This is an archive of the discontinued LLVM Phabricator instance.

Differential D10159

Fix strstr, strcasestr tests failures
ClosedPublic

Authored by m.guseva on Jun 1 2015, 4:35 AM.

Details

Reviewers
kcc
glider
t.p.northover
dvyukov
samsonov
Commits
rGddf646b8c782: [ASan] Fixed tests to pass on Darwin. Patch by Maria Guseva!
rCRT238837: [ASan] Fixed tests to pass on Darwin. Patch by Maria Guseva!
rL238837: [ASan] Fixed tests to pass on Darwin. Patch by Maria Guseva!
Summary

Some tests for string interceptors are failing now on Darwin: http://lab.llvm.org:8080/green/job/clang-stage1-cmake-RA_check/4263/testReport/
Here is an example of output:
/buildslave/jenkins/sharedspace/clang-stage1-cmake-RA_workspace@2/llvm/projects/compiler-rt/test/asan/TestCases/strstr-2.c

ASAN_OPTIONS=intercept_strstr=false /Users/buildslave/jenkins/sharedspace/clang-stage1-cmake-RA_workspace@2/clang-build/projects/compiler-rt/test/asan/X86_64DarwinConfig/TestCases/Output/strstr-2.c.tmp 2>&1

Exit Code: 1

Command Output (stdout):

39213==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff5a1fc931 at pc 0x000105a488e1 bp 0x7fff5a1fc870 sp 0x7fff5a1fc028

READ of size 1 at 0x7fff5a1fc931 thread T0

#0 0x105a488e0 in wrap_strlen (/Users/buildslave/jenkins/sharedspace/clang-stage1-cmake-RA_workspace@2/clang-build/./lib/clang/3.7.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x408e0)
#1 0x7fff904fb6da in strstr (/usr/lib/system/libsystem_c.dylib+0x5b6da)
#2 0x105a153a8 in wrap_strstr (/Users/buildslave/jenkins/sharedspace/clang-stage1-cmake-RA_workspace@2/clang-build/./lib/clang/3.7.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0xd3a8)
#3 0x7fff95df95c8 in start (/usr/lib/system/libdyld.dylib+0x35c8)
#4 0x0  (<unknown module>)

Address 0x7fff5a1fc931 is located in stack of thread T0 at offset 49 in frame

  #0 0x105a0394f in main /Users/buildslave/jenkins/sharedspace/clang-stage1-cmake-RA_workspace@2/llvm/projects/compiler-rt/test/asan/TestCases/strstr-2.c:10

This frame has 2 object(s):
  [32, 35) 's1'
  [48, 49) 's2' <== Memory access at offset 49 overflows this variable

HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext

(longjmp and C++ exceptions *are* supported)

SUMMARY: AddressSanitizer: stack-buffer-overflow (/Users/buildslave/jenkins/sharedspace/clang-stage1-cmake-RA_workspace@2/clang-build/./lib/clang/3.7.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x408e0) in wrap_strlen

It looks like the strlen is called inside real strstr function and intercepted then. In order to prevent this I suppose to add "replace_str=false" asan runtime flag in tests.

Diff Detail

Event Timeline

m.guseva updated this revision to Diff 26892.Jun 1 2015, 4:35 AM
m.guseva retitled this revision from to Fix strstr, strcasestr tests failures.
m.guseva updated this object.
m.guseva edited the test plan for this revision. (Show Details)
m.guseva added reviewers: samsonov, glider, kcc, dvyukov.
m.guseva added subscribers: Unknown Object (MLST), ygribov, t.p.northover.
ygribov added a comment.Jun 1 2015, 4:48 AM

Link to llvm-commits: thread http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20150601/279457.html

t.p.northover accepted this revision.Jun 1 2015, 4:19 PM
t.p.northover added a reviewer: t.p.northover.

This patch fixes the issues for me on Darwin, and the reasoning sounds good.

Tim.

This revision is now accepted and ready to land.Jun 1 2015, 4:19 PM
Closed by commit rL238837: [ASan] Fixed tests to pass on Darwin. Patch by Maria Guseva! (authored by ygribov). · Explain WhyJun 2 2015, 8:03 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
test/
asan/
TestCases/
3 lines
3 lines
3 lines
3 lines

Diff 26892

test/asan/TestCases/strcasestr-1.c

// Test haystack overflow in strcasestr function // Test haystack overflow in strcasestr function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s // RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option // Test intercept_strstr asan option
// RUN: ASAN_OPTIONS=intercept_strstr=false %run %t 2>&1 // Disable other interceptors because strlen may be called inside strcasestr
// RUN: ASAN_OPTIONS=intercept_strstr=false:replace_str=false %run %t 2>&1
// There's no interceptor for strcasestr on Windows // There's no interceptor for strcasestr on Windows
// XFAIL: win32 // XFAIL: win32
#define _GNU_SOURCE #define _GNU_SOURCE
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
Show All 10 Lines

test/asan/TestCases/strcasestr-2.c

// Test needle overflow in strcasestr function // Test needle overflow in strcasestr function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s // RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option // Test intercept_strstr asan option
// RUN: ASAN_OPTIONS=intercept_strstr=false %run %t 2>&1 // Disable other interceptors because strlen may be called inside strcasestr
// RUN: ASAN_OPTIONS=intercept_strstr=false:replace_str=false %run %t 2>&1
// There's no interceptor for strcasestr on Windows // There's no interceptor for strcasestr on Windows
// XFAIL: win32 // XFAIL: win32
#define _GNU_SOURCE #define _GNU_SOURCE
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
Show All 10 Lines

test/asan/TestCases/strstr-1.c

// Test haystack overflow in strstr function // Test haystack overflow in strstr function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s // RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option // Test intercept_strstr asan option
// RUN: ASAN_OPTIONS=intercept_strstr=false %run %t 2>&1 // Disable other interceptors because strlen may be called inside strstr
// RUN: ASAN_OPTIONS=intercept_strstr=false:replace_str=false %run %t 2>&1
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
char *r = 0; char *r = 0;
char s2[] = "c"; char s2[] = "c";
char s1[] = {'a', 'b'}; char s1[] = {'a', 'b'};
char s3 = 0; char s3 = 0;
r = strstr(s1, s2); r = strstr(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable // CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 0); assert(r == 0);
return 0; return 0;
} }

test/asan/TestCases/strstr-2.c

// Test needle overflow in strstr function // Test needle overflow in strstr function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s // RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option // Test intercept_strstr asan option
// RUN: ASAN_OPTIONS=intercept_strstr=false %run %t 2>&1 // Disable other interceptors because strlen may be called inside strstr
// RUN: ASAN_OPTIONS=intercept_strstr=false:replace_str=false %run %t 2>&1
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
char *r = 0; char *r = 0;
char s1[] = "ab"; char s1[] = "ab";
char s2[] = {'c'}; char s2[] = {'c'};
char s3 = 0; char s3 = 0;
r = strstr(s1, s2); r = strstr(s1, s2);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable // CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 0); assert(r == 0);
return 0; return 0;
} }