1 //===-- ubsan_handlers.cc -------------------------------------------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // Error logging entry points for the UBSan runtime.
12 //===----------------------------------------------------------------------===//
14 #include "ubsan_platform.h"
16 #include "ubsan_handlers.h"
17 #include "ubsan_diag.h"
18 #include "ubsan_flags.h"
19 #include "ubsan_monitor.h"
21 #include "sanitizer_common/sanitizer_common.h"
23 using namespace __sanitizer;
24 using namespace __ubsan;
27 bool ignoreReport(SourceLocation SLoc, ReportOptions Opts, ErrorType ET) {
28 // We are not allowed to skip error report: if we are in unrecoverable
29 // handler, we have to terminate the program right now, and therefore
30 // have to print some diagnostic.
32 // Even if source location is disabled, it doesn't mean that we have
33 // already report an error to the user: some concurrently running
34 // thread could have acquired it, but not yet printed the report.
35 if (Opts.FromUnrecoverableHandler)
37 return SLoc.isDisabled() || IsPCSuppressed(ET, Opts.pc, SLoc.getFilename());
40 const char *TypeCheckKinds[] = {
41 "load of", "store to", "reference binding to", "member access within",
42 "member call on", "constructor call on", "downcast of", "downcast of",
43 "upcast of", "cast to virtual base of", "_Nonnull binding to",
44 "dynamic operation on"};
47 static void handleTypeMismatchImpl(TypeMismatchData *Data, ValueHandle Pointer,
49 Location Loc = Data->Loc.acquire();
51 uptr Alignment = (uptr)1 << Data->LogAlignment;
54 ET = ErrorType::NullPointerUse;
55 else if (Pointer & (Alignment - 1))
56 ET = ErrorType::MisalignedPointerUse;
58 ET = ErrorType::InsufficientObjectSize;
60 // Use the SourceLocation from Data to track deduplication, even if it's
62 if (ignoreReport(Loc.getSourceLocation(), Opts, ET))
65 SymbolizedStackHolder FallbackLoc;
66 if (Data->Loc.isInvalid()) {
67 FallbackLoc.reset(getCallerLocation(Opts.pc));
71 ScopedReport R(Opts, Loc, ET);
74 case ErrorType::NullPointerUse:
75 Diag(Loc, DL_Error, ET, "%0 null pointer of type %1")
76 << TypeCheckKinds[Data->TypeCheckKind] << Data->Type;
78 case ErrorType::MisalignedPointerUse:
79 Diag(Loc, DL_Error, ET, "%0 misaligned address %1 for type %3, "
80 "which requires %2 byte alignment")
81 << TypeCheckKinds[Data->TypeCheckKind] << (void *)Pointer << Alignment
84 case ErrorType::InsufficientObjectSize:
85 Diag(Loc, DL_Error, ET, "%0 address %1 with insufficient space "
86 "for an object of type %2")
87 << TypeCheckKinds[Data->TypeCheckKind] << (void *)Pointer << Data->Type;
90 UNREACHABLE("unexpected error type!");
94 Diag(Pointer, DL_Note, ET, "pointer points here");
97 void __ubsan::__ubsan_handle_type_mismatch_v1(TypeMismatchData *Data,
98 ValueHandle Pointer) {
99 GET_REPORT_OPTIONS(false);
100 handleTypeMismatchImpl(Data, Pointer, Opts);
102 void __ubsan::__ubsan_handle_type_mismatch_v1_abort(TypeMismatchData *Data,
103 ValueHandle Pointer) {
104 GET_REPORT_OPTIONS(true);
105 handleTypeMismatchImpl(Data, Pointer, Opts);
109 /// \brief Common diagnostic emission for various forms of integer overflow.
110 template <typename T>
111 static void handleIntegerOverflowImpl(OverflowData *Data, ValueHandle LHS,
112 const char *Operator, T RHS,
113 ReportOptions Opts) {
114 SourceLocation Loc = Data->Loc.acquire();
115 bool IsSigned = Data->Type.isSignedIntegerTy();
116 ErrorType ET = IsSigned ? ErrorType::SignedIntegerOverflow
117 : ErrorType::UnsignedIntegerOverflow;
119 if (ignoreReport(Loc, Opts, ET))
122 if (!IsSigned && flags()->silence_unsigned_overflow)
125 ScopedReport R(Opts, Loc, ET);
127 Diag(Loc, DL_Error, ET, "%0 integer overflow: "
128 "%1 %2 %3 cannot be represented in type %4")
129 << (IsSigned ? "signed" : "unsigned") << Value(Data->Type, LHS)
130 << Operator << RHS << Data->Type;
133 #define UBSAN_OVERFLOW_HANDLER(handler_name, op, unrecoverable) \
134 void __ubsan::handler_name(OverflowData *Data, ValueHandle LHS, \
136 GET_REPORT_OPTIONS(unrecoverable); \
137 handleIntegerOverflowImpl(Data, LHS, op, Value(Data->Type, RHS), Opts); \
142 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_add_overflow, "+", false)
143 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_add_overflow_abort, "+", true)
144 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_sub_overflow, "-", false)
145 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_sub_overflow_abort, "-", true)
146 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_mul_overflow, "*", false)
147 UBSAN_OVERFLOW_HANDLER(__ubsan_handle_mul_overflow_abort, "*", true)
149 static void handleNegateOverflowImpl(OverflowData *Data, ValueHandle OldVal,
150 ReportOptions Opts) {
151 SourceLocation Loc = Data->Loc.acquire();
152 bool IsSigned = Data->Type.isSignedIntegerTy();
153 ErrorType ET = IsSigned ? ErrorType::SignedIntegerOverflow
154 : ErrorType::UnsignedIntegerOverflow;
156 if (ignoreReport(Loc, Opts, ET))
159 if (!IsSigned && flags()->silence_unsigned_overflow)
162 ScopedReport R(Opts, Loc, ET);
165 Diag(Loc, DL_Error, ET,
166 "negation of %0 cannot be represented in type %1; "
167 "cast to an unsigned type to negate this value to itself")
168 << Value(Data->Type, OldVal) << Data->Type;
170 Diag(Loc, DL_Error, ET, "negation of %0 cannot be represented in type %1")
171 << Value(Data->Type, OldVal) << Data->Type;
174 void __ubsan::__ubsan_handle_negate_overflow(OverflowData *Data,
175 ValueHandle OldVal) {
176 GET_REPORT_OPTIONS(false);
177 handleNegateOverflowImpl(Data, OldVal, Opts);
179 void __ubsan::__ubsan_handle_negate_overflow_abort(OverflowData *Data,
180 ValueHandle OldVal) {
181 GET_REPORT_OPTIONS(true);
182 handleNegateOverflowImpl(Data, OldVal, Opts);
186 static void handleDivremOverflowImpl(OverflowData *Data, ValueHandle LHS,
187 ValueHandle RHS, ReportOptions Opts) {
188 SourceLocation Loc = Data->Loc.acquire();
189 Value LHSVal(Data->Type, LHS);
190 Value RHSVal(Data->Type, RHS);
193 if (RHSVal.isMinusOne())
194 ET = ErrorType::SignedIntegerOverflow;
195 else if (Data->Type.isIntegerTy())
196 ET = ErrorType::IntegerDivideByZero;
198 ET = ErrorType::FloatDivideByZero;
200 if (ignoreReport(Loc, Opts, ET))
203 ScopedReport R(Opts, Loc, ET);
206 case ErrorType::SignedIntegerOverflow:
207 Diag(Loc, DL_Error, ET,
208 "division of %0 by -1 cannot be represented in type %1")
209 << LHSVal << Data->Type;
212 Diag(Loc, DL_Error, ET, "division by zero");
217 void __ubsan::__ubsan_handle_divrem_overflow(OverflowData *Data,
218 ValueHandle LHS, ValueHandle RHS) {
219 GET_REPORT_OPTIONS(false);
220 handleDivremOverflowImpl(Data, LHS, RHS, Opts);
222 void __ubsan::__ubsan_handle_divrem_overflow_abort(OverflowData *Data,
225 GET_REPORT_OPTIONS(true);
226 handleDivremOverflowImpl(Data, LHS, RHS, Opts);
230 static void handleShiftOutOfBoundsImpl(ShiftOutOfBoundsData *Data,
231 ValueHandle LHS, ValueHandle RHS,
232 ReportOptions Opts) {
233 SourceLocation Loc = Data->Loc.acquire();
234 Value LHSVal(Data->LHSType, LHS);
235 Value RHSVal(Data->RHSType, RHS);
238 if (RHSVal.isNegative() ||
239 RHSVal.getPositiveIntValue() >= Data->LHSType.getIntegerBitWidth())
240 ET = ErrorType::InvalidShiftExponent;
242 ET = ErrorType::InvalidShiftBase;
244 if (ignoreReport(Loc, Opts, ET))
247 ScopedReport R(Opts, Loc, ET);
249 if (ET == ErrorType::InvalidShiftExponent) {
250 if (RHSVal.isNegative())
251 Diag(Loc, DL_Error, ET, "shift exponent %0 is negative") << RHSVal;
253 Diag(Loc, DL_Error, ET,
254 "shift exponent %0 is too large for %1-bit type %2")
255 << RHSVal << Data->LHSType.getIntegerBitWidth() << Data->LHSType;
257 if (LHSVal.isNegative())
258 Diag(Loc, DL_Error, ET, "left shift of negative value %0") << LHSVal;
260 Diag(Loc, DL_Error, ET,
261 "left shift of %0 by %1 places cannot be represented in type %2")
262 << LHSVal << RHSVal << Data->LHSType;
266 void __ubsan::__ubsan_handle_shift_out_of_bounds(ShiftOutOfBoundsData *Data,
269 GET_REPORT_OPTIONS(false);
270 handleShiftOutOfBoundsImpl(Data, LHS, RHS, Opts);
272 void __ubsan::__ubsan_handle_shift_out_of_bounds_abort(
273 ShiftOutOfBoundsData *Data,
276 GET_REPORT_OPTIONS(true);
277 handleShiftOutOfBoundsImpl(Data, LHS, RHS, Opts);
281 static void handleOutOfBoundsImpl(OutOfBoundsData *Data, ValueHandle Index,
282 ReportOptions Opts) {
283 SourceLocation Loc = Data->Loc.acquire();
284 ErrorType ET = ErrorType::OutOfBoundsIndex;
286 if (ignoreReport(Loc, Opts, ET))
289 ScopedReport R(Opts, Loc, ET);
291 Value IndexVal(Data->IndexType, Index);
292 Diag(Loc, DL_Error, ET, "index %0 out of bounds for type %1")
293 << IndexVal << Data->ArrayType;
296 void __ubsan::__ubsan_handle_out_of_bounds(OutOfBoundsData *Data,
298 GET_REPORT_OPTIONS(false);
299 handleOutOfBoundsImpl(Data, Index, Opts);
301 void __ubsan::__ubsan_handle_out_of_bounds_abort(OutOfBoundsData *Data,
303 GET_REPORT_OPTIONS(true);
304 handleOutOfBoundsImpl(Data, Index, Opts);
308 static void handleBuiltinUnreachableImpl(UnreachableData *Data,
309 ReportOptions Opts) {
310 ErrorType ET = ErrorType::UnreachableCall;
311 ScopedReport R(Opts, Data->Loc, ET);
312 Diag(Data->Loc, DL_Error, ET,
313 "execution reached an unreachable program point");
316 void __ubsan::__ubsan_handle_builtin_unreachable(UnreachableData *Data) {
317 GET_REPORT_OPTIONS(true);
318 handleBuiltinUnreachableImpl(Data, Opts);
322 static void handleMissingReturnImpl(UnreachableData *Data, ReportOptions Opts) {
323 ErrorType ET = ErrorType::MissingReturn;
324 ScopedReport R(Opts, Data->Loc, ET);
325 Diag(Data->Loc, DL_Error, ET,
326 "execution reached the end of a value-returning function "
327 "without returning a value");
330 void __ubsan::__ubsan_handle_missing_return(UnreachableData *Data) {
331 GET_REPORT_OPTIONS(true);
332 handleMissingReturnImpl(Data, Opts);
336 static void handleVLABoundNotPositive(VLABoundData *Data, ValueHandle Bound,
337 ReportOptions Opts) {
338 SourceLocation Loc = Data->Loc.acquire();
339 ErrorType ET = ErrorType::NonPositiveVLAIndex;
341 if (ignoreReport(Loc, Opts, ET))
344 ScopedReport R(Opts, Loc, ET);
346 Diag(Loc, DL_Error, ET, "variable length array bound evaluates to "
347 "non-positive value %0")
348 << Value(Data->Type, Bound);
351 void __ubsan::__ubsan_handle_vla_bound_not_positive(VLABoundData *Data,
353 GET_REPORT_OPTIONS(false);
354 handleVLABoundNotPositive(Data, Bound, Opts);
356 void __ubsan::__ubsan_handle_vla_bound_not_positive_abort(VLABoundData *Data,
358 GET_REPORT_OPTIONS(true);
359 handleVLABoundNotPositive(Data, Bound, Opts);
363 static bool looksLikeFloatCastOverflowDataV1(void *Data) {
364 // First field is either a pointer to filename or a pointer to a
366 u8 *FilenameOrTypeDescriptor;
367 internal_memcpy(&FilenameOrTypeDescriptor, Data,
368 sizeof(FilenameOrTypeDescriptor));
370 // Heuristic: For float_cast_overflow, the TypeKind will be either TK_Integer
371 // (0x0), TK_Float (0x1) or TK_Unknown (0xff). If both types are known,
372 // adding both bytes will be 0 or 1 (for BE or LE). If it were a filename,
373 // adding two printable characters will not yield such a value. Otherwise,
374 // if one of them is 0xff, this is most likely TK_Unknown type descriptor.
375 u16 MaybeFromTypeKind =
376 FilenameOrTypeDescriptor[0] + FilenameOrTypeDescriptor[1];
377 return MaybeFromTypeKind < 2 || FilenameOrTypeDescriptor[0] == 0xff ||
378 FilenameOrTypeDescriptor[1] == 0xff;
381 static void handleFloatCastOverflow(void *DataPtr, ValueHandle From,
382 ReportOptions Opts) {
383 SymbolizedStackHolder CallerLoc;
385 const TypeDescriptor *FromType, *ToType;
386 ErrorType ET = ErrorType::FloatCastOverflow;
388 if (looksLikeFloatCastOverflowDataV1(DataPtr)) {
389 auto Data = reinterpret_cast<FloatCastOverflowData *>(DataPtr);
390 CallerLoc.reset(getCallerLocation(Opts.pc));
392 FromType = &Data->FromType;
393 ToType = &Data->ToType;
395 auto Data = reinterpret_cast<FloatCastOverflowDataV2 *>(DataPtr);
396 SourceLocation SLoc = Data->Loc.acquire();
397 if (ignoreReport(SLoc, Opts, ET))
400 FromType = &Data->FromType;
401 ToType = &Data->ToType;
404 ScopedReport R(Opts, Loc, ET);
406 Diag(Loc, DL_Error, ET,
407 "%0 is outside the range of representable values of type %2")
408 << Value(*FromType, From) << *FromType << *ToType;
411 void __ubsan::__ubsan_handle_float_cast_overflow(void *Data, ValueHandle From) {
412 GET_REPORT_OPTIONS(false);
413 handleFloatCastOverflow(Data, From, Opts);
415 void __ubsan::__ubsan_handle_float_cast_overflow_abort(void *Data,
417 GET_REPORT_OPTIONS(true);
418 handleFloatCastOverflow(Data, From, Opts);
422 static void handleLoadInvalidValue(InvalidValueData *Data, ValueHandle Val,
423 ReportOptions Opts) {
424 SourceLocation Loc = Data->Loc.acquire();
425 // This check could be more precise if we used different handlers for
426 // -fsanitize=bool and -fsanitize=enum.
427 bool IsBool = (0 == internal_strcmp(Data->Type.getTypeName(), "'bool'")) ||
428 (0 == internal_strncmp(Data->Type.getTypeName(), "'BOOL'", 6));
430 IsBool ? ErrorType::InvalidBoolLoad : ErrorType::InvalidEnumLoad;
432 if (ignoreReport(Loc, Opts, ET))
435 ScopedReport R(Opts, Loc, ET);
437 Diag(Loc, DL_Error, ET,
438 "load of value %0, which is not a valid value for type %1")
439 << Value(Data->Type, Val) << Data->Type;
442 void __ubsan::__ubsan_handle_load_invalid_value(InvalidValueData *Data,
444 GET_REPORT_OPTIONS(false);
445 handleLoadInvalidValue(Data, Val, Opts);
447 void __ubsan::__ubsan_handle_load_invalid_value_abort(InvalidValueData *Data,
449 GET_REPORT_OPTIONS(true);
450 handleLoadInvalidValue(Data, Val, Opts);
454 static void handleImplicitConversion(ImplicitConversionData *Data,
455 ReportOptions Opts, ValueHandle Src,
457 SourceLocation Loc = Data->Loc.acquire();
458 ErrorType ET = ErrorType::GenericUB;
460 switch (Data->Kind) {
461 case ICCK_IntegerTruncation:
462 ET = ErrorType::ImplicitIntegerTruncation;
466 if (ignoreReport(Loc, Opts, ET))
469 const TypeDescriptor &SrcTy = Data->FromType;
470 const TypeDescriptor &DstTy = Data->ToType;
472 ScopedReport R(Opts, Loc, ET);
474 // FIXME: is it possible to dump the values as hex with fixed width?
476 Diag(Loc, DL_Error, ET,
477 "implicit conversion from type %0 of value %1 (%2-bit, %3signed) to "
478 "type %4 changed the value to %5 (%6-bit, %7signed)")
479 << SrcTy << Value(SrcTy, Src) << SrcTy.getIntegerBitWidth()
480 << (SrcTy.isSignedIntegerTy() ? "" : "un") << DstTy << Value(DstTy, Dst)
481 << DstTy.getIntegerBitWidth() << (DstTy.isSignedIntegerTy() ? "" : "un");
484 void __ubsan::__ubsan_handle_implicit_conversion(ImplicitConversionData *Data,
487 GET_REPORT_OPTIONS(false);
488 handleImplicitConversion(Data, Opts, Src, Dst);
490 void __ubsan::__ubsan_handle_implicit_conversion_abort(
491 ImplicitConversionData *Data, ValueHandle Src, ValueHandle Dst) {
492 GET_REPORT_OPTIONS(true);
493 handleImplicitConversion(Data, Opts, Src, Dst);
497 static void handleInvalidBuiltin(InvalidBuiltinData *Data, ReportOptions Opts) {
498 SourceLocation Loc = Data->Loc.acquire();
499 ErrorType ET = ErrorType::InvalidBuiltin;
501 if (ignoreReport(Loc, Opts, ET))
504 ScopedReport R(Opts, Loc, ET);
506 Diag(Loc, DL_Error, ET,
507 "passing zero to %0, which is not a valid argument")
508 << ((Data->Kind == BCK_CTZPassedZero) ? "ctz()" : "clz()");
511 void __ubsan::__ubsan_handle_invalid_builtin(InvalidBuiltinData *Data) {
512 GET_REPORT_OPTIONS(true);
513 handleInvalidBuiltin(Data, Opts);
515 void __ubsan::__ubsan_handle_invalid_builtin_abort(InvalidBuiltinData *Data) {
516 GET_REPORT_OPTIONS(true);
517 handleInvalidBuiltin(Data, Opts);
521 static void handleFunctionTypeMismatch(FunctionTypeMismatchData *Data,
522 ValueHandle Function,
523 ReportOptions Opts) {
524 SourceLocation CallLoc = Data->Loc.acquire();
525 ErrorType ET = ErrorType::FunctionTypeMismatch;
527 if (ignoreReport(CallLoc, Opts, ET))
530 ScopedReport R(Opts, CallLoc, ET);
532 SymbolizedStackHolder FLoc(getSymbolizedLocation(Function));
533 const char *FName = FLoc.get()->info.function;
537 Diag(CallLoc, DL_Error, ET,
538 "call to function %0 through pointer to incorrect function type %1")
539 << FName << Data->Type;
540 Diag(FLoc, DL_Note, ET, "%0 defined here") << FName;
544 __ubsan::__ubsan_handle_function_type_mismatch(FunctionTypeMismatchData *Data,
545 ValueHandle Function) {
546 GET_REPORT_OPTIONS(false);
547 handleFunctionTypeMismatch(Data, Function, Opts);
550 void __ubsan::__ubsan_handle_function_type_mismatch_abort(
551 FunctionTypeMismatchData *Data, ValueHandle Function) {
552 GET_REPORT_OPTIONS(true);
553 handleFunctionTypeMismatch(Data, Function, Opts);
557 static void handleNonNullReturn(NonNullReturnData *Data, SourceLocation *LocPtr,
558 ReportOptions Opts, bool IsAttr) {
560 UNREACHABLE("source location pointer is null!");
562 SourceLocation Loc = LocPtr->acquire();
563 ErrorType ET = ErrorType::InvalidNullReturn;
565 if (ignoreReport(Loc, Opts, ET))
568 ScopedReport R(Opts, Loc, ET);
570 Diag(Loc, DL_Error, ET,
571 "null pointer returned from function declared to never return null");
572 if (!Data->AttrLoc.isInvalid())
573 Diag(Data->AttrLoc, DL_Note, ET, "%0 specified here")
574 << (IsAttr ? "returns_nonnull attribute"
575 : "_Nonnull return type annotation");
578 void __ubsan::__ubsan_handle_nonnull_return_v1(NonNullReturnData *Data,
579 SourceLocation *LocPtr) {
580 GET_REPORT_OPTIONS(false);
581 handleNonNullReturn(Data, LocPtr, Opts, true);
584 void __ubsan::__ubsan_handle_nonnull_return_v1_abort(NonNullReturnData *Data,
585 SourceLocation *LocPtr) {
586 GET_REPORT_OPTIONS(true);
587 handleNonNullReturn(Data, LocPtr, Opts, true);
591 void __ubsan::__ubsan_handle_nullability_return_v1(NonNullReturnData *Data,
592 SourceLocation *LocPtr) {
593 GET_REPORT_OPTIONS(false);
594 handleNonNullReturn(Data, LocPtr, Opts, false);
597 void __ubsan::__ubsan_handle_nullability_return_v1_abort(
598 NonNullReturnData *Data, SourceLocation *LocPtr) {
599 GET_REPORT_OPTIONS(true);
600 handleNonNullReturn(Data, LocPtr, Opts, false);
604 static void handleNonNullArg(NonNullArgData *Data, ReportOptions Opts,
606 SourceLocation Loc = Data->Loc.acquire();
607 ErrorType ET = ErrorType::InvalidNullArgument;
609 if (ignoreReport(Loc, Opts, ET))
612 ScopedReport R(Opts, Loc, ET);
614 Diag(Loc, DL_Error, ET,
615 "null pointer passed as argument %0, which is declared to "
618 if (!Data->AttrLoc.isInvalid())
619 Diag(Data->AttrLoc, DL_Note, ET, "%0 specified here")
620 << (IsAttr ? "nonnull attribute" : "_Nonnull type annotation");
623 void __ubsan::__ubsan_handle_nonnull_arg(NonNullArgData *Data) {
624 GET_REPORT_OPTIONS(false);
625 handleNonNullArg(Data, Opts, true);
628 void __ubsan::__ubsan_handle_nonnull_arg_abort(NonNullArgData *Data) {
629 GET_REPORT_OPTIONS(true);
630 handleNonNullArg(Data, Opts, true);
634 void __ubsan::__ubsan_handle_nullability_arg(NonNullArgData *Data) {
635 GET_REPORT_OPTIONS(false);
636 handleNonNullArg(Data, Opts, false);
639 void __ubsan::__ubsan_handle_nullability_arg_abort(NonNullArgData *Data) {
640 GET_REPORT_OPTIONS(true);
641 handleNonNullArg(Data, Opts, false);
645 static void handlePointerOverflowImpl(PointerOverflowData *Data,
648 ReportOptions Opts) {
649 SourceLocation Loc = Data->Loc.acquire();
650 ErrorType ET = ErrorType::PointerOverflow;
652 if (ignoreReport(Loc, Opts, ET))
655 ScopedReport R(Opts, Loc, ET);
657 if ((sptr(Base) >= 0) == (sptr(Result) >= 0)) {
659 Diag(Loc, DL_Error, ET,
660 "addition of unsigned offset to %0 overflowed to %1")
661 << (void *)Base << (void *)Result;
663 Diag(Loc, DL_Error, ET,
664 "subtraction of unsigned offset from %0 overflowed to %1")
665 << (void *)Base << (void *)Result;
667 Diag(Loc, DL_Error, ET,
668 "pointer index expression with base %0 overflowed to %1")
669 << (void *)Base << (void *)Result;
673 void __ubsan::__ubsan_handle_pointer_overflow(PointerOverflowData *Data,
675 ValueHandle Result) {
676 GET_REPORT_OPTIONS(false);
677 handlePointerOverflowImpl(Data, Base, Result, Opts);
680 void __ubsan::__ubsan_handle_pointer_overflow_abort(PointerOverflowData *Data,
682 ValueHandle Result) {
683 GET_REPORT_OPTIONS(true);
684 handlePointerOverflowImpl(Data, Base, Result, Opts);
688 static void handleCFIBadIcall(CFICheckFailData *Data, ValueHandle Function,
689 ReportOptions Opts) {
690 if (Data->CheckKind != CFITCK_ICall && Data->CheckKind != CFITCK_NVMFCall)
693 SourceLocation Loc = Data->Loc.acquire();
694 ErrorType ET = ErrorType::CFIBadType;
696 if (ignoreReport(Loc, Opts, ET))
699 ScopedReport R(Opts, Loc, ET);
701 const char *CheckKindStr = Data->CheckKind == CFITCK_NVMFCall
702 ? "non-virtual pointer to member function call"
703 : "indirect function call";
704 Diag(Loc, DL_Error, ET,
705 "control flow integrity check for type %0 failed during %1")
706 << Data->Type << CheckKindStr;
708 SymbolizedStackHolder FLoc(getSymbolizedLocation(Function));
709 const char *FName = FLoc.get()->info.function;
712 Diag(FLoc, DL_Note, ET, "%0 defined here") << FName;
714 // If the failure involved different DSOs for the check location and icall
715 // target, report the DSO names.
716 const char *DstModule = FLoc.get()->info.module;
718 DstModule = "(unknown)";
720 const char *SrcModule = Symbolizer::GetOrInit()->GetModuleNameForPc(Opts.pc);
722 SrcModule = "(unknown)";
724 if (internal_strcmp(SrcModule, DstModule))
725 Diag(Loc, DL_Note, ET,
726 "check failed in %0, destination function located in %1")
727 << SrcModule << DstModule;
732 #ifdef UBSAN_CAN_USE_CXXABI
736 extern "C" void __ubsan_handle_cfi_bad_type_default(CFICheckFailData *Data,
739 ReportOptions Opts) {
743 WIN_WEAK_ALIAS(__ubsan_handle_cfi_bad_type, __ubsan_handle_cfi_bad_type_default)
745 SANITIZER_WEAK_ATTRIBUTE
747 void __ubsan_handle_cfi_bad_type(CFICheckFailData *Data, ValueHandle Vtable,
748 bool ValidVtable, ReportOptions Opts);
751 void __ubsan_handle_cfi_bad_type(CFICheckFailData *Data, ValueHandle Vtable,
752 bool ValidVtable, ReportOptions Opts) {
757 } // namespace __ubsan
759 void __ubsan::__ubsan_handle_cfi_check_fail(CFICheckFailData *Data,
762 GET_REPORT_OPTIONS(false);
763 if (Data->CheckKind == CFITCK_ICall || Data->CheckKind == CFITCK_NVMFCall)
764 handleCFIBadIcall(Data, Value, Opts);
766 __ubsan_handle_cfi_bad_type(Data, Value, ValidVtable, Opts);
769 void __ubsan::__ubsan_handle_cfi_check_fail_abort(CFICheckFailData *Data,
772 GET_REPORT_OPTIONS(true);
773 if (Data->CheckKind == CFITCK_ICall || Data->CheckKind == CFITCK_NVMFCall)
774 handleCFIBadIcall(Data, Value, Opts);
776 __ubsan_handle_cfi_bad_type(Data, Value, ValidVtable, Opts);
780 #endif // CAN_SANITIZE_UB