Fix not caught use-after-scope with -O1 (PR sanitize/78106)

PR sanitizer/78106 * sanopt.c (imm_dom_path_with_freeing_call): Handle gasm statements as they can also contain possibly a freeing call. PR sanitizer/78106 * gcc.dg/asan/pr78106.c: New test. From-SVN: r241511
2016-10-25 16:16:10 +02:00 · 2016-10-25 16:16:10 +02:00 · 8e10495178
parent b93ee1bb06
commit 8e10495178
4 changed files with 47 additions and 1 deletions
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@ -1,3 +1,9 @@
+2016-10-25  Martin Liska  <mliska@suse.cz>
+
+	PR sanitizer/78106
+	* sanopt.c (imm_dom_path_with_freeing_call): Handle gasm
+	statements as they can also contain possibly a freeing call.
+
 2016-10-25  H.J. Lu  <hongjiu.lu@intel.com>
 	    Martin Liska  <mliska@suse.cz>

--- a/gcc/sanopt.c
+++ b/gcc/sanopt.c
@ -211,8 +211,12 @@ imm_dom_path_with_freeing_call (basic_block bb, basic_block dom)
      for (gsi = gsi_start_bb (e->src); !gsi_end_p (gsi); gsi_next (&gsi))
 	{
 	  gimple *stmt = gsi_stmt (gsi);
+	  gasm *asm_stmt;

-	  if (is_gimple_call (stmt) && !nonfreeing_call_p (stmt))
+	  if ((is_gimple_call (stmt) && !nonfreeing_call_p (stmt))
+	      || ((asm_stmt = dyn_cast <gasm *> (stmt))
+		  && (gimple_asm_clobbers_memory_p (asm_stmt)
+		      || gimple_asm_volatile_p (asm_stmt))))
 	    {
 	      pred_info->has_freeing_call_p = true;
 	      break;
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@ -1,3 +1,8 @@
+2016-10-25  Martin Liska  <mliska@suse.cz>
+
+	PR sanitizer/78106
+	* gcc.dg/asan/pr78106.c: New test.
+
 2016-10-25  Martin Liska  <mliska@suse.cz>

 	* gcc.dg/ipa/ipa-icf-32.c: Removed one scanned pattern.
--- a/gcc/testsuite/gcc.dg/asan/pr78106.c
+++ b/gcc/testsuite/gcc.dg/asan/pr78106.c
@ -0,0 +1,31 @@
+/* PR sanitizer/78106 */
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=address -fdump-tree-sanopt-details" } */
+
+int *variable;
+
+void __attribute__((used)) release()
+{
+  __builtin_free (variable);
+}
+
+int main2(int argc)
+{
+  *variable = 2;
+
+  if (argc <= 5)
+    asm volatile ("call release");
+
+  *variable = 2;
+  __builtin_abort ();
+
+  return 0;
+}
+
+int main(int argc, char **argv)
+{
+  variable = __builtin_malloc (sizeof(int));
+  return main2(argc);
+}
+
+/* { dg-final { scan-tree-dump-not "Optimizing out(\n|\r\n|\r)  ASAN_CHECK \\(7, variable.*" "sanopt" } } */