This is an archive of the discontinued LLVM Phabricator instance.

Differential D6056

Moar string interceptors: strstr, strcasestr, strcspn, strpbrk
AbandonedPublic

Authored by m.guseva on Oct 31 2014, 7:47 AM.

Details

Reviewers
kcc
glider
samsonov
Summary

This is a patch for Issue 346: moar string interceptors: strstr, strcasestr, strcspn, strpbrk

New interceptors check all bytes in second argument but in first argument check range is based on return value. Some of existing interceptors also uses this approach (like asan strchr) while other just check the full length of s1(like strstr in tsan). I prefered the first approach as more accurate. What do you find more convinient for these interceptors?

To solve overlap of asan-specific replace_str flag and new common replace_strstr/replace_strcspn flags I've chosen more priority for replace_str flag: when it is false all str interceptors(including new ones) are disabled.

Diff Detail

Event Timeline

m.guseva updated this revision to Diff 15621.Oct 31 2014, 7:47 AM
m.guseva retitled this revision from to Moar string interceptors: strstr, strcasestr, strcspn, strpbrk.
m.guseva updated this object.
m.guseva edited the test plan for this revision. (Show Details)
m.guseva updated this object.Oct 31 2014, 8:12 AM
m.guseva added reviewers: glider, kcc, samsonov.
m.guseva added subscribers: ygribov, Unknown Object (MLST).
m.guseva added a comment.Nov 12 2014, 4:22 AM

Ping.

glider edited edge metadata.Nov 12 2014, 4:42 AM

Sorry, looks like this has slipped through the cracks. I'll take a look now.

Can you please upload the whole context using `svn diff
--diff-cmd=diff -x -U999999` next time?

glider added a comment.Nov 12 2014, 5:02 AM

There are several places where the shadow checks are too aggressive compared to what the glibc implementations of these functions do.
Because the standards are unlikely to define which optimizations are applicable to each function, I think we'd better be more conservative here.

lib/sanitizer_common/sanitizer_common_interceptors.inc
260

If haystack is shorter than the needle, there's no point in reading the whole contents of needle.
The generic glibc implementation of strstr() indeed makes this optimization (not sure about the SSE-based ones).

302

Only in the case when s1 is not an empty string, otherwise there's no point in reading s2.

312

I never realized all these functions crash if we pass NULL as one of the arguments.
Fortunately we don't need to handle that.

320

This is a bit pessimistic. For the following call:

strpbrk("foobar", "fb")

only the first byte of |s2| will be read.

lib/sanitizer_common/sanitizer_flags.cc
161 ↗(On Diff #15621)

It's not clear why replace_strcspn controls the behavior of strpbrk()
I suggest to either rename the flag to "replace_strcspn_strpbrk" or introduce the "replace_strpbrk" flag.
My dream is to ultimately have a dynamically generated "replace_xyz" flag for almost every interceptor, so the second option is better IMO.

ygribov added a comment.Nov 12 2014, 10:09 AM

Because the standards are unlikely to define which optimizations are applicable to each function,
I think we'd better be more conservative here.

That's questionable. Some users (e.g. me) would very much prefer to get a warning even about potential errors. Can we have a flag for this like we already have for strict_memcmp and alloc_dealloc_mismatch?

joerg added a subscriber: joerg.Nov 12 2014, 12:23 PM

The interceptors should enforce the contract. For all string functions without explicit size argument, this means that the input is a valid nul-terminated string. Different implementations take different optimisation short cuts, but depending on such implementation details is part of what the interceptors should expose.

ygribov added a comment.Nov 12 2014, 12:47 PM

The interceptors should enforce the contract.

I believe sanitizer folks are in unfortunate situation where they have to deal with tons of legacy crap which relies heavily on glibc quirks (there's a lot of code like this, some in binary form with no ability to recompile). So I can feel their pain. On the other hand we shouldn't force users which deal with saner codebases (me or Joerg) to use overly conservative tool.

kcc edited edge metadata.Nov 12 2014, 1:20 PM

As long as the aggressive behavior can be disabled by a flag (similar to what we have to do with strict_memcmp, or just by disabling the whole interceptor logic) I am ok with this.

ygribov added a comment.Nov 12 2014, 1:42 PM

As long as the aggressive behavior can be disabled by a flag ... I am ok with this.

I guess we can do this for already existing interceptors as well? What setting should be default?

kcc added a comment.Nov 12 2014, 2:06 PM
In D6056#13, @ygribov wrote:

As long as the aggressive behavior can be disabled by a flag ... I am ok with this.

I guess we can do this for already existing interceptors as well?

Well, if you want to ...

What setting should be default?

I am fine with the most aggressive default

m.guseva updated this revision to Diff 17561.Dec 22 2014, 7:32 AM
m.guseva edited edge metadata.

Hi all
I've uploaded another patch for new string interceptors. As it was discussed in comments above I've introduced new flag "strict_str" in order to control aggressive checks for strings arguments. So I've also updated all existing interceptors with "const char*" arguments and added strict checks wherever they were missed.

kcc added a comment.Dec 22 2014, 1:00 PM

I like the whole thing, the more interceptors the better.
Statistically, such large changes in interceptors are risky, so please don't commit before the end of holidays in RU, even if you get LGTM before that.
Please also add a documentation blob to the commit message so that we can later copy-paste it into
https://code.google.com/p/address-sanitizer/wiki/Flags

glider, please apply this patch and try it on chrome.

lib/asan/asan_rtl.cc
130 ↗(On Diff #17561)

Is this necessary?
Such things are sometimes unavoidable, but they complicate the code, the understanding and the documentation.
I'd rather prefer users to add more flags...

test/asan/TestCases/atoi_strict.c
4

also, add a 3-rd run with no flag so that we test the default behaviour.
same for other tests.

m.guseva added inline comments.Dec 23 2014, 12:26 AM
lib/asan/asan_rtl.cc
130 ↗(On Diff #17561)

If we remove it there will be still some uncertainty in documentation. From user's point of view it's not clear which interceptors replace_str controls and which not. I supposed it should control all of them and overwrite other replace_str* flags in non default case. Otherwise I think it must be specified that replace_str controls only some subset of string interceptiors while for rest there are custom flags. Shouldn't we to fix the replace_str description for that case?

m.guseva updated this revision to Diff 17587.Dec 23 2014, 1:23 AM
m.guseva added inline comments.
test/asan/TestCases/atoi_strict.c
4

Added in Diff 17587.

glider added inline comments.Dec 24 2014, 9:36 AM
lib/msan/msan_interceptors.cc
96

Am I right that you're only using this macro with n=0?

lib/sanitizer_common/sanitizer_common_interceptors.inc
328

Please put a space before the colon.

2431

I suggest putting the UNUSED function under the #ifdef below and remove the UNUSED attribute.

2457

You don't need IsValidStrtolBase anymore:

bool is_valid_base = (base == 0) || (2 <= base && base <= 36);
if (is_valid_base) {
  ...
}
COMMON_INTERCEPTOR_READ_STRING(ctx, nptr, is_valid_base ? ...)
4796

Chrome's net_unittests crash for me with the following stacktrace:

Program received signal SIGSEGV, Segmentation fault.
__sanitizer::internal_strlen (s=s@entry=0x0)
    at /usr/local/google/ssd/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_libc.cc:155
155	  while (s[i]) i++;
(gdb) bt
#0  __sanitizer::internal_strlen (s=s@entry=0x0)
    at /usr/local/google/ssd/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_libc.cc:155
#1  0x000000000059f080 in __interceptor_dlopen (filename=filename@entry=0x0, 
    flag=flag@entry=1)
    at /usr/local/google/ssd/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:4759
#2  0x00007ffff5167ec2 in pr_FindSymbolInProg (
    name=0x7ffff517f29f "nspr_use_zone_allocator") at prmem.c:98
#3  0x00007ffff5167fad in _PR_InitZones () at prmem.c:154
...

We'll need to add yet another dlopen() test once we figure out what's wrong.

lib/sanitizer_common/sanitizer_flags.cc
167 ↗(On Diff #17587)

I think we need to be consistent in naming the flags that disable interceptors.
There's already "intercept_tls_get_addr", so we either need to change it (no need to do that in this CL) or rename your flags into "intercept_something".
(Note that "intrin" in "replace_intrin" isn't a function name, so you don't need to be consistent with that).

173 ↗(On Diff #17587)

I think "strict_string_checks" is more informative, but that's bikeshedding.

lib/tsan/rtl/tsan_interceptors.cc
245

nit: spare whitespace before ')'

test/asan/TestCases/atoi_strict.c
15

Can you please add a space after the 'CHECK:' label here and below?

test/asan/TestCases/strstr-1.c
14

Note that you can use #ifdef directives and different check prefixes to combine related test cases into one file.

test/asan/Unit/lit.site.cfg.in
33

Why do you need this line?

test/sanitizer_common/TestCases/strcasestr.c
4

Why? Is that because strcasestr() is unavailable on Windows?

ygribov added inline comments.Dec 24 2014, 12:15 PM
lib/msan/msan_interceptors.cc
96

I think Maria wanted added n to anticipate future work on conservative length checking.

lib/sanitizer_common/sanitizer_common_interceptors.inc
4796

Looks like COMMON_INTERCEPTOR_READ_STRING needs a check for NULL.

test/asan/Unit/lit.site.cfg.in
33

AFAIR unit tests are not strict_str-safe.

glider added inline comments.Dec 25 2014, 1:31 AM
test/asan/Unit/lit.site.cfg.in
33

Is that something we may want to fix?
If so, please file a bug and add a TODO

m.guseva added inline comments.Dec 25 2014, 7:44 AM
lib/msan/msan_interceptors.cc
96

ygribov
I think Maria wanted added n to anticipate future work on conservative length checking.

Exactly.

lib/sanitizer_common/sanitizer_common_interceptors.inc
2431

These functions were moved from asan_interceptors.cc source where they are used in strtol-related interceptors. Some of them(strtol\atoi\atol) are not under any if directive. Is there any better place where to put this helpers to be shared by asan and common interceptors?

4796

Here is my bug. It needs check for NULL before COMMON_INTERCEPTOR_READ_STRING. Cause dlopen accepts null filename pointer as a normal argument and then there is nothing to check here. In other interceptors (e.g strsmthing) NULL pointer arg is an error case. So the program should fail with segfault. And it will in internal_strlen. I'll recheck other modified interceptors for such cases.

lib/sanitizer_common/sanitizer_flags.cc
167 ↗(On Diff #17587)

The "replace_" flags were suggested in original issue. I agree it should be aligned with existing one.

test/asan/Unit/lit.site.cfg.in
33

ygribov
AFAIR unit tests are not strict_str-safe.

Right. I saw fails caused by checks relied on standard optimizations in string functions. And I didn't want to remove these tests at all cause they seems meaningful.

glider added inline comments.Dec 26 2014, 12:54 AM
lib/sanitizer_common/sanitizer_common_interceptors.inc
2431

Oh, sorry, I've missed that.
It's fine to keep these functions as is (I still think IsValidStrtolBase is unnecessary and can be removed)

lib/sanitizer_common/sanitizer_flags.cc
167 ↗(On Diff #17587)

Let's see what Kostya and Alexey think.

kubamracek added a subscriber: kubamracek.Dec 26 2014, 1:18 AM
kcc added a comment.Jan 15 2015, 2:38 PM

Sorry for the delay in the review. Frankly, I've lost the track of who is waiting for whose reply.
Large changes are hard to review, I wonder If you could split it into a few smaller ones?

ygribov added a comment.Jan 15 2015, 8:36 PM

I thought Maria was going to upload a new revision.

m.guseva updated this revision to Diff 18524.Jan 21 2015, 9:09 AM

Hi all
I've prepared new patch with fixes suggested in glider's review. I've also done merge with recent trunk. Please take a look.

Regarding splitting the patch:
indeed there two main changes in this patch:

  1. new strict_string_checks run-time flag introduced and applied for existing common, asan, msan and tsan interceptors. New asan tests added for this flag.
  2. new interceptors added as it was suggested in original request(strstr, strcasestr, strcspn, strpbrk) with strict_string_checks flag supported. New common and asan tests added for them.

If it wil be easier I can split patch in these two correspondingly. If so should I attach both to this revision? Or create new one?

m.guseva added inline comments.Jan 21 2015, 9:18 AM
test/sanitizer_common/TestCases/strcasestr.c
4

Yes. I've referenced printf-*.c tests as printf is not intercepted on Windows. Althouth there is a difference because strcasestr is unavailable at all on Windows so it won't even compile. What do you think is more correct way to exclude it?

kcc added a comment.Jan 21 2015, 12:43 PM

Yes, please split it.
If there is a good logical split point -- always try to do that.
Code reviews often have O(N^2) complexity, you don't want N to be too large.

kcc added a comment.Jan 21 2015, 12:43 PM

(Just create two fresh patches and abandon this one)

m.guseva added a comment.Jan 22 2015, 3:06 AM

Submitted first separate patch: New "strict_string_checks" run-time flag http://reviews.llvm.org/D7123
The second one(new interceptors) depends on this so I'll submit it when the first review passed.

m.guseva abandoned this revision.Jan 27 2015, 12:00 AM

Ok, now I am abandoning this revision - let's move all discussions to new splitted patches. So I'm looking for your feedback in http://reviews.llvm.org/D7123 regarding strict_string_checks flag.

Revision Contents

PathSize
lib/
asan/
52 lines
msan/
16 lines
sanitizer_common/
157 lines
11 lines
4 lines
tsan/
rtl/
33 lines
test/
asan/
TestCases/
17 lines
17 lines
17 lines
23 lines
23 lines
23 lines
18 lines
18 lines
19 lines
19 lines
19 lines
18 lines
19 lines
19 lines
19 lines
19 lines
19 lines
19 lines
18 lines
18 lines
Unit/
3 lines
sanitizer_common/
TestCases/
16 lines
13 lines
14 lines
12 lines

Diff 18524

lib/asan/asan_interceptors.cc

Show First 20 LinesShow All 69 Lines▼ Show 20 Lines#define ACCESS_MEMORY_RANGE(ctx, offset, size, isWrite) do { \
} \ } \
} while (0) } while (0)
#define ASAN_READ_RANGE(ctx, offset, size) \ #define ASAN_READ_RANGE(ctx, offset, size) \
ACCESS_MEMORY_RANGE(ctx, offset, size, false) ACCESS_MEMORY_RANGE(ctx, offset, size, false)
#define ASAN_WRITE_RANGE(ctx, offset, size) \ #define ASAN_WRITE_RANGE(ctx, offset, size) \
ACCESS_MEMORY_RANGE(ctx, offset, size, true) ACCESS_MEMORY_RANGE(ctx, offset, size, true)
#define ASAN_READ_STRING(ctx, s, n) \
ASAN_READ_RANGE((ctx), (s), \
common_flags()->strict_string_checks ? internal_strlen(s) + 1 : (n) )
// Behavior of functions like "memcpy" or "strcpy" is undefined // Behavior of functions like "memcpy" or "strcpy" is undefined
// if memory intervals overlap. We report error in this case. // if memory intervals overlap. We report error in this case.
// Macro is used to avoid creation of new frames. // Macro is used to avoid creation of new frames.
static inline bool RangesOverlap(const char *offset1, uptr length1, static inline bool RangesOverlap(const char *offset1, uptr length1,
const char *offset2, uptr length2) { const char *offset2, uptr length2) {
return !((offset1 + length1 <= offset2) || (offset2 + length2 <= offset1)); return !((offset1 + length1 <= offset2) || (offset2 + length2 <= offset1));
} }
#define CHECK_RANGES_OVERLAP(name, _offset1, length1, _offset2, length2) do { \ #define CHECK_RANGES_OVERLAP(name, _offset1, length1, _offset2, length2) do { \
▲ Show 20 LinesShow All 420 Lines▼ Show 20 LinesINTERCEPTOR(char*, strchr, const char *str, int c) {
// used. // used.
if (asan_init_is_running) { if (asan_init_is_running) {
return REAL(strchr)(str, c); return REAL(strchr)(str, c);
} }
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
char *result = REAL(strchr)(str, c); char *result = REAL(strchr)(str, c);
if (flags()->replace_str) { if (flags()->replace_str) {
uptr bytes_read = (result ? result - str : REAL(strlen)(str)) + 1; uptr bytes_read = (result ? result - str : REAL(strlen)(str)) + 1;
ASAN_READ_RANGE(ctx, str, bytes_read); ASAN_READ_STRING(ctx, str, bytes_read);
} }
return result; return result;
} }
#if ASAN_INTERCEPT_INDEX #if ASAN_INTERCEPT_INDEX
# if ASAN_USE_ALIAS_ATTRIBUTE_FOR_INDEX # if ASAN_USE_ALIAS_ATTRIBUTE_FOR_INDEX
INTERCEPTOR(char*, index, const char *string, int c) INTERCEPTOR(char*, index, const char *string, int c)
ALIAS(WRAPPER_NAME(strchr)); ALIAS(WRAPPER_NAME(strchr));
Show All 12 Lines
INTERCEPTOR(char*, strcat, char *to, const char *from) { // NOLINT INTERCEPTOR(char*, strcat, char *to, const char *from) { // NOLINT
void *ctx; void *ctx;
ASAN_INTERCEPTOR_ENTER(ctx, strcat); // NOLINT ASAN_INTERCEPTOR_ENTER(ctx, strcat); // NOLINT
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
if (flags()->replace_str) { if (flags()->replace_str) {
uptr from_length = REAL(strlen)(from); uptr from_length = REAL(strlen)(from);
ASAN_READ_RANGE(ctx, from, from_length + 1); ASAN_READ_RANGE(ctx, from, from_length + 1);
uptr to_length = REAL(strlen)(to); uptr to_length = REAL(strlen)(to);
ASAN_READ_RANGE(ctx, to, to_length); ASAN_READ_STRING(ctx, to, to_length);
ASAN_WRITE_RANGE(ctx, to + to_length, from_length + 1); ASAN_WRITE_RANGE(ctx, to + to_length, from_length + 1);
// If the copying actually happens, the |from| string should not overlap // If the copying actually happens, the |from| string should not overlap
// with the resulting string starting at |to|, which has a length of // with the resulting string starting at |to|, which has a length of
// to_length + from_length + 1. // to_length + from_length + 1.
if (from_length > 0) { if (from_length > 0) {
CHECK_RANGES_OVERLAP("strcat", to, from_length + to_length + 1, CHECK_RANGES_OVERLAP("strcat", to, from_length + to_length + 1,
from, from_length + 1); from, from_length + 1);
} }
} }
return REAL(strcat)(to, from); // NOLINT return REAL(strcat)(to, from); // NOLINT
} }
INTERCEPTOR(char*, strncat, char *to, const char *from, uptr size) { INTERCEPTOR(char*, strncat, char *to, const char *from, uptr size) {
void *ctx; void *ctx;
ASAN_INTERCEPTOR_ENTER(ctx, strncat); ASAN_INTERCEPTOR_ENTER(ctx, strncat);
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
if (flags()->replace_str) { if (flags()->replace_str) {
uptr from_length = MaybeRealStrnlen(from, size); uptr from_length = MaybeRealStrnlen(from, size);
uptr copy_length = Min(size, from_length + 1); uptr copy_length = Min(size, from_length + 1);
ASAN_READ_RANGE(ctx, from, copy_length); ASAN_READ_RANGE(ctx, from, copy_length);
uptr to_length = REAL(strlen)(to); uptr to_length = REAL(strlen)(to);
ASAN_READ_RANGE(ctx, to, to_length); ASAN_READ_STRING(ctx, to, to_length);
ASAN_WRITE_RANGE(ctx, to + to_length, from_length + 1); ASAN_WRITE_RANGE(ctx, to + to_length, from_length + 1);
if (from_length > 0) { if (from_length > 0) {
CHECK_RANGES_OVERLAP("strncat", to, to_length + copy_length + 1, CHECK_RANGES_OVERLAP("strncat", to, to_length + copy_length + 1,
from, copy_length); from, copy_length);
} }
} }
return REAL(strncat)(to, from, size); return REAL(strncat)(to, from, size);
} }
▲ Show 20 LinesShow All 85 Lines▼ Show 20 LinesINTERCEPTOR(uptr, strnlen, const char *s, uptr maxlen) {
uptr length = REAL(strnlen)(s, maxlen); uptr length = REAL(strnlen)(s, maxlen);
if (flags()->replace_str) { if (flags()->replace_str) {
ASAN_READ_RANGE(ctx, s, Min(length + 1, maxlen)); ASAN_READ_RANGE(ctx, s, Min(length + 1, maxlen));
} }
return length; return length;
} }
#endif // ASAN_INTERCEPT_STRNLEN #endif // ASAN_INTERCEPT_STRNLEN
static inline bool IsValidStrtolBase(int base) {
return (base == 0) || (2 <= base && base <= 36);
}
static inline void FixRealStrtolEndptr(const char *nptr, char **endptr) {
CHECK(endptr);
if (nptr == *endptr) {
// No digits were found at strtol call, we need to find out the last
// symbol accessed by strtoll on our own.
// We get this symbol by skipping leading blanks and optional +/- sign.
while (IsSpace(*nptr)) nptr++;
if (*nptr == '+' || *nptr == '-') nptr++;
*endptr = const_cast<char *>(nptr);
}
CHECK(*endptr >= nptr);
}
INTERCEPTOR(long, strtol, const char *nptr, // NOLINT INTERCEPTOR(long, strtol, const char *nptr, // NOLINT
char **endptr, int base) { char **endptr, int base) {
void *ctx; void *ctx;
ASAN_INTERCEPTOR_ENTER(ctx, strtol); ASAN_INTERCEPTOR_ENTER(ctx, strtol);
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
if (!flags()->replace_str) { if (!flags()->replace_str) {
return REAL(strtol)(nptr, endptr, base); return REAL(strtol)(nptr, endptr, base);
} }
char *real_endptr; char *real_endptr;
long result = REAL(strtol)(nptr, &real_endptr, base); // NOLINT long result = REAL(strtol)(nptr, &real_endptr, base); // NOLINT
if (endptr != 0) { StrtolFixAndCheck(ctx, nptr, endptr, real_endptr, base);
*endptr = real_endptr;
}
if (IsValidStrtolBase(base)) {
FixRealStrtolEndptr(nptr, &real_endptr);
ASAN_READ_RANGE(ctx, nptr, (real_endptr - nptr) + 1);
}
return result; return result;
} }
INTERCEPTOR(int, atoi, const char *nptr) { INTERCEPTOR(int, atoi, const char *nptr) {
void *ctx; void *ctx;
ASAN_INTERCEPTOR_ENTER(ctx, atoi); ASAN_INTERCEPTOR_ENTER(ctx, atoi);
#if SANITIZER_MAC #if SANITIZER_MAC
if (UNLIKELY(!asan_inited)) return REAL(atoi)(nptr); if (UNLIKELY(!asan_inited)) return REAL(atoi)(nptr);
#endif #endif
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
if (!flags()->replace_str) { if (!flags()->replace_str) {
return REAL(atoi)(nptr); return REAL(atoi)(nptr);
} }
char *real_endptr; char *real_endptr;
// "man atoi" tells that behavior of atoi(nptr) is the same as // "man atoi" tells that behavior of atoi(nptr) is the same as
// strtol(nptr, 0, 10), i.e. it sets errno to ERANGE if the // strtol(nptr, 0, 10), i.e. it sets errno to ERANGE if the
// parsed integer can't be stored in *long* type (even if it's // parsed integer can't be stored in *long* type (even if it's
// different from int). So, we just imitate this behavior. // different from int). So, we just imitate this behavior.
int result = REAL(strtol)(nptr, &real_endptr, 10); int result = REAL(strtol)(nptr, &real_endptr, 10);
FixRealStrtolEndptr(nptr, &real_endptr); FixRealStrtolEndptr(nptr, &real_endptr);
ASAN_READ_RANGE(ctx, nptr, (real_endptr - nptr) + 1); ASAN_READ_STRING(ctx, nptr, (real_endptr - nptr) + 1);
return result; return result;
} }
INTERCEPTOR(long, atol, const char *nptr) { // NOLINT INTERCEPTOR(long, atol, const char *nptr) { // NOLINT
void *ctx; void *ctx;
ASAN_INTERCEPTOR_ENTER(ctx, atol); ASAN_INTERCEPTOR_ENTER(ctx, atol);
#if SANITIZER_MAC #if SANITIZER_MAC
if (UNLIKELY(!asan_inited)) return REAL(atol)(nptr); if (UNLIKELY(!asan_inited)) return REAL(atol)(nptr);
#endif #endif
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
if (!flags()->replace_str) { if (!flags()->replace_str) {
return REAL(atol)(nptr); return REAL(atol)(nptr);
} }
char *real_endptr; char *real_endptr;
long result = REAL(strtol)(nptr, &real_endptr, 10); // NOLINT long result = REAL(strtol)(nptr, &real_endptr, 10); // NOLINT
FixRealStrtolEndptr(nptr, &real_endptr); FixRealStrtolEndptr(nptr, &real_endptr);
ASAN_READ_RANGE(ctx, nptr, (real_endptr - nptr) + 1); ASAN_READ_STRING(ctx, nptr, (real_endptr - nptr) + 1);
return result; return result;
} }
#if ASAN_INTERCEPT_ATOLL_AND_STRTOLL #if ASAN_INTERCEPT_ATOLL_AND_STRTOLL
INTERCEPTOR(long long, strtoll, const char *nptr, // NOLINT INTERCEPTOR(long long, strtoll, const char *nptr, // NOLINT
char **endptr, int base) { char **endptr, int base) {
void *ctx; void *ctx;
ASAN_INTERCEPTOR_ENTER(ctx, strtoll); ASAN_INTERCEPTOR_ENTER(ctx, strtoll);
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
if (!flags()->replace_str) { if (!flags()->replace_str) {
return REAL(strtoll)(nptr, endptr, base); return REAL(strtoll)(nptr, endptr, base);
} }
char *real_endptr; char *real_endptr;
long long result = REAL(strtoll)(nptr, &real_endptr, base); // NOLINT long long result = REAL(strtoll)(nptr, &real_endptr, base); // NOLINT
if (endptr != 0) { StrtolFixAndCheck(ctx, nptr, endptr, real_endptr, base);
*endptr = real_endptr;
}
// If base has unsupported value, strtoll can exit with EINVAL
// without reading any characters. So do additional checks only
// if base is valid.
if (IsValidStrtolBase(base)) {
FixRealStrtolEndptr(nptr, &real_endptr);
ASAN_READ_RANGE(ctx, nptr, (real_endptr - nptr) + 1);
}
return result; return result;
} }
INTERCEPTOR(long long, atoll, const char *nptr) { // NOLINT INTERCEPTOR(long long, atoll, const char *nptr) { // NOLINT
void *ctx; void *ctx;
ASAN_INTERCEPTOR_ENTER(ctx, atoll); ASAN_INTERCEPTOR_ENTER(ctx, atoll);
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
if (!flags()->replace_str) { if (!flags()->replace_str) {
return REAL(atoll)(nptr); return REAL(atoll)(nptr);
} }
char *real_endptr; char *real_endptr;
long long result = REAL(strtoll)(nptr, &real_endptr, 10); // NOLINT long long result = REAL(strtoll)(nptr, &real_endptr, 10); // NOLINT
FixRealStrtolEndptr(nptr, &real_endptr); FixRealStrtolEndptr(nptr, &real_endptr);
ASAN_READ_RANGE(ctx, nptr, (real_endptr - nptr) + 1); ASAN_READ_STRING(ctx, nptr, (real_endptr - nptr) + 1);
return result; return result;
} }
#endif // ASAN_INTERCEPT_ATOLL_AND_STRTOLL #endif // ASAN_INTERCEPT_ATOLL_AND_STRTOLL
static void AtCxaAtexit(void *unused) { static void AtCxaAtexit(void *unused) {
(void)unused; (void)unused;
StopInitOrderChecking(); StopInitOrderChecking();
} }
▲ Show 20 LinesShow All 145 LinesShow Last 20 Lines

lib/msan/msan_interceptors.cc

Show First 20 LinesShow All 87 Lines▼ Show 20 Lines
// Check that [x, x+n) range is unpoisoned unless we are in a nested // Check that [x, x+n) range is unpoisoned unless we are in a nested
// interceptor. // interceptor.
#define CHECK_UNPOISONED(x, n) \ #define CHECK_UNPOISONED(x, n) \
do { \ do { \
if (!IsInInterceptorScope()) CHECK_UNPOISONED_0(x, n); \ if (!IsInInterceptorScope()) CHECK_UNPOISONED_0(x, n); \
} while (0); } while (0);
#define CHECK_UNPOISONED_STRING(x, n) \
gliderUnsubmitted
Not Done
ReplyInline Actions

Am I right that you're only using this macro with n=0?

glider: Am I right that you're only using this macro with n=0?
ygribovUnsubmitted
Not Done
ReplyInline Actions

I think Maria wanted added n to anticipate future work on conservative length checking.

ygribov: I think Maria wanted added n to anticipate future work on conservative length checking.
m.gusevaAuthorUnsubmitted
Not Done
ReplyInline Actions

ygribov
I think Maria wanted added n to anticipate future work on conservative length checking.

Exactly.

m.guseva: >ygribov >I think Maria wanted added n to anticipate future work on conservative length…
CHECK_UNPOISONED((x), \
common_flags()->strict_string_checks ? internal_strlen(x) + 1 : (n) )
INTERCEPTOR(SIZE_T, fread, void *ptr, SIZE_T size, SIZE_T nmemb, void *file) { INTERCEPTOR(SIZE_T, fread, void *ptr, SIZE_T size, SIZE_T nmemb, void *file) {
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
SIZE_T res = REAL(fread)(ptr, size, nmemb, file); SIZE_T res = REAL(fread)(ptr, size, nmemb, file);
if (res > 0) if (res > 0)
__msan_unpoison(ptr, res *size); __msan_unpoison(ptr, res *size);
return res; return res;
} }
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD
INTERCEPTOR(SIZE_T, fread_unlocked, void *ptr, SIZE_T size, SIZE_T nmemb, INTERCEPTOR(SIZE_T, fread_unlocked, void *ptr, SIZE_T size, SIZE_T nmemb,
void *file) { void *file) {
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
SIZE_T res = REAL(fread_unlocked)(ptr, size, nmemb, file); SIZE_T res = REAL(fread_unlocked)(ptr, size, nmemb, file);
if (res > 0) if (res > 0)
__msan_unpoison(ptr, res *size); __msan_unpoison(ptr, res *size);
return res; return res;
} }
#define MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED INTERCEPT_FUNCTION(fread_unlocked) #define MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED INTERCEPT_FUNCTION(fread_unlocked)
#else #else
#define MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED #define MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED
#endif #endif
INTERCEPTOR(SSIZE_T, readlink, const char *path, char *buf, SIZE_T bufsiz) { INTERCEPTOR(SSIZE_T, readlink, const char *path, char *buf, SIZE_T bufsiz) {
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
CHECK_UNPOISONED_STRING(path, 0)
SSIZE_T res = REAL(readlink)(path, buf, bufsiz); SSIZE_T res = REAL(readlink)(path, buf, bufsiz);
if (res > 0) if (res > 0)
__msan_unpoison(buf, res); __msan_unpoison(buf, res);
return res; return res;
} }
INTERCEPTOR(void *, memcpy, void *dest, const void *src, SIZE_T n) { INTERCEPTOR(void *, memcpy, void *dest, const void *src, SIZE_T n) {
return __msan_memcpy(dest, src, n); return __msan_memcpy(dest, src, n);
▲ Show 20 LinesShow All 149 Lines▼ Show 20 Lines
INTERCEPTOR(SIZE_T, strnlen, const char *s, SIZE_T n) { INTERCEPTOR(SIZE_T, strnlen, const char *s, SIZE_T n) {
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
SIZE_T res = REAL(strnlen)(s, n); SIZE_T res = REAL(strnlen)(s, n);
SIZE_T scan_size = (res == n) ? res : res + 1; SIZE_T scan_size = (res == n) ? res : res + 1;
CHECK_UNPOISONED(s, scan_size); CHECK_UNPOISONED(s, scan_size);
return res; return res;
} }
// FIXME: Add stricter shadow checks in str* interceptors (ex.: strcpy should
// check the shadow of the terminating \0 byte).
INTERCEPTOR(char *, strcpy, char *dest, const char *src) { // NOLINT INTERCEPTOR(char *, strcpy, char *dest, const char *src) { // NOLINT
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
GET_STORE_STACK_TRACE; GET_STORE_STACK_TRACE;
SIZE_T n = REAL(strlen)(src); SIZE_T n = REAL(strlen)(src);
CHECK_UNPOISONED_STRING(src + n, 0);
char *res = REAL(strcpy)(dest, src); // NOLINT char *res = REAL(strcpy)(dest, src); // NOLINT
CopyPoison(dest, src, n + 1, &stack); CopyPoison(dest, src, n + 1, &stack);
return res; return res;
} }
INTERCEPTOR(char *, strncpy, char *dest, const char *src, SIZE_T n) { // NOLINT INTERCEPTOR(char *, strncpy, char *dest, const char *src, SIZE_T n) { // NOLINT
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
GET_STORE_STACK_TRACE; GET_STORE_STACK_TRACE;
SIZE_T copy_size = REAL(strnlen)(src, n); SIZE_T copy_size = REAL(strnlen)(src, n);
if (copy_size < n) if (copy_size < n)
copy_size++; // trailing \0 copy_size++; // trailing \0
char *res = REAL(strncpy)(dest, src, n); // NOLINT char *res = REAL(strncpy)(dest, src, n); // NOLINT
CopyPoison(dest, src, copy_size, &stack); CopyPoison(dest, src, copy_size, &stack);
__msan_unpoison(dest + copy_size, n - copy_size); __msan_unpoison(dest + copy_size, n - copy_size);
return res; return res;
} }
INTERCEPTOR(char *, stpcpy, char *dest, const char *src) { // NOLINT INTERCEPTOR(char *, stpcpy, char *dest, const char *src) { // NOLINT
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
GET_STORE_STACK_TRACE; GET_STORE_STACK_TRACE;
SIZE_T n = REAL(strlen)(src); SIZE_T n = REAL(strlen)(src);
CHECK_UNPOISONED_STRING(src + n, 0);
char *res = REAL(stpcpy)(dest, src); // NOLINT char *res = REAL(stpcpy)(dest, src); // NOLINT
CopyPoison(dest, src, n + 1, &stack); CopyPoison(dest, src, n + 1, &stack);
return res; return res;
} }
INTERCEPTOR(char *, strdup, char *src) { INTERCEPTOR(char *, strdup, char *src) {
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
GET_STORE_STACK_TRACE; GET_STORE_STACK_TRACE;
// On FreeBSD strdup() leverages strlen(). // On FreeBSD strdup() leverages strlen().
InterceptorScope interceptor_scope; InterceptorScope interceptor_scope;
SIZE_T n = REAL(strlen)(src); SIZE_T n = REAL(strlen)(src);
CHECK_UNPOISONED_STRING(src + n, 0);
char *res = REAL(strdup)(src); char *res = REAL(strdup)(src);
CopyPoison(res, src, n + 1, &stack); CopyPoison(res, src, n + 1, &stack);
return res; return res;
} }
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD
INTERCEPTOR(char *, __strdup, char *src) { INTERCEPTOR(char *, __strdup, char *src) {
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
GET_STORE_STACK_TRACE; GET_STORE_STACK_TRACE;
SIZE_T n = REAL(strlen)(src); SIZE_T n = REAL(strlen)(src);
CHECK_UNPOISONED_STRING(src + n, 0);
char *res = REAL(__strdup)(src); char *res = REAL(__strdup)(src);
CopyPoison(res, src, n + 1, &stack); CopyPoison(res, src, n + 1, &stack);
return res; return res;
} }
#define MSAN_MAYBE_INTERCEPT___STRDUP INTERCEPT_FUNCTION(__strdup) #define MSAN_MAYBE_INTERCEPT___STRDUP INTERCEPT_FUNCTION(__strdup)
#else #else
#define MSAN_MAYBE_INTERCEPT___STRDUP #define MSAN_MAYBE_INTERCEPT___STRDUP
#endif #endif
Show All 33 LinesINTERCEPTOR(char *, gcvt, double number, SIZE_T ndigit, char *buf) {
return res; return res;
} }
INTERCEPTOR(char *, strcat, char *dest, const char *src) { // NOLINT INTERCEPTOR(char *, strcat, char *dest, const char *src) { // NOLINT
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
GET_STORE_STACK_TRACE; GET_STORE_STACK_TRACE;
SIZE_T src_size = REAL(strlen)(src); SIZE_T src_size = REAL(strlen)(src);
SIZE_T dest_size = REAL(strlen)(dest); SIZE_T dest_size = REAL(strlen)(dest);
CHECK_UNPOISONED_STRING(src + src_size, 0);
CHECK_UNPOISONED_STRING(dest + dest_size, 0);
char *res = REAL(strcat)(dest, src); // NOLINT char *res = REAL(strcat)(dest, src); // NOLINT
CopyPoison(dest + dest_size, src, src_size + 1, &stack); CopyPoison(dest + dest_size, src, src_size + 1, &stack);
return res; return res;
} }
INTERCEPTOR(char *, strncat, char *dest, const char *src, SIZE_T n) { // NOLINT INTERCEPTOR(char *, strncat, char *dest, const char *src, SIZE_T n) { // NOLINT
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
GET_STORE_STACK_TRACE; GET_STORE_STACK_TRACE;
SIZE_T dest_size = REAL(strlen)(dest); SIZE_T dest_size = REAL(strlen)(dest);
SIZE_T copy_size = REAL(strnlen)(src, n); SIZE_T copy_size = REAL(strnlen)(src, n);
CHECK_UNPOISONED_STRING(dest + dest_size, 0);
char *res = REAL(strncat)(dest, src, n); // NOLINT char *res = REAL(strncat)(dest, src, n); // NOLINT
CopyPoison(dest + dest_size, src, copy_size, &stack); CopyPoison(dest + dest_size, src, copy_size, &stack);
__msan_unpoison(dest + dest_size + copy_size, 1); // \0 __msan_unpoison(dest + dest_size + copy_size, 1); // \0
return res; return res;
} }
// Hack: always pass nptr and endptr as part of __VA_ARGS_ to avoid having to // Hack: always pass nptr and endptr as part of __VA_ARGS_ to avoid having to
// deal with empty __VA_ARGS__ in the case of INTERCEPTOR_STRTO. // deal with empty __VA_ARGS__ in the case of INTERCEPTOR_STRTO.
▲ Show 20 LinesShow All 259 Lines▼ Show 20 Lines for (; *envp; ++envp) {
__msan_unpoison(*envp, REAL(strlen)(*envp) + 1); __msan_unpoison(*envp, REAL(strlen)(*envp) + 1);
} }
// Trailing NULL pointer. // Trailing NULL pointer.
__msan_unpoison(envp, sizeof(*envp)); __msan_unpoison(envp, sizeof(*envp));
} }
INTERCEPTOR(int, setenv, const char *name, const char *value, int overwrite) { INTERCEPTOR(int, setenv, const char *name, const char *value, int overwrite) {
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
CHECK_UNPOISONED_STRING(name, 0)
int res = REAL(setenv)(name, value, overwrite); int res = REAL(setenv)(name, value, overwrite);
if (!res) UnpoisonEnviron(); if (!res) UnpoisonEnviron();
return res; return res;
} }
INTERCEPTOR(int, putenv, char *string) { INTERCEPTOR(int, putenv, char *string) {
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
int res = REAL(putenv)(string); int res = REAL(putenv)(string);
▲ Show 20 LinesShow All 1,014 LinesShow Last 20 Lines

lib/sanitizer_common/sanitizer_common_interceptors.inc

Show First 20 LinesShow All 93 Lines▼ Show 20 Lines
#define COMMON_INTERCEPTOR_ENTER_NOIGNORE(ctx, ...) \ #define COMMON_INTERCEPTOR_ENTER_NOIGNORE(ctx, ...) \
COMMON_INTERCEPTOR_ENTER(ctx, __VA_ARGS__) COMMON_INTERCEPTOR_ENTER(ctx, __VA_ARGS__)
#endif #endif
#ifndef COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED #ifndef COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED
#define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED (0) #define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED (0)
#endif #endif
#define COMMON_INTERCEPTOR_READ_STRING(ctx, s, n) \
COMMON_INTERCEPTOR_READ_RANGE(ctx, s, \
common_flags()->strict_string_checks ? internal_strlen(s) + 1 : n )
struct FileMetadata { struct FileMetadata {
// For open_memstream(). // For open_memstream().
char **addr; char **addr;
SIZE_T *size; SIZE_T *size;
}; };
struct CommonInterceptorMetadata { struct CommonInterceptorMetadata {
enum { enum {
Show All 37 LinesUNUSED static void DeleteInterceptorMetadata(void *addr) {
CHECK(h.exists()); CHECK(h.exists());
} }
#endif // SI_NOT_WINDOWS #endif // SI_NOT_WINDOWS
#if SANITIZER_INTERCEPT_TEXTDOMAIN #if SANITIZER_INTERCEPT_TEXTDOMAIN
INTERCEPTOR(char*, textdomain, const char *domainname) { INTERCEPTOR(char*, textdomain, const char *domainname) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, textdomain, domainname); COMMON_INTERCEPTOR_ENTER(ctx, textdomain, domainname);
COMMON_INTERCEPTOR_READ_STRING(ctx, domainname, 0);
char* domain = REAL(textdomain)(domainname); char *domain = REAL(textdomain)(domainname);
if (domain) { if (domain) {
COMMON_INTERCEPTOR_INITIALIZE_RANGE(domain, REAL(strlen)(domain) + 1); COMMON_INTERCEPTOR_INITIALIZE_RANGE(domain, REAL(strlen)(domain) + 1);
} }
return domain; return domain;
} }
#define INIT_TEXTDOMAIN COMMON_INTERCEPT_FUNCTION(textdomain) #define INIT_TEXTDOMAIN COMMON_INTERCEPT_FUNCTION(textdomain)
#else #else
#define INIT_TEXTDOMAIN #define INIT_TEXTDOMAIN
Show All 9 LinesINTERCEPTOR(int, strcmp, const char *s1, const char *s2) {
COMMON_INTERCEPTOR_ENTER(ctx, strcmp, s1, s2); COMMON_INTERCEPTOR_ENTER(ctx, strcmp, s1, s2);
unsigned char c1, c2; unsigned char c1, c2;
uptr i; uptr i;
for (i = 0;; i++) { for (i = 0;; i++) {
c1 = (unsigned char)s1[i]; c1 = (unsigned char)s1[i];
c2 = (unsigned char)s2[i]; c2 = (unsigned char)s2[i];
if (c1 != c2 || c1 == '\0') break; if (c1 != c2 || c1 == '\0') break;
} }
COMMON_INTERCEPTOR_READ_RANGE(ctx, s1, i + 1); COMMON_INTERCEPTOR_READ_STRING(ctx, s1, i + 1);
COMMON_INTERCEPTOR_READ_RANGE(ctx, s2, i + 1); COMMON_INTERCEPTOR_READ_STRING(ctx, s2, i + 1);
return CharCmpX(c1, c2); return CharCmpX(c1, c2);
} }
INTERCEPTOR(int, strncmp, const char *s1, const char *s2, uptr size) { INTERCEPTOR(int, strncmp, const char *s1, const char *s2, uptr size) {
if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED) if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
return internal_strncmp(s1, s2, size); return internal_strncmp(s1, s2, size);
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strncmp, s1, s2, size); COMMON_INTERCEPTOR_ENTER(ctx, strncmp, s1, s2, size);
Show All 28 LinesINTERCEPTOR(int, strcasecmp, const char *s1, const char *s2) {
COMMON_INTERCEPTOR_ENTER(ctx, strcasecmp, s1, s2); COMMON_INTERCEPTOR_ENTER(ctx, strcasecmp, s1, s2);
unsigned char c1 = 0, c2 = 0; unsigned char c1 = 0, c2 = 0;
uptr i; uptr i;
for (i = 0;; i++) { for (i = 0;; i++) {
c1 = (unsigned char)s1[i]; c1 = (unsigned char)s1[i];
c2 = (unsigned char)s2[i]; c2 = (unsigned char)s2[i];
if (CharCaseCmp(c1, c2) != 0 || c1 == '\0') break; if (CharCaseCmp(c1, c2) != 0 || c1 == '\0') break;
} }
COMMON_INTERCEPTOR_READ_RANGE(ctx, s1, i + 1); COMMON_INTERCEPTOR_READ_STRING(ctx, s1, i + 1);
COMMON_INTERCEPTOR_READ_RANGE(ctx, s2, i + 1); COMMON_INTERCEPTOR_READ_STRING(ctx, s2, i + 1);
return CharCaseCmp(c1, c2); return CharCaseCmp(c1, c2);
} }
INTERCEPTOR(int, strncasecmp, const char *s1, const char *s2, SIZE_T n) { INTERCEPTOR(int, strncasecmp, const char *s1, const char *s2, SIZE_T n) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strncasecmp, s1, s2, n); COMMON_INTERCEPTOR_ENTER(ctx, strncasecmp, s1, s2, n);
unsigned char c1 = 0, c2 = 0; unsigned char c1 = 0, c2 = 0;
uptr i; uptr i;
Show All 9 Lines
#define INIT_STRCASECMP COMMON_INTERCEPT_FUNCTION(strcasecmp) #define INIT_STRCASECMP COMMON_INTERCEPT_FUNCTION(strcasecmp)
#define INIT_STRNCASECMP COMMON_INTERCEPT_FUNCTION(strncasecmp) #define INIT_STRNCASECMP COMMON_INTERCEPT_FUNCTION(strncasecmp)
#else #else
#define INIT_STRCASECMP #define INIT_STRCASECMP
#define INIT_STRNCASECMP #define INIT_STRNCASECMP
#endif #endif
#if SANITIZER_INTERCEPT_STRSTR
gliderUnsubmitted
Not Done
ReplyInline Actions

If haystack is shorter than the needle, there's no point in reading the whole contents of needle.
The generic glibc implementation of strstr() indeed makes this optimization (not sure about the SSE-based ones).

glider: If haystack is shorter than the needle, there's no point in reading the whole contents of…
static inline void StrstrCheck(void *ctx, char *r, const char *s1,
const char *s2 ) {
uptr len1 = REAL(strlen)(s1) + 1;
uptr len2 = REAL(strlen)(s2) + 1;
COMMON_INTERCEPTOR_READ_STRING(ctx, s1, r ? r - s1 + len2 : len1);
COMMON_INTERCEPTOR_READ_STRING(ctx, s2, r ? len2 :
(len2 <= len1 ? len2 - 1 : len1));
}
INTERCEPTOR(char*, strstr, const char *s1, const char *s2) {
if COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED
return internal_strstr(s1, s2);
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strstr, s1, s2);
char *r = REAL(strstr)(s1, s2);
if (common_flags()->intercept_strstr) {
StrstrCheck(ctx, r, s1, s2);
}
return r;
}
#define INIT_STRSTR COMMON_INTERCEPT_FUNCTION(strstr);
INTERCEPTOR(char*, strcasestr, const char *s1, const char *s2) {
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strcasestr, s1, s2);
char *r = REAL(strcasestr)(s1, s2);
if (common_flags()->intercept_strstr) {
StrstrCheck(ctx, r, s1, s2);
}
return r;
}
#define INIT_STRCASESTR COMMON_INTERCEPT_FUNCTION(strcasestr);
#else
#define INIT_STRSTR
#define INIT_STRCASESTR
#endif
gliderUnsubmitted
Not Done
ReplyInline Actions

Only in the case when s1 is not an empty string, otherwise there's no point in reading s2.

glider: Only in the case when s1 is not an empty string, otherwise there's no point in reading s2.
#if SANITIZER_INTERCEPT_STRCSPN
INTERCEPTOR(SIZE_T, strcspn, const char *s1, const char *s2) {
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strcspn, s1, s2);
SIZE_T r = REAL(strcspn)(s1, s2);
if (common_flags()->intercept_strcspn) {
COMMON_INTERCEPTOR_READ_STRING(ctx, s2,
s1 && *s1 ? internal_strchr(s2, s1[r]) - s2 + 1 : 0);
COMMON_INTERCEPTOR_READ_STRING(ctx, s1, r + 1);
gliderUnsubmitted
Not Done
ReplyInline Actions

I never realized all these functions crash if we pass NULL as one of the arguments.
Fortunately we don't need to handle that.

glider: I never realized all these functions crash if we pass NULL as one of the arguments. Fortunately…
}
return r;
}
#define INIT_STRCSPN COMMON_INTERCEPT_FUNCTION(strcspn);
INTERCEPTOR(char *, strpbrk, const char *s1, const char *s2) {
void *ctx;
gliderUnsubmitted
Not Done
ReplyInline Actions

This is a bit pessimistic. For the following call:

strpbrk("foobar", "fb")

only the first byte of |s2| will be read.

glider: This is a bit pessimistic. For the following call: strpbrk("foobar", "fb") only the first…
COMMON_INTERCEPTOR_ENTER(ctx, strpbrk, s1, s2);
char *r = REAL(strpbrk)(s1, s2);
if (common_flags()->intercept_strpbrk) {
COMMON_INTERCEPTOR_READ_STRING(ctx, s2,
r ? internal_strchr(s2, *r) - s2 + 1 :
*s1 ? REAL(strlen)(s2) + 1 : 0);
COMMON_INTERCEPTOR_READ_STRING(ctx, s1,
r ? r - s1 + 1 : REAL(strlen)(s1) + 1);
gliderUnsubmitted
Not Done
ReplyInline Actions

Please put a space before the colon.

glider: Please put a space before the colon.
}
return r;
}
#define INIT_STRPBRK COMMON_INTERCEPT_FUNCTION(strpbrk);
#else
#define INIT_STRCSPN
#define INIT_STRPBRK
#endif
#if SANITIZER_INTERCEPT_MEMCHR #if SANITIZER_INTERCEPT_MEMCHR
INTERCEPTOR(void*, memchr, const void *s, int c, SIZE_T n) { INTERCEPTOR(void*, memchr, const void *s, int c, SIZE_T n) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, memchr, s, c, n); COMMON_INTERCEPTOR_ENTER(ctx, memchr, s, c, n);
void *res = REAL(memchr)(s, c, n); void *res = REAL(memchr)(s, c, n);
uptr len = res ? (char *)res - (const char *)s + 1 : n; uptr len = res ? (char *)res - (const char *)s + 1 : n;
COMMON_INTERCEPTOR_READ_RANGE(ctx, s, len); COMMON_INTERCEPTOR_READ_RANGE(ctx, s, len);
return res; return res;
▲ Show 20 LinesShow All 453 Lines▼ Show 20 LinesINTERCEPTOR(char *, strptime, char *s, char *format, __sanitizer_tm *tm) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strptime, s, format, tm); COMMON_INTERCEPTOR_ENTER(ctx, strptime, s, format, tm);
if (format) if (format)
COMMON_INTERCEPTOR_READ_RANGE(ctx, format, REAL(strlen)(format) + 1); COMMON_INTERCEPTOR_READ_RANGE(ctx, format, REAL(strlen)(format) + 1);
// FIXME: under ASan the call below may write to freed memory and corrupt // FIXME: under ASan the call below may write to freed memory and corrupt
// its metadata. See // its metadata. See
// https://code.google.com/p/address-sanitizer/issues/detail?id=321. // https://code.google.com/p/address-sanitizer/issues/detail?id=321.
char *res = REAL(strptime)(s, format, tm); char *res = REAL(strptime)(s, format, tm);
if (res) { COMMON_INTERCEPTOR_READ_STRING(ctx, s, res ? res - s : 0);
COMMON_INTERCEPTOR_READ_RANGE(ctx, s, res - s); COMMON_INTERCEPTOR_READ_STRING(ctx, format, 0);
if (res && tm) {
// Do not call unpoison_tm here, because strptime does not, in fact, // Do not call unpoison_tm here, because strptime does not, in fact,
// initialize the entire struct tm. For example, tm_zone pointer is left // initialize the entire struct tm. For example, tm_zone pointer is left
// uninitialized. // uninitialized.
if (tm) COMMON_INTERCEPTOR_WRITE_RANGE(ctx, tm, sizeof(*tm)); COMMON_INTERCEPTOR_WRITE_RANGE(ctx, tm, sizeof(*tm));
} }
return res; return res;
} }
#define INIT_STRPTIME COMMON_INTERCEPT_FUNCTION(strptime); #define INIT_STRPTIME COMMON_INTERCEPT_FUNCTION(strptime);
#else #else
#define INIT_STRPTIME #define INIT_STRPTIME
#endif #endif
▲ Show 20 LinesShow All 750 Lines▼ Show 20 Linesstatic int wrapped_gl_stat(const char *s, void *st) {
return pglob_copy->gl_stat(s, st); return pglob_copy->gl_stat(s, st);
} }
INTERCEPTOR(int, glob, const char *pattern, int flags, INTERCEPTOR(int, glob, const char *pattern, int flags,
int (*errfunc)(const char *epath, int eerrno), int (*errfunc)(const char *epath, int eerrno),
__sanitizer_glob_t *pglob) { __sanitizer_glob_t *pglob) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, glob, pattern, flags, errfunc, pglob); COMMON_INTERCEPTOR_ENTER(ctx, glob, pattern, flags, errfunc, pglob);
COMMON_INTERCEPTOR_READ_STRING(ctx, pattern, 0);
__sanitizer_glob_t glob_copy = { __sanitizer_glob_t glob_copy = {
0, 0, 0, 0, 0, 0,
0, wrapped_gl_closedir, wrapped_gl_readdir, 0, wrapped_gl_closedir, wrapped_gl_readdir,
wrapped_gl_opendir, wrapped_gl_lstat, wrapped_gl_stat}; wrapped_gl_opendir, wrapped_gl_lstat, wrapped_gl_stat};
if (flags & glob_altdirfunc) { if (flags & glob_altdirfunc) {
Swap(pglob->gl_closedir, glob_copy.gl_closedir); Swap(pglob->gl_closedir, glob_copy.gl_closedir);
Swap(pglob->gl_readdir, glob_copy.gl_readdir); Swap(pglob->gl_readdir, glob_copy.gl_readdir);
Swap(pglob->gl_opendir, glob_copy.gl_opendir); Swap(pglob->gl_opendir, glob_copy.gl_opendir);
Show All 14 LinesINTERCEPTOR(int, glob, const char *pattern, int flags,
return res; return res;
} }
INTERCEPTOR(int, glob64, const char *pattern, int flags, INTERCEPTOR(int, glob64, const char *pattern, int flags,
int (*errfunc)(const char *epath, int eerrno), int (*errfunc)(const char *epath, int eerrno),
__sanitizer_glob_t *pglob) { __sanitizer_glob_t *pglob) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, glob64, pattern, flags, errfunc, pglob); COMMON_INTERCEPTOR_ENTER(ctx, glob64, pattern, flags, errfunc, pglob);
COMMON_INTERCEPTOR_READ_STRING(ctx, pattern, 0);
__sanitizer_glob_t glob_copy = { __sanitizer_glob_t glob_copy = {
0, 0, 0, 0, 0, 0,
0, wrapped_gl_closedir, wrapped_gl_readdir, 0, wrapped_gl_closedir, wrapped_gl_readdir,
wrapped_gl_opendir, wrapped_gl_lstat, wrapped_gl_stat}; wrapped_gl_opendir, wrapped_gl_lstat, wrapped_gl_stat};
if (flags & glob_altdirfunc) { if (flags & glob_altdirfunc) {
Swap(pglob->gl_closedir, glob_copy.gl_closedir); Swap(pglob->gl_closedir, glob_copy.gl_closedir);
Swap(pglob->gl_readdir, glob_copy.gl_readdir); Swap(pglob->gl_readdir, glob_copy.gl_readdir);
Swap(pglob->gl_opendir, glob_copy.gl_opendir); Swap(pglob->gl_opendir, glob_copy.gl_opendir);
▲ Show 20 LinesShow All 130 Lines▼ Show 20 LinesINTERCEPTOR(char *, inet_ntop, int af, const void *src, char *dst, u32 size) {
// https://code.google.com/p/address-sanitizer/issues/detail?id=321. // https://code.google.com/p/address-sanitizer/issues/detail?id=321.
char *res = REAL(inet_ntop)(af, src, dst, size); char *res = REAL(inet_ntop)(af, src, dst, size);
if (res) COMMON_INTERCEPTOR_WRITE_RANGE(ctx, res, REAL(strlen)(res) + 1); if (res) COMMON_INTERCEPTOR_WRITE_RANGE(ctx, res, REAL(strlen)(res) + 1);
return res; return res;
} }
INTERCEPTOR(int, inet_pton, int af, const char *src, void *dst) { INTERCEPTOR(int, inet_pton, int af, const char *src, void *dst) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, inet_pton, af, src, dst); COMMON_INTERCEPTOR_ENTER(ctx, inet_pton, af, src, dst);
COMMON_INTERCEPTOR_READ_STRING(ctx, src, 0);
// FIXME: figure out read size based on the address family. // FIXME: figure out read size based on the address family.
// FIXME: under ASan the call below may write to freed memory and corrupt // FIXME: under ASan the call below may write to freed memory and corrupt
// its metadata. See // its metadata. See
// https://code.google.com/p/address-sanitizer/issues/detail?id=321. // https://code.google.com/p/address-sanitizer/issues/detail?id=321.
int res = REAL(inet_pton)(af, src, dst); int res = REAL(inet_pton)(af, src, dst);
if (res == 1) { if (res == 1) {
uptr sz = __sanitizer_in_addr_sz(af); uptr sz = __sanitizer_in_addr_sz(af);
if (sz) COMMON_INTERCEPTOR_WRITE_RANGE(ctx, dst, sz); if (sz) COMMON_INTERCEPTOR_WRITE_RANGE(ctx, dst, sz);
▲ Show 20 LinesShow All 654 Lines▼ Show 20 Lines
} }
#define INIT_GET_CURRENT_DIR_NAME \ #define INIT_GET_CURRENT_DIR_NAME \
COMMON_INTERCEPT_FUNCTION(get_current_dir_name); COMMON_INTERCEPT_FUNCTION(get_current_dir_name);
#else #else
#define INIT_GET_CURRENT_DIR_NAME #define INIT_GET_CURRENT_DIR_NAME
#endif #endif
UNUSED static inline bool IsValidStrtolBase(int base) {
gliderUnsubmitted
Not Done
ReplyInline Actions

I suggest putting the UNUSED function under the #ifdef below and remove the UNUSED attribute.

glider: I suggest putting the UNUSED function under the #ifdef below and remove the UNUSED attribute.
m.gusevaAuthorUnsubmitted
Not Done
ReplyInline Actions

These functions were moved from asan_interceptors.cc source where they are used in strtol-related interceptors. Some of them(strtol\atoi\atol) are not under any if directive. Is there any better place where to put this helpers to be shared by asan and common interceptors?

m.guseva: These functions were moved from asan_interceptors.cc source where they are used in strtol…
gliderUnsubmitted
Not Done
ReplyInline Actions

Oh, sorry, I've missed that.
It's fine to keep these functions as is (I still think IsValidStrtolBase is unnecessary and can be removed)

glider: Oh, sorry, I've missed that. It's fine to keep these functions as is (I still think…
return (base == 0) || (2 <= base && base <= 36);
}
UNUSED static inline void FixRealStrtolEndptr(const char *nptr, char **endptr) {
CHECK(endptr);
if (nptr == *endptr) {
// No digits were found at strtol call, we need to find out the last
// symbol accessed by strtoll on our own.
// We get this symbol by skipping leading blanks and optional +/- sign.
while (IsSpace(*nptr)) nptr++;
if (*nptr == '+' || *nptr == '-') nptr++;
*endptr = const_cast<char *>(nptr);
}
CHECK(*endptr >= nptr);
}
UNUSED static inline void StrtolFixAndCheck(void *ctx, const char *nptr,
char **endptr, char *real_endptr, int base) {
if (endptr != 0) {
*endptr = real_endptr;
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, endptr, sizeof(*endptr));
}
// If base has unsupported value, strtol can exit with EINVAL
// without reading any characters. So do additional checks only
// if base is valid.
bool is_valid_base = (base == 0) || (2 <= base && base <= 36);
gliderUnsubmitted
Not Done
ReplyInline Actions

You don't need IsValidStrtolBase anymore:

bool is_valid_base = (base == 0) || (2 <= base && base <= 36);
if (is_valid_base) {
  ...
}
COMMON_INTERCEPTOR_READ_STRING(ctx, nptr, is_valid_base ? ...)
glider: You don't need IsValidStrtolBase anymore: ``` bool is_valid_base = (base == 0) || (2 <= base…
if (is_valid_base) {
FixRealStrtolEndptr(nptr, &real_endptr);
}
COMMON_INTERCEPTOR_READ_STRING(ctx, nptr, is_valid_base ?
(real_endptr - nptr) + 1 : 0);
}
#if SANITIZER_INTERCEPT_STRTOIMAX #if SANITIZER_INTERCEPT_STRTOIMAX
INTERCEPTOR(INTMAX_T, strtoimax, const char *nptr, char **endptr, int base) { INTERCEPTOR(INTMAX_T, strtoimax, const char *nptr, char **endptr, int base) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strtoimax, nptr, endptr, base); COMMON_INTERCEPTOR_ENTER(ctx, strtoimax, nptr, endptr, base);
// FIXME: under ASan the call below may write to freed memory and corrupt // FIXME: under ASan the call below may write to freed memory and corrupt
// its metadata. See // its metadata. See
// https://code.google.com/p/address-sanitizer/issues/detail?id=321. // https://code.google.com/p/address-sanitizer/issues/detail?id=321.
INTMAX_T res = REAL(strtoimax)(nptr, endptr, base); char *real_endptr;
if (endptr) COMMON_INTERCEPTOR_WRITE_RANGE(ctx, endptr, sizeof(*endptr)); INTMAX_T res = REAL(strtoimax)(nptr, &real_endptr, base);
StrtolFixAndCheck(ctx, nptr, endptr, real_endptr, base);
return res; return res;
} }
INTERCEPTOR(INTMAX_T, strtoumax, const char *nptr, char **endptr, int base) { INTERCEPTOR(INTMAX_T, strtoumax, const char *nptr, char **endptr, int base) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strtoumax, nptr, endptr, base); COMMON_INTERCEPTOR_ENTER(ctx, strtoumax, nptr, endptr, base);
// FIXME: under ASan the call below may write to freed memory and corrupt // FIXME: under ASan the call below may write to freed memory and corrupt
// its metadata. See // its metadata. See
// https://code.google.com/p/address-sanitizer/issues/detail?id=321. // https://code.google.com/p/address-sanitizer/issues/detail?id=321.
INTMAX_T res = REAL(strtoumax)(nptr, endptr, base); char *real_endptr;
if (endptr) COMMON_INTERCEPTOR_WRITE_RANGE(ctx, endptr, sizeof(*endptr)); INTMAX_T res = REAL(strtoumax)(nptr, &real_endptr, base);
StrtolFixAndCheck(ctx, nptr, endptr, real_endptr, base);
return res; return res;
} }
#define INIT_STRTOIMAX \ #define INIT_STRTOIMAX \
COMMON_INTERCEPT_FUNCTION(strtoimax); \ COMMON_INTERCEPT_FUNCTION(strtoimax); \
COMMON_INTERCEPT_FUNCTION(strtoumax); COMMON_INTERCEPT_FUNCTION(strtoumax);
#else #else
#define INIT_STRTOIMAX #define INIT_STRTOIMAX
▲ Show 20 LinesShow All 1,234 Lines▼ Show 20 Lines
#else #else
#define INIT_TEMPNAM #define INIT_TEMPNAM
#endif #endif
#if SANITIZER_INTERCEPT_PTHREAD_SETNAME_NP #if SANITIZER_INTERCEPT_PTHREAD_SETNAME_NP
INTERCEPTOR(int, pthread_setname_np, uptr thread, const char *name) { INTERCEPTOR(int, pthread_setname_np, uptr thread, const char *name) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, pthread_setname_np, thread, name); COMMON_INTERCEPTOR_ENTER(ctx, pthread_setname_np, thread, name);
COMMON_INTERCEPTOR_READ_STRING(ctx, name, 0);
COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name); COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name);
return REAL(pthread_setname_np)(thread, name); return REAL(pthread_setname_np)(thread, name);
} }
#define INIT_PTHREAD_SETNAME_NP COMMON_INTERCEPT_FUNCTION(pthread_setname_np); #define INIT_PTHREAD_SETNAME_NP COMMON_INTERCEPT_FUNCTION(pthread_setname_np);
#else #else
#define INIT_PTHREAD_SETNAME_NP #define INIT_PTHREAD_SETNAME_NP
#endif #endif
▲ Show 20 LinesShow All 1,041 Lines▼ Show 20 Lines
#else #else
#define INIT_FCLOSE #define INIT_FCLOSE
#endif #endif
#if SANITIZER_INTERCEPT_DLOPEN_DLCLOSE #if SANITIZER_INTERCEPT_DLOPEN_DLCLOSE
INTERCEPTOR(void*, dlopen, const char *filename, int flag) { INTERCEPTOR(void*, dlopen, const char *filename, int flag) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER_NOIGNORE(ctx, dlopen, filename, flag); COMMON_INTERCEPTOR_ENTER_NOIGNORE(ctx, dlopen, filename, flag);
if (filename) COMMON_INTERCEPTOR_READ_STRING(ctx, filename, 0);
gliderUnsubmitted
Not Done
ReplyInline Actions

Chrome's net_unittests crash for me with the following stacktrace:

Program received signal SIGSEGV, Segmentation fault.
__sanitizer::internal_strlen (s=s@entry=0x0)
    at /usr/local/google/ssd/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_libc.cc:155
155	  while (s[i]) i++;
(gdb) bt
#0  __sanitizer::internal_strlen (s=s@entry=0x0)
    at /usr/local/google/ssd/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_libc.cc:155
#1  0x000000000059f080 in __interceptor_dlopen (filename=filename@entry=0x0, 
    flag=flag@entry=1)
    at /usr/local/google/ssd/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:4759
#2  0x00007ffff5167ec2 in pr_FindSymbolInProg (
    name=0x7ffff517f29f "nspr_use_zone_allocator") at prmem.c:98
#3  0x00007ffff5167fad in _PR_InitZones () at prmem.c:154
...

We'll need to add yet another dlopen() test once we figure out what's wrong.

glider: Chrome's net_unittests crash for me with the following stacktrace: ``` Program received signal…
ygribovUnsubmitted
Not Done
ReplyInline Actions

Looks like COMMON_INTERCEPTOR_READ_STRING needs a check for NULL.

ygribov: Looks like COMMON_INTERCEPTOR_READ_STRING needs a check for NULL.
m.gusevaAuthorUnsubmitted
Not Done
ReplyInline Actions

Here is my bug. It needs check for NULL before COMMON_INTERCEPTOR_READ_STRING. Cause dlopen accepts null filename pointer as a normal argument and then there is nothing to check here. In other interceptors (e.g strsmthing) NULL pointer arg is an error case. So the program should fail with segfault. And it will in internal_strlen. I'll recheck other modified interceptors for such cases.

m.guseva: Here is my bug. It needs check for NULL **before** COMMON_INTERCEPTOR_READ_STRING. Cause dlopen…
void *res = REAL(dlopen)(filename, flag); void *res = REAL(dlopen)(filename, flag);
COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, res); COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, res);
return res; return res;
} }
INTERCEPTOR(int, dlclose, void *handle) { INTERCEPTOR(int, dlclose, void *handle) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER_NOIGNORE(ctx, dlclose, handle); COMMON_INTERCEPTOR_ENTER_NOIGNORE(ctx, dlclose, handle);
▲ Show 20 LinesShow All 97 Lines▼ Show 20 Linesstatic void InitializeCommonInterceptors() {
static u64 metadata_mem[sizeof(MetadataHashMap) / sizeof(u64) + 1]; static u64 metadata_mem[sizeof(MetadataHashMap) / sizeof(u64) + 1];
interceptor_metadata_map = new((void *)&metadata_mem) MetadataHashMap(); interceptor_metadata_map = new((void *)&metadata_mem) MetadataHashMap();
INIT_TEXTDOMAIN; INIT_TEXTDOMAIN;
INIT_STRCMP; INIT_STRCMP;
INIT_STRNCMP; INIT_STRNCMP;
INIT_STRCASECMP; INIT_STRCASECMP;
INIT_STRNCASECMP; INIT_STRNCASECMP;
INIT_STRSTR;
INIT_STRCASESTR;
INIT_STRCSPN;
INIT_STRPBRK;
INIT_MEMCHR; INIT_MEMCHR;
INIT_MEMRCHR; INIT_MEMRCHR;
INIT_READ; INIT_READ;
INIT_PREAD; INIT_PREAD;
INIT_PREAD64; INIT_PREAD64;
INIT_READV; INIT_READV;
INIT_PREADV; INIT_PREADV;
INIT_PREADV64; INIT_PREADV64;
▲ Show 20 LinesShow All 146 LinesShow Last 20 Lines

lib/sanitizer_common/sanitizer_flags.inc

Show First 20 LinesShow All 135 Lines▼ Show 20 Lines
COMMON_FLAG(bool, symbolize_inline_frames, true, COMMON_FLAG(bool, symbolize_inline_frames, true,
"Print inlined frames in stacktraces. Defaults to true.") "Print inlined frames in stacktraces. Defaults to true.")
COMMON_FLAG(const char *, stack_trace_format, "DEFAULT", COMMON_FLAG(const char *, stack_trace_format, "DEFAULT",
"Format string used to render stack frames. " "Format string used to render stack frames. "
"See sanitizer_stacktrace_printer.h for the format description. " "See sanitizer_stacktrace_printer.h for the format description. "
"Use DEFAULT to get default format.") "Use DEFAULT to get default format.")
COMMON_FLAG(bool, no_huge_pages_for_shadow, true, COMMON_FLAG(bool, no_huge_pages_for_shadow, true,
"If true, the shadow is not allowed to use huge pages. ") "If true, the shadow is not allowed to use huge pages. ")
COMMON_FLAG(bool, intercept_strstr, true,
"If set, uses custom wrappers for strstr and strcasestr functions "
"to find more errors.")
COMMON_FLAG(bool, intercept_strcspn, true,
"If set, uses custom wrappers for strcspn function "
"to find more errors.")
COMMON_FLAG(bool, intercept_strpbrk, true,
"If set, uses custom wrappers for strpbrk function "
"to find more errors.")
COMMON_FLAG(bool, strict_string_checks, true,
"If set check that string arguments are properly null-terminated")

lib/sanitizer_common/sanitizer_platform_interceptors.h

Show First 20 LinesShow All 48 Lines▼ Show 20 Lines
#if SANITIZER_IOS #if SANITIZER_IOS
# define SI_IOS 1 # define SI_IOS 1
#else #else
# define SI_IOS 0 # define SI_IOS 0
#endif #endif
#define SANITIZER_INTERCEPT_STRCMP 1 #define SANITIZER_INTERCEPT_STRCMP 1
#define SANITIZER_INTERCEPT_STRSTR 1
#define SANITIZER_INTERCEPT_STRCASESTR SI_NOT_WINDOWS
#define SANITIZER_INTERCEPT_STRCSPN 1
#define SANITIZER_INTERCEPT_STRPBRK 1
#define SANITIZER_INTERCEPT_TEXTDOMAIN SI_LINUX_NOT_ANDROID #define SANITIZER_INTERCEPT_TEXTDOMAIN SI_LINUX_NOT_ANDROID
#define SANITIZER_INTERCEPT_STRCASECMP SI_NOT_WINDOWS #define SANITIZER_INTERCEPT_STRCASECMP SI_NOT_WINDOWS
#define SANITIZER_INTERCEPT_MEMCHR 1 #define SANITIZER_INTERCEPT_MEMCHR 1
#define SANITIZER_INTERCEPT_MEMRCHR SI_LINUX #define SANITIZER_INTERCEPT_MEMRCHR SI_LINUX
#define SANITIZER_INTERCEPT_READ SI_NOT_WINDOWS #define SANITIZER_INTERCEPT_READ SI_NOT_WINDOWS
#define SANITIZER_INTERCEPT_PREAD SI_NOT_WINDOWS #define SANITIZER_INTERCEPT_PREAD SI_NOT_WINDOWS
#define SANITIZER_INTERCEPT_WRITE SI_NOT_WINDOWS #define SANITIZER_INTERCEPT_WRITE SI_NOT_WINDOWS
▲ Show 20 LinesShow All 180 LinesShow Last 20 Lines

lib/tsan/rtl/tsan_interceptors.cc

Show First 20 LinesShow All 234 Lines▼ Show 20 Lines
#define TSAN_INTERCEPTOR(ret, func, ...) INTERCEPTOR(ret, func, __VA_ARGS__) #define TSAN_INTERCEPTOR(ret, func, ...) INTERCEPTOR(ret, func, __VA_ARGS__)
#define TSAN_INTERCEPT(func) INTERCEPT_FUNCTION(func) #define TSAN_INTERCEPT(func) INTERCEPT_FUNCTION(func)
#if SANITIZER_FREEBSD #if SANITIZER_FREEBSD
# define TSAN_INTERCEPT_VER(func, ver) INTERCEPT_FUNCTION(func) # define TSAN_INTERCEPT_VER(func, ver) INTERCEPT_FUNCTION(func)
#else #else
# define TSAN_INTERCEPT_VER(func, ver) INTERCEPT_FUNCTION_VER(func, ver) # define TSAN_INTERCEPT_VER(func, ver) INTERCEPT_FUNCTION_VER(func, ver)
#endif #endif
#define TSAN_READ_STRING(thr, pc, s, n) \
MemoryAccessRange(thr, pc, (uptr)s, \
common_flags()->strict_string_checks ? internal_strlen(s) + 1 : n, false)
gliderUnsubmitted
Not Done
ReplyInline Actions

nit: spare whitespace before ')'

glider: nit: spare whitespace before ')'
#define BLOCK_REAL(name) (BlockingCall(thr), REAL(name)) #define BLOCK_REAL(name) (BlockingCall(thr), REAL(name))
struct BlockingCall { struct BlockingCall {
explicit BlockingCall(ThreadState *thr) explicit BlockingCall(ThreadState *thr)
: thr(thr) : thr(thr)
, ctx(SigCtx(thr)) { , ctx(SigCtx(thr)) {
for (;;) { for (;;) {
atomic_store(&ctx->in_blocking_func, 1, memory_order_relaxed); atomic_store(&ctx->in_blocking_func, 1, memory_order_relaxed);
▲ Show 20 LinesShow All 410 Lines▼ Show 20 LinesTSAN_INTERCEPTOR(void*, memmove, void *dst, void *src, uptr n) {
MemoryAccessRange(thr, pc, (uptr)src, n, false); MemoryAccessRange(thr, pc, (uptr)src, n, false);
return REAL(memmove)(dst, src, n); return REAL(memmove)(dst, src, n);
} }
TSAN_INTERCEPTOR(char*, strchr, char *s, int c) { TSAN_INTERCEPTOR(char*, strchr, char *s, int c) {
SCOPED_TSAN_INTERCEPTOR(strchr, s, c); SCOPED_TSAN_INTERCEPTOR(strchr, s, c);
char *res = REAL(strchr)(s, c); char *res = REAL(strchr)(s, c);
uptr len = res ? (char*)res - (char*)s + 1 : internal_strlen(s) + 1; uptr len = res ? (char*)res - (char*)s + 1 : internal_strlen(s) + 1;
MemoryAccessRange(thr, pc, (uptr)s, len, false); TSAN_READ_STRING(thr, pc, s, len);
return res; return res;
} }
TSAN_INTERCEPTOR(char*, strchrnul, char *s, int c) { TSAN_INTERCEPTOR(char*, strchrnul, char *s, int c) {
SCOPED_TSAN_INTERCEPTOR(strchrnul, s, c); SCOPED_TSAN_INTERCEPTOR(strchrnul, s, c);
char *res = REAL(strchrnul)(s, c); char *res = REAL(strchrnul)(s, c);
uptr len = (char*)res - (char*)s + 1; uptr len = (char*)res - (char*)s + 1;
MemoryAccessRange(thr, pc, (uptr)s, len, false); TSAN_READ_STRING(thr, pc, s, len);
return res; return res;
} }
TSAN_INTERCEPTOR(char*, strrchr, char *s, int c) { TSAN_INTERCEPTOR(char*, strrchr, char *s, int c) {
SCOPED_TSAN_INTERCEPTOR(strrchr, s, c); SCOPED_TSAN_INTERCEPTOR(strrchr, s, c);
MemoryAccessRange(thr, pc, (uptr)s, internal_strlen(s) + 1, false); MemoryAccessRange(thr, pc, (uptr)s, internal_strlen(s) + 1, false);
return REAL(strrchr)(s, c); return REAL(strrchr)(s, c);
} }
Show All 9 Lines
TSAN_INTERCEPTOR(char*, strncpy, char *dst, char *src, uptr n) { TSAN_INTERCEPTOR(char*, strncpy, char *dst, char *src, uptr n) {
SCOPED_TSAN_INTERCEPTOR(strncpy, dst, src, n); SCOPED_TSAN_INTERCEPTOR(strncpy, dst, src, n);
uptr srclen = internal_strnlen(src, n); uptr srclen = internal_strnlen(src, n);
MemoryAccessRange(thr, pc, (uptr)dst, n, true); MemoryAccessRange(thr, pc, (uptr)dst, n, true);
MemoryAccessRange(thr, pc, (uptr)src, min(srclen + 1, n), false); MemoryAccessRange(thr, pc, (uptr)src, min(srclen + 1, n), false);
return REAL(strncpy)(dst, src, n); return REAL(strncpy)(dst, src, n);
} }
TSAN_INTERCEPTOR(const char*, strstr, const char *s1, const char *s2) {
SCOPED_TSAN_INTERCEPTOR(strstr, s1, s2);
const char *res = REAL(strstr)(s1, s2);
uptr len1 = internal_strlen(s1);
uptr len2 = internal_strlen(s2);
MemoryAccessRange(thr, pc, (uptr)s1, len1 + 1, false);
MemoryAccessRange(thr, pc, (uptr)s2, len2 + 1, false);
return res;
}
TSAN_INTERCEPTOR(char*, strdup, const char *str) { TSAN_INTERCEPTOR(char*, strdup, const char *str) {
SCOPED_TSAN_INTERCEPTOR(strdup, str); SCOPED_TSAN_INTERCEPTOR(strdup, str);
// strdup will call malloc, so no instrumentation is required here. // strdup will call malloc, so no instrumentation is required here.
return REAL(strdup)(str); return REAL(strdup)(str);
} }
static bool fix_mmap_addr(void **addr, long_t sz, int flags) { static bool fix_mmap_addr(void **addr, long_t sz, int flags) {
if (*addr) { if (*addr) {
▲ Show 20 LinesShow All 625 Lines▼ Show 20 Lines if (res == 0) {
Acquire(thr, pc, (uptr)s); Acquire(thr, pc, (uptr)s);
} }
return res; return res;
} }
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD
TSAN_INTERCEPTOR(int, __xstat, int version, const char *path, void *buf) { TSAN_INTERCEPTOR(int, __xstat, int version, const char *path, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__xstat, version, path, buf); SCOPED_TSAN_INTERCEPTOR(__xstat, version, path, buf);
TSAN_READ_STRING(thr, pc, path, 0);
return REAL(__xstat)(version, path, buf); return REAL(__xstat)(version, path, buf);
} }
#define TSAN_MAYBE_INTERCEPT___XSTAT TSAN_INTERCEPT(__xstat) #define TSAN_MAYBE_INTERCEPT___XSTAT TSAN_INTERCEPT(__xstat)
#else #else
#define TSAN_MAYBE_INTERCEPT___XSTAT #define TSAN_MAYBE_INTERCEPT___XSTAT
#endif #endif
TSAN_INTERCEPTOR(int, stat, const char *path, void *buf) { TSAN_INTERCEPTOR(int, stat, const char *path, void *buf) {
#if SANITIZER_FREEBSD #if SANITIZER_FREEBSD
SCOPED_TSAN_INTERCEPTOR(stat, path, buf); SCOPED_TSAN_INTERCEPTOR(stat, path, buf);
TSAN_READ_STRING(thr, pc, path, 0);
return REAL(stat)(path, buf); return REAL(stat)(path, buf);
#else #else
SCOPED_TSAN_INTERCEPTOR(__xstat, 0, path, buf); SCOPED_TSAN_INTERCEPTOR(__xstat, 0, path, buf);
TSAN_READ_STRING(thr, pc, path, 0);
return REAL(__xstat)(0, path, buf); return REAL(__xstat)(0, path, buf);
#endif #endif
} }
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD
TSAN_INTERCEPTOR(int, __xstat64, int version, const char *path, void *buf) { TSAN_INTERCEPTOR(int, __xstat64, int version, const char *path, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__xstat64, version, path, buf); SCOPED_TSAN_INTERCEPTOR(__xstat64, version, path, buf);
TSAN_READ_STRING(thr, pc, path, 0);
return REAL(__xstat64)(version, path, buf); return REAL(__xstat64)(version, path, buf);
} }
#define TSAN_MAYBE_INTERCEPT___XSTAT64 TSAN_INTERCEPT(__xstat64) #define TSAN_MAYBE_INTERCEPT___XSTAT64 TSAN_INTERCEPT(__xstat64)
#else #else
#define TSAN_MAYBE_INTERCEPT___XSTAT64 #define TSAN_MAYBE_INTERCEPT___XSTAT64
#endif #endif
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD
TSAN_INTERCEPTOR(int, stat64, const char *path, void *buf) { TSAN_INTERCEPTOR(int, stat64, const char *path, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__xstat64, 0, path, buf); SCOPED_TSAN_INTERCEPTOR(__xstat64, 0, path, buf);
TSAN_READ_STRING(thr, pc, path, 0);
return REAL(__xstat64)(0, path, buf); return REAL(__xstat64)(0, path, buf);
} }
#define TSAN_MAYBE_INTERCEPT_STAT64 TSAN_INTERCEPT(stat64) #define TSAN_MAYBE_INTERCEPT_STAT64 TSAN_INTERCEPT(stat64)
#else #else
#define TSAN_MAYBE_INTERCEPT_STAT64 #define TSAN_MAYBE_INTERCEPT_STAT64
#endif #endif
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD
TSAN_INTERCEPTOR(int, __lxstat, int version, const char *path, void *buf) { TSAN_INTERCEPTOR(int, __lxstat, int version, const char *path, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__lxstat, version, path, buf); SCOPED_TSAN_INTERCEPTOR(__lxstat, version, path, buf);
TSAN_READ_STRING(thr, pc, path, 0);
return REAL(__lxstat)(version, path, buf); return REAL(__lxstat)(version, path, buf);
} }
#define TSAN_MAYBE_INTERCEPT___LXSTAT TSAN_INTERCEPT(__lxstat) #define TSAN_MAYBE_INTERCEPT___LXSTAT TSAN_INTERCEPT(__lxstat)
#else #else
#define TSAN_MAYBE_INTERCEPT___LXSTAT #define TSAN_MAYBE_INTERCEPT___LXSTAT
#endif #endif
TSAN_INTERCEPTOR(int, lstat, const char *path, void *buf) { TSAN_INTERCEPTOR(int, lstat, const char *path, void *buf) {
#if SANITIZER_FREEBSD #if SANITIZER_FREEBSD
SCOPED_TSAN_INTERCEPTOR(lstat, path, buf); SCOPED_TSAN_INTERCEPTOR(lstat, path, buf);
TSAN_READ_STRING(thr, pc, path, 0);
return REAL(lstat)(path, buf); return REAL(lstat)(path, buf);
#else #else
SCOPED_TSAN_INTERCEPTOR(__lxstat, 0, path, buf); SCOPED_TSAN_INTERCEPTOR(__lxstat, 0, path, buf);
TSAN_READ_STRING(thr, pc, path, 0);
return REAL(__lxstat)(0, path, buf); return REAL(__lxstat)(0, path, buf);
#endif #endif
} }
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD
TSAN_INTERCEPTOR(int, __lxstat64, int version, const char *path, void *buf) { TSAN_INTERCEPTOR(int, __lxstat64, int version, const char *path, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__lxstat64, version, path, buf); SCOPED_TSAN_INTERCEPTOR(__lxstat64, version, path, buf);
TSAN_READ_STRING(thr, pc, path, 0);
return REAL(__lxstat64)(version, path, buf); return REAL(__lxstat64)(version, path, buf);
} }
#define TSAN_MAYBE_INTERCEPT___LXSTAT64 TSAN_INTERCEPT(__lxstat64) #define TSAN_MAYBE_INTERCEPT___LXSTAT64 TSAN_INTERCEPT(__lxstat64)
#else #else
#define TSAN_MAYBE_INTERCEPT___LXSTAT64 #define TSAN_MAYBE_INTERCEPT___LXSTAT64
#endif #endif
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD
TSAN_INTERCEPTOR(int, lstat64, const char *path, void *buf) { TSAN_INTERCEPTOR(int, lstat64, const char *path, void *buf) {
SCOPED_TSAN_INTERCEPTOR(__lxstat64, 0, path, buf); SCOPED_TSAN_INTERCEPTOR(__lxstat64, 0, path, buf);
TSAN_READ_STRING(thr, pc, path, 0);
return REAL(__lxstat64)(0, path, buf); return REAL(__lxstat64)(0, path, buf);
} }
#define TSAN_MAYBE_INTERCEPT_LSTAT64 TSAN_INTERCEPT(lstat64) #define TSAN_MAYBE_INTERCEPT_LSTAT64 TSAN_INTERCEPT(lstat64)
#else #else
#define TSAN_MAYBE_INTERCEPT_LSTAT64 #define TSAN_MAYBE_INTERCEPT_LSTAT64
#endif #endif
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD
▲ Show 20 LinesShow All 43 Lines▼ Show 20 Lines
} }
#define TSAN_MAYBE_INTERCEPT_FSTAT64 TSAN_INTERCEPT(fstat64) #define TSAN_MAYBE_INTERCEPT_FSTAT64 TSAN_INTERCEPT(fstat64)
#else #else
#define TSAN_MAYBE_INTERCEPT_FSTAT64 #define TSAN_MAYBE_INTERCEPT_FSTAT64
#endif #endif
TSAN_INTERCEPTOR(int, open, const char *name, int flags, int mode) { TSAN_INTERCEPTOR(int, open, const char *name, int flags, int mode) {
SCOPED_TSAN_INTERCEPTOR(open, name, flags, mode); SCOPED_TSAN_INTERCEPTOR(open, name, flags, mode);
TSAN_READ_STRING(thr, pc, name, 0);
int fd = REAL(open)(name, flags, mode); int fd = REAL(open)(name, flags, mode);
if (fd >= 0) if (fd >= 0)
FdFileCreate(thr, pc, fd); FdFileCreate(thr, pc, fd);
return fd; return fd;
} }
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD
TSAN_INTERCEPTOR(int, open64, const char *name, int flags, int mode) { TSAN_INTERCEPTOR(int, open64, const char *name, int flags, int mode) {
SCOPED_TSAN_INTERCEPTOR(open64, name, flags, mode); SCOPED_TSAN_INTERCEPTOR(open64, name, flags, mode);
TSAN_READ_STRING(thr, pc, name, 0);
int fd = REAL(open64)(name, flags, mode); int fd = REAL(open64)(name, flags, mode);
if (fd >= 0) if (fd >= 0)
FdFileCreate(thr, pc, fd); FdFileCreate(thr, pc, fd);
return fd; return fd;
} }
#define TSAN_MAYBE_INTERCEPT_OPEN64 TSAN_INTERCEPT(open64) #define TSAN_MAYBE_INTERCEPT_OPEN64 TSAN_INTERCEPT(open64)
#else #else
#define TSAN_MAYBE_INTERCEPT_OPEN64 #define TSAN_MAYBE_INTERCEPT_OPEN64
#endif #endif
TSAN_INTERCEPTOR(int, creat, const char *name, int mode) { TSAN_INTERCEPTOR(int, creat, const char *name, int mode) {
SCOPED_TSAN_INTERCEPTOR(creat, name, mode); SCOPED_TSAN_INTERCEPTOR(creat, name, mode);
TSAN_READ_STRING(thr, pc, name, 0);
int fd = REAL(creat)(name, mode); int fd = REAL(creat)(name, mode);
if (fd >= 0) if (fd >= 0)
FdFileCreate(thr, pc, fd); FdFileCreate(thr, pc, fd);
return fd; return fd;
} }
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD
TSAN_INTERCEPTOR(int, creat64, const char *name, int mode) { TSAN_INTERCEPTOR(int, creat64, const char *name, int mode) {
SCOPED_TSAN_INTERCEPTOR(creat64, name, mode); SCOPED_TSAN_INTERCEPTOR(creat64, name, mode);
TSAN_READ_STRING(thr, pc, name, 0);
int fd = REAL(creat64)(name, mode); int fd = REAL(creat64)(name, mode);
if (fd >= 0) if (fd >= 0)
FdFileCreate(thr, pc, fd); FdFileCreate(thr, pc, fd);
return fd; return fd;
} }
#define TSAN_MAYBE_INTERCEPT_CREAT64 TSAN_INTERCEPT(creat64) #define TSAN_MAYBE_INTERCEPT_CREAT64 TSAN_INTERCEPT(creat64)
#else #else
#define TSAN_MAYBE_INTERCEPT_CREAT64 #define TSAN_MAYBE_INTERCEPT_CREAT64
▲ Show 20 LinesShow All 933 Lines▼ Show 20 Lines#endif
TSAN_INTERCEPT(memcpy); TSAN_INTERCEPT(memcpy);
TSAN_INTERCEPT(memmove); TSAN_INTERCEPT(memmove);
TSAN_INTERCEPT(memcmp); TSAN_INTERCEPT(memcmp);
TSAN_INTERCEPT(strchr); TSAN_INTERCEPT(strchr);
TSAN_INTERCEPT(strchrnul); TSAN_INTERCEPT(strchrnul);
TSAN_INTERCEPT(strrchr); TSAN_INTERCEPT(strrchr);
TSAN_INTERCEPT(strcpy); // NOLINT TSAN_INTERCEPT(strcpy); // NOLINT
TSAN_INTERCEPT(strncpy); TSAN_INTERCEPT(strncpy);
TSAN_INTERCEPT(strstr);
TSAN_INTERCEPT(strdup); TSAN_INTERCEPT(strdup);
TSAN_INTERCEPT(pthread_create); TSAN_INTERCEPT(pthread_create);
TSAN_INTERCEPT(pthread_join); TSAN_INTERCEPT(pthread_join);
TSAN_INTERCEPT(pthread_detach); TSAN_INTERCEPT(pthread_detach);
TSAN_INTERCEPT_VER(pthread_cond_init, "GLIBC_2.3.2"); TSAN_INTERCEPT_VER(pthread_cond_init, "GLIBC_2.3.2");
TSAN_INTERCEPT_VER(pthread_cond_signal, "GLIBC_2.3.2"); TSAN_INTERCEPT_VER(pthread_cond_signal, "GLIBC_2.3.2");
▲ Show 20 LinesShow All 128 LinesShow Last 20 Lines

test/asan/TestCases/atoi_strict.c

  • This file was added.
// Test strict_string_checks option in atoi function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
kccUnsubmitted
Not Done
ReplyInline Actions

also, add a 3-rd run with no flag so that we test the default behaviour.
same for other tests.

kcc: also, add a 3-rd run with no flag so that we test the default behaviour. same for other tests.
m.gusevaAuthorUnsubmitted
Not Done
ReplyInline Actions

Added in Diff 17587.

m.guseva: Added in Diff 17587.
#include <assert.h>
#include <stdlib.h>
int main(int argc, char **argv) {
char p[] = {'1', 'b'};
char z = 0;
int r = atoi(p);
// CHECK: READ of size
// CHECK: '{{[p|z]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 1);
gliderUnsubmitted
Not Done
ReplyInline Actions

Can you please add a space after the 'CHECK:' label here and below?

glider: Can you please add a space after the 'CHECK:' label here and below?
return 0;
}

test/asan/TestCases/atol_strict.c

  • This file was added.
// Test strict_string_checks option in atol function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <stdlib.h>
int main(int argc, char **argv) {
char p[] = {'1', 'b'};
char z = 0;
long r = atol(p);
// CHECK: READ of size
// CHECK: '{{[p|z]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 1);
return 0;
}

test/asan/TestCases/atoll_strict.c

  • This file was added.
// Test strict_string_checks option in atoll function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <stdlib.h>
int main(int argc, char **argv) {
char p[] = {'1', 'b'};
char z = 0;
long long r = atoll(p);
// CHECK: READ of size
// CHECK: '{{[p|z]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 1);
return 0;
}

test/asan/TestCases/strcasestr-1.c

  • This file was added.
// Test haystack overflow in strcasestr function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option
// RUN: ASAN_OPTIONS=intercept_strstr=false %run %t 2>&1
// There's no interceptor for strcasestr on Windows
// XFAIL: win32
#define _GNU_SOURCE
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s2[] = "c";
char s1[] = {'a', 'b'};
char s3 = 0;
r = strcasestr(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 0);
return 0;
}

test/asan/TestCases/strcasestr-2.c

  • This file was added.
// Test needle overflow in strcasestr function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option
// RUN: ASAN_OPTIONS=intercept_strstr=false %run %t 2>&1
// There's no interceptor for strcasestr on Windows
// XFAIL: win32
#define _GNU_SOURCE
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s1[] = "ab";
char s2[] = {'c'};
char s3 = 0;
r = strcasestr(s1, s2);
assert(r == 0);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
return 0;
}

test/asan/TestCases/strcasestr_strict.c

  • This file was added.
// Test strict_string_checks option in strcasestr function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// There's no interceptor for strcasestr on Windows
// XFAIL: win32
#define _GNU_SOURCE
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s2[] = {"Ab"};
char s1[] = {'a', 'b', 'c'};
char s3 = 0;
r = strcasestr(s1, s2);
// CHECK: READ of size
// CHECK: '{{s[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == s1);
return 0;
}

test/asan/TestCases/strcat_strict.c

  • This file was added.
// Test strict_string_checks option in strcat function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-STRICT --check-prefix=CHECK
// RUN: ASAN_OPTIONS=strict_string_checks=false not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-STRICT --check-prefix=CHECK
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s2[] = {"a"};
char s1[] = {'b'};
char s3[] = {'\0', 'z', 'z'};
r = strcat(s1, s2);
// CHECK-STRICT: READ of size
// CHECK: '{{s[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
return 0;
}

test/asan/TestCases/strchr_strict.c

  • This file was added.
// Test strict_string_checks option in strchr function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char c = 'a';
char s[] = {'a', 'b', 'c'};
char z = 0;
r = strchr(s, c);
// CHECK: '{{[s|z]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == s);
return 0;
}

test/asan/TestCases/strcspn-1.c

  • This file was added.
// Test string s1 overflow in strcspn function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// Test intercept_strcspn asan option
// RUN: ASAN_OPTIONS=intercept_strcspn=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
size_t r;
char s2[] = "ab";
char s1[] = {'c', 'd'};
char s3 = 0;
r = strcspn(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r >= sizeof(s1));
return 0;
}

test/asan/TestCases/strcspn-2.c

  • This file was added.
// Test stopset overflow in strcspn function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// Test intercept_strcspn asan option
// RUN: ASAN_OPTIONS=intercept_strcspn=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
size_t r;
char s1[] = "ab";
char s2[] = {'c', 'd'};
char s3 = 0;
r = strcspn(s1, s2);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == sizeof(s1) - 1);
return 0;
}

test/asan/TestCases/strcspn_strict.c

  • This file was added.
// Test strict_string_checks option in strcspn function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
size_t r;
char s2[] = "ab";
char s1[] = {'c', 'a'};
char s3 = 0;
r = strcspn(s1, s2);
// CHECK: READ of size
// CHECK: '{{s[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 1);
return 0;
}

test/asan/TestCases/strncat_strict.c

  • This file was added.
// Test strict_string_checks option in strncat function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-STRICT --check-prefix=CHECK
// RUN: ASAN_OPTIONS=strict_string_checks=false not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-STRICT --check-prefix=CHECK
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s2[] = {"a"};
char s1[] = {'b'};
char s3[] = {'\0', 'z', 'z'};
r = strncat(s1, s2, 1);
// CHECK-STRICT: READ of size
// CHECK: '{{s[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
return 0;
}

test/asan/TestCases/strpbrk-1.c

  • This file was added.
// Test string s1 overflow in strpbrk function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// Test intercept_strpbrk asan option
// RUN: ASAN_OPTIONS=intercept_strpbrk=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r;
char s2[] = "ab";
char s1[] = {'c', 'd'};
char s3[] = "a";
r = strpbrk(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r <= s3);
return 0;
}

test/asan/TestCases/strpbrk-2.c

  • This file was added.
// Test stopset overflow in strpbrk function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// Test intercept_strpbrk asan option
// RUN: ASAN_OPTIONS=intercept_strpbrk=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r;
char s1[] = "a";
char s2[] = {'b', 'c'};
char s3 = 0;
r = strpbrk(s1, s2);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == (r ? s1 : 0));
return 0;
}

test/asan/TestCases/strpbrk_strict.c

  • This file was added.
// Test strict_string_checks option in strpbrk function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r;
char s2[] = "ab";
char s1[] = {'c', 'a'};
char s3 = 0;
r = strpbrk(s1, s2);
// CHECK: READ of size
// CHECK: '{{s[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == s1 + 1);
return 0;
}

test/asan/TestCases/strstr-1.c

  • This file was added.
// Test haystack overflow in strstr function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option
// RUN: ASAN_OPTIONS=intercept_strstr=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s2[] = "c";
char s1[] = {'a', 'b'};
char s3 = 0;
gliderUnsubmitted
Not Done
ReplyInline Actions

Note that you can use #ifdef directives and different check prefixes to combine related test cases into one file.

glider: Note that you can use #ifdef directives and different check prefixes to combine related test…
r = strstr(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 0);
return 0;
}

test/asan/TestCases/strstr-2.c

  • This file was added.
// Test needle overflow in strstr function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option
// RUN: ASAN_OPTIONS=intercept_strstr=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s1[] = "ab";
char s2[] = {'c'};
char s3 = 0;
r = strstr(s1, s2);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 0);
return 0;
}

test/asan/TestCases/strstr_strict.c

  • This file was added.
// Test strict_string_checks option in strstr function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s2[] = {"ab"};
char s1[] = {'a', 'b', 'c'};
char s3 = 0;
r = strstr(s1, s2);
// CHECK: READ of size
// CHECK: '{{s[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == s1);
return 0;
}

test/asan/TestCases/strtol_strict.c

  • This file was added.
// Test strict_string_checks option in strtol function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <stdlib.h>
int main(int argc, char **argv) {
char *endptr;
char p[] = {'1', 'b'};
char z = 0;
long r = strtol(p, &endptr, 2);
// CHECK: READ of size
// CHECK: '{{[p|z]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 1);
return 0;
}

test/asan/TestCases/strtoll_strict.c

  • This file was added.
// Test strict_string_checks option in strtoll function
// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <stdlib.h>
int main(int argc, char **argv) {
char *endptr;
char p[] = {'1', 'b'};
char z = 0;
long long r = strtol(p, &endptr, 2);
// CHECK: READ of size
// CHECK: '{{[p|z]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 1);
return 0;
}

test/asan/Unit/lit.site.cfg.in

Show All 22 Lineselse:
test_dir = "default" test_dir = "default"
config.test_exec_root = os.path.join("@COMPILER_RT_BINARY_DIR@", config.test_exec_root = os.path.join("@COMPILER_RT_BINARY_DIR@",
"lib", "asan", "tests", test_dir) "lib", "asan", "tests", test_dir)
config.test_source_root = config.test_exec_root config.test_source_root = config.test_exec_root
# Set LD_LIBRARY_PATH to pick dynamic runtime up properly. # Set LD_LIBRARY_PATH to pick dynamic runtime up properly.
push_ld_library_path(config, config.compiler_rt_libdir) push_ld_library_path(config, config.compiler_rt_libdir)
# Disable strict str checks in unit tests
config.environment['ASAN_OPTIONS'] = 'strict_string_checks=false'
gliderUnsubmitted
Not Done
ReplyInline Actions

Why do you need this line?

glider: Why do you need this line?
ygribovUnsubmitted
Not Done
ReplyInline Actions

AFAIR unit tests are not strict_str-safe.

ygribov: AFAIR unit tests are not strict_str-safe.
gliderUnsubmitted
Not Done
ReplyInline Actions

Is that something we may want to fix?
If so, please file a bug and add a TODO

glider: Is that something we may want to fix? If so, please file a bug and add a TODO
m.gusevaAuthorUnsubmitted
Not Done
ReplyInline Actions

ygribov
AFAIR unit tests are not strict_str-safe.

Right. I saw fails caused by checks relied on standard optimizations in string functions. And I didn't want to remove these tests at all cause they seems meaningful.

m.guseva: >ygribov >AFAIR unit tests are not strict_str-safe. Right. I saw fails caused by checks relied…

test/sanitizer_common/TestCases/strcasestr.c

  • This file was added.
// RUN: %clang %s -o %t && %run %t 2>&1
// There's no interceptor for strcasestr on Windows
// XFAIL: win32
gliderUnsubmitted
Not Done
ReplyInline Actions

Why? Is that because strcasestr() is unavailable on Windows?

glider: Why? Is that because strcasestr() is unavailable on Windows?
m.gusevaAuthorUnsubmitted
Not Done
ReplyInline Actions

Yes. I've referenced printf-*.c tests as printf is not intercepted on Windows. Althouth there is a difference because strcasestr is unavailable at all on Windows so it won't even compile. What do you think is more correct way to exclude it?

m.guseva: Yes. I've referenced printf-*.c tests as printf is not intercepted on Windows. Althouth there…
#define _GNU_SOURCE
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s1[] = "aB";
char s2[] = "b";
r = strcasestr(s1, s2);
assert(r == s1 + 1);
return 0;
}

test/sanitizer_common/TestCases/strcspn.c

  • This file was added.
// RUN: %clang %s -o %t && %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
size_t r;
char s1[] = "ad";
char s2[] = "cd";
r = strcspn(s1, s2);
assert(r == 1);
return 0;
}

test/sanitizer_common/TestCases/strpbrk.c

  • This file was added.
// RUN: %clang %s -o %t && %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s1[] = "ad";
char s2[] = "cd";
r = strpbrk(s1, s2);
assert(r == s1 + 1);
return 0;
}

test/sanitizer_common/TestCases/strstr.c

  • This file was added.
// RUN: %clang %s -o %t && %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s1[] = "ab";
char s2[] = "b";
r = strstr(s1, s2);
assert(r == s1 + 1);
return 0;
}