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
set(LIBCXX_HARDENING_MODE "fast" CACHE STRING "") | ||
set(LIBCXX_ABI_DEFINES "_LIBCPP_ABI_BOUNDED_ITERATORS;_LIBCPP_ABI_BOUNDED_ITERATORS_IN_STRING;_LIBCPP_ABI_BOUNDED_ITERATORS_IN_VECTOR" CACHE STRING "") | ||
set(LIBCXX_ABI_DEFINES "_LIBCPP_ABI_BOUNDED_ITERATORS;_LIBCPP_ABI_BOUNDED_ITERATORS_IN_STRING;_LIBCPP_ABI_BOUNDED_ITERATORS_IN_VECTOR;_LIBCPP_ABI_BOUNDED_UNIQUE_PTR" CACHE STRING "") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
// -*- C++ -*- | ||
//===----------------------------------------------------------------------===// | ||
// | ||
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. | ||
// See https://llvm.org/LICENSE.txt for license information. | ||
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception | ||
// | ||
//===----------------------------------------------------------------------===// | ||
|
||
#ifndef _LIBCPP___MEMORY_ARRAY_COOKIE_H | ||
#define _LIBCPP___MEMORY_ARRAY_COOKIE_H | ||
|
||
#include <__config> | ||
#include <__configuration/abi.h> | ||
#include <__type_traits/integral_constant.h> | ||
#include <__type_traits/is_trivially_destructible.h> | ||
#include <__type_traits/negation.h> | ||
#include <cstddef> | ||
|
||
#if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER) | ||
# pragma GCC system_header | ||
#endif | ||
|
||
_LIBCPP_BEGIN_NAMESPACE_STD | ||
|
||
// Trait representing whether a type requires an array cookie at the start of its allocation when | ||
// allocated as `new T[n]` and deallocated as `delete array`. | ||
// | ||
// Under the Itanium C++ ABI [1], we know that an array cookie is available unless `T` is trivially | ||
// destructible and the call to `operator delete[]` is not a sized operator delete. Under ABIs other | ||
// than the Itanium ABI, we assume there are no array cookies. | ||
// | ||
// [1]: https://itanium-cxx-abi.github.io/cxx-abi/abi.html#array-cookies | ||
#ifdef _LIBCPP_ABI_ITANIUM | ||
// TODO: Use a builtin instead | ||
// TODO: We should factor in the choice of the usual deallocation function in this determination. | ||
template <class _Tp> | ||
struct __has_array_cookie : _Not<is_trivially_destructible<_Tp> > {}; | ||
#else | ||
template <class _Tp> | ||
struct __has_array_cookie : false_type {}; | ||
#endif | ||
|
||
template <class _Tp> | ||
// Avoid failures when -fsanitize-address-poison-custom-array-cookie is enabled | ||
_LIBCPP_HIDE_FROM_ABI _LIBCPP_NO_SANITIZE("address") size_t __get_array_cookie(_Tp const* __ptr) { | ||
static_assert( | ||
__has_array_cookie<_Tp>::value, "Trying to access the array cookie of a type that is not guaranteed to have one"); | ||
size_t const* __cookie = reinterpret_cast<size_t const*>(__ptr) - 1; // TODO: Use a builtin instead | ||
return *__cookie; | ||
} | ||
|
||
_LIBCPP_END_NAMESPACE_STD | ||
|
||
#endif // _LIBCPP___MEMORY_ARRAY_COOKIE_H |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.