This is an archive of the discontinued LLVM Phabricator instance.

[MSAN] Fix wordexp interception when WRDE_DOOFFS is used
ClosedPublic

Authored by justincady on Aug 24 2021, 10:32 AM.

Details

Summary

Handle the case of wordexp being invoked with WRDE_DOOFFS and
we.we_offs set to a positive value, which will result in NULL
entries prepended to the result. With this change the entire
result, containing both NULL and actual entries, is unpoisoned.

Diff Detail

Event Timeline

justincady requested review of this revision.Aug 24 2021, 10:32 AM
justincady created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptAug 24 2021, 10:32 AM
Herald added a subscriber: Restricted Project. · View Herald Transcript
vitalybuka accepted this revision.Aug 24 2021, 12:46 PM

Thanks for the fix.
I assume you have no commit access, so I will resolve my comments and and land the patch.

compiler-rt/lib/sanitizer_common/sanitizer_platform_limits_posix.cpp
321

Please fix clang-format warnings.

compiler-rt/lib/sanitizer_common/sanitizer_platform_limits_posix.h
786

to match convention please rename:
WORDEXP_WRDE_DOOFFS -> wordexp_wrde_dooffs

This revision is now accepted and ready to land.Aug 24 2021, 12:46 PM

Correct, I do not have commit access. Thanks for reviewing and landing the patch.

Apologies about the clang-format warnings. I saw clang-format report issues all over the file (beyond this change), so I did not automatically apply them. But in doing that, I missed the spacing reported in my patch.

vitalybuka added inline comments.Aug 24 2021, 12:58 PM
compiler-rt/lib/msan/tests/msan_test.cpp
3763

A new test does not fail without the fix, because it's copied from invalid test, I'll fix that in a separate patch.

justincady added inline comments.Aug 24 2021, 1:02 PM
compiler-rt/lib/msan/tests/msan_test.cpp
3763

This test does fail without the fix. I think there is actually a build dependency issue though. I found that if I:

touch compiler-rt/lib/msan/tests/msan_test.cpp

Then run without the fix, it will fail.

fix style issues

justincady added inline comments.Aug 24 2021, 1:21 PM
compiler-rt/lib/msan/tests/msan_test.cpp
3763

Here is an example snippet of the failures without the fix in place, running check-msan:

==209625==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7364f8 in testing::internal::String::CStringEquals(char const*, char const*) /llvm-project-main/llvm/utils/unittest/googletest/src/gtest.cc:913:7
    #1 0x7364f8 in testing::internal::CmpHelperSTREQ(char const*, char const*, char const*, char const*) /llvm-project-main/llvm/utils/unittest/googletest/src/gtest.cc:1498:7
    #2 0x64a2f6 in MemorySanitizer_wordexp_initial_offset_Test::TestBody() /llvm-project-main/compiler-rt/lib/msan/tests/msan_test.cpp:3772:3
    #3 0x7ce80e in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /llvm-project-main/llvm/utils/unittest/googletest/src/gtest.cc:2433:10
    #4 0x7ce80e in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /llvm-project-main/llvm/utils/unittest/googletest/src/gtest.cc:2469:14
    #5 0x7481a1 in testing::Test::Run() /llvm-project-main/llvm/utils/unittest/googletest/src/gtest.cc:2508:5
    #6 0x74ce72 in testing::TestInfo::Run() /llvm-project-main/llvm/utils/unittest/googletest/src/gtest.cc:2684:11
    #7 0x74f1fa in testing::TestSuite::Run() /llvm-project-main/llvm/utils/unittest/googletest/src/gtest.cc:2816:28
    #8 0x78d7e4 in testing::internal::UnitTestImpl::RunAllTests() /llvm-project-main/llvm/utils/unittest/googletest/src/gtest.cc:5338:44
    #9 0x7d14d8 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /llvm-project-main/llvm/utils/unittest/googletest/src/gtest.cc:2433:10
    #10 0x7d14d8 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /llvm-project-main/llvm/utils/unittest/googletest/src/gtest.cc:2469:14
    #11 0x78b86c in testing::UnitTest::Run() /llvm-project-main/llvm/utils/unittest/googletest/src/gtest.cc:4925:10
    #12 0x70ddb7 in RUN_ALL_TESTS() /llvm-project-main/llvm/utils/unittest/googletest/include/gtest/gtest.h:2473:46
    #13 0x70ddb7 in main /llvm-project-main/compiler-rt/lib/msan/tests/msan_test_main.cpp:19:10
    #14 0x7fbf017820b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #15 0x482b6d in _start (/llvm-project-main/build/projects/compiler-rt/lib/msan/tests/Msan-x86_64-with-call-Test+0x482b6d)

  Uninitialized value was stored to memory at
    #0 0x48ea30 in __interceptor_realloc /llvm-project-main/compiler-rt/lib/msan/msan_interceptors.cpp:879:3
    #1 0x7fbf01869c88 in wordexp (/lib/x86_64-linux-gnu/libc.so.6+0x10ec88)

  Uninitialized value was created by a heap allocation
    #0 0x48ea30 in __interceptor_realloc /llvm-project-main/compiler-rt/lib/msan/msan_interceptors.cpp:879:3
    #1 0x7fbf01869666 in wordexp (/lib/x86_64-linux-gnu/libc.so.6+0x10e666)
[...]
Failed Tests (2):
  MemorySanitizer-Unit :: ./Msan-x86_64-Test/MemorySanitizer.wordexp_initial_offset
  MemorySanitizer-Unit :: ./Msan-x86_64-with-call-Test/MemorySanitizer.wordexp_initial_offset
This revision was landed with ongoing or failed builds.Aug 24 2021, 2:30 PM
This revision was automatically updated to reflect the committed changes.
vitalybuka added inline comments.Aug 24 2021, 2:30 PM
compiler-rt/lib/msan/tests/msan_test.cpp
3763

That's error on my side, I had no libcxx and unittests enabled.

justincady added inline comments.Aug 24 2021, 2:41 PM
compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
4000

This adjustment to the initial patch is incorrect. Note that the original patch added p->we_offs (not another p->we_wordc) in the case of wordexp_wrde_dooffs:

uptr we_wordc = (flags & WORDEXP_WRDE_DOOFFS) ? p->we_wordc + p->we_offs : p->we_wordc;
vitalybuka added inline comments.Aug 24 2021, 4:37 PM
compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
4000

Good catch!