Index: lib/asan/asan_mac.cc =================================================================== --- lib/asan/asan_mac.cc +++ lib/asan/asan_mac.cc @@ -33,17 +33,18 @@ #endif #include // for dladdr() +#include +#include #include #include +#include +#include // for free() #include #include #include #include -#include -#include -#include // for free() #include -#include +#include namespace __asan { @@ -272,11 +273,6 @@ // The implementation details are at // http://libdispatch.macosforge.org/trac/browser/trunk/src/queue.c -typedef void* dispatch_group_t; -typedef void* dispatch_queue_t; -typedef void* dispatch_source_t; -typedef u64 dispatch_time_t; -typedef void (*dispatch_function_t)(void *block); typedef void* (*worker_t)(void *block); // A wrapper for the ObjC blocks used to support libdispatch. @@ -399,6 +395,15 @@ work(); \ } +#define GET_ASAN_BLOCK_XPC(work) \ + void (^asan_block)(xpc_object_t object); \ + int parent_tid = GetCurrentTidOrInvalid(); \ + asan_block = ^(xpc_object_t object) { \ + GET_STACK_TRACE_THREAD; \ + asan_register_worker_thread(parent_tid, &stack); \ + work(object); \ + } + INTERCEPTOR(void, dispatch_async, dispatch_queue_t dq, void(^work)(void)) { ENABLE_FRAME_POINTER; @@ -437,6 +442,37 @@ GET_ASAN_BLOCK(work); REAL(dispatch_source_set_event_handler)(ds, asan_block); } + +INTERCEPTOR(void, xpc_connection_send_message_with_reply, + xpc_connection_t connection, xpc_object_t message, + dispatch_queue_t replyq, xpc_handler_t handler) { + ENABLE_FRAME_POINTER; + GET_ASAN_BLOCK_XPC(handler); + REAL(xpc_connection_send_message_with_reply)(connection, message, replyq, + asan_block); +} + +INTERCEPTOR(void, xpc_connection_set_event_handler, xpc_connection_t connection, + xpc_handler_t handler) { + ENABLE_FRAME_POINTER; + GET_ASAN_BLOCK_XPC(handler); + REAL(xpc_connection_set_event_handler)(connection, asan_block); +} + +INTERCEPTOR(void, xpc_set_event_stream_handler, const char *stream, + dispatch_queue_t targetq, xpc_handler_t handler) { + ENABLE_FRAME_POINTER; + GET_ASAN_BLOCK_XPC(handler); + REAL(xpc_set_event_stream_handler)(stream, targetq, asan_block); +} + +INTERCEPTOR(void, xpc_connection_send_barrier, xpc_connection_t connection, + dispatch_block_t barrier) { + ENABLE_FRAME_POINTER; + GET_ASAN_BLOCK(barrier); + REAL(xpc_connection_send_barrier)(connection, asan_block); +} + #endif #endif // SANITIZER_MAC Index: test/asan/TestCases/Darwin/xpc_interceptors.mm =================================================================== --- test/asan/TestCases/Darwin/xpc_interceptors.mm +++ test/asan/TestCases/Darwin/xpc_interceptors.mm @@ -0,0 +1,37 @@ +// Check that blocks executed on the XPC callback queue are handled correctly by +// ASan. + +// RUN: %clangxx_asan -O0 %s -o %t -framework Foundation && not %run %t 2>&1 | FileCheck %s + +#import +#include +#include + +int main() { + // Set up a 5-second timeout. + dispatch_after(dispatch_time(DISPATCH_TIME_NOW, 5 * NSEC_PER_SEC), + dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), + ^{ + exit(0); + }); + + xpc_connection_t _connection = xpc_connection_create_mach_service( + "com.example.non.existing.xpc", NULL, 0); + + xpc_connection_set_event_handler(_connection, ^(xpc_object_t event) { + char *mem = (char *)malloc(10); + NSLog(@"mem = %p", mem); + + // Without the XPC API interceptors, this would cause an assertion failure + // when describing the current thread (XPC callback thread). + fprintf(stderr, "%s\n", mem + 10); // BOOM. + // CHECK: ERROR: AddressSanitizer: heap-buffer-overflow + // CHECK: READ of size 1 at + // CHECK: allocated by thread + // CHECK: {{ #0 0x.* in .*malloc}} + }); + + xpc_connection_resume(_connection); + dispatch_main(); + return 0; +}