This is an archive of the discontinued LLVM Phabricator instance.

Differential D112174

[OpenMP] Fix possible NULL dereference
ClosedPublic

Authored by AndreyChurbanov on Oct 20 2021, 1:00 PM.

Details

Reviewers
hbae
jlpeyton
Nawrin
tlwilmar
jdoerfert
protze.joachim
Commits
rGc704b25b4494: [OpenMP] libomp: Fix possible NULL dereference.
Summary

According to dlsym description, the value of symbol could be NULL,
and there is no error in this case. Thus dlerror will also return NULL in
this case. We need to check the value returned by dlerror before printing it.

Diff Detail

Event Timeline

AndreyChurbanov created this revision.Oct 20 2021, 1:00 PM
Herald added subscribers: guansong, yaxunl. · View Herald TranscriptOct 20 2021, 1:00 PM
AndreyChurbanov requested review of this revision.Oct 20 2021, 1:00 PM
Herald added a reviewer: jdoerfert. · View Herald TranscriptOct 20 2021, 1:00 PM
Herald added subscribers: openmp-commits, sstefan1. · View Herald Transcript
Harbormaster completed remote builds in B129816: Diff 381075.Oct 20 2021, 1:09 PM
protze.joachim added a subscriber: protze.joachim.Oct 21 2021, 6:19 AM
start_tool = (ompt_start_tool_t)dlsym(h, "ompt_start_tool");

I find the dlsym description confusing:

The function dlsym() [...] return[s] the address where that symbol is loaded into memory.

If the symbol is loaded into memory, how can the address be NULL?

Since the value of the symbol could actually be NULL (so that a NULL return from dlsym() need not indicate an error)

With if (!start_tool) we check the address of the symbol to be !=NULL, not the symbol itself.

If the symbol is NULL, but the function returns the address to the symbol, I would need to dereference the address to see the NULL, i.e. *start_tool == NULL? What do I miss here?

openmp/runtime/src/ompt-general.cpp
349

I would argue, that dlerror is cleared at this point, but calling the function anyways should not harm.

AndreyChurbanov added a comment.Oct 25 2021, 11:01 AM
In D112174#3077754, @protze.joachim wrote:
start_tool = (ompt_start_tool_t)dlsym(h, "ompt_start_tool");

I find the dlsym description confusing:

The function dlsym() [...] return[s] the address where that symbol is loaded into memory.

If the symbol is loaded into memory, how can the address be NULL?

Since the value of the symbol could actually be NULL (so that a NULL return from dlsym() need not indicate an error)

With if (!start_tool) we check the address of the symbol to be !=NULL, not the symbol itself.

If the symbol is NULL, but the function returns the address to the symbol, I would need to dereference the address to see the NULL, i.e. *start_tool == NULL? What do I miss here?

The description of dlsym has a note (https://man7.org/linux/man-pages/man3/dlsym.3.html):

There are several scenarios when the address of a global symbol
is NULL.  For example, a symbol can be placed at zero address by
the linker, via a linker script or with --defsym command-line
option.  Undefined weak symbols also have NULL value.  Finally,
the symbol value may be the result of a GNU indirect function
(IFUNC) resolver function that returns NULL as the resolved
value.  In the latter case, dlsym() also returns NULL without
error.

So, theoretically both dlsym and following dlerror can return NULL.
I don't see a problem in using verbose recommended way of checking functions return values,
just to be on the safe side.

protze.joachim accepted this revision.Oct 25 2021, 2:51 PM

Thanks for the clarification.
lgtm

This revision is now accepted and ready to land.Oct 25 2021, 2:51 PM
Closed by commit rGc704b25b4494: [OpenMP] libomp: Fix possible NULL dereference. (authored by AndreyChurbanov). · Explain WhyOct 27 2021, 6:55 AM
This revision was automatically updated to reflect the committed changes.
AndreyChurbanov added a commit: rGc704b25b4494: [OpenMP] libomp: Fix possible NULL dereference..

Revision Contents

PathSize
openmp/
runtime/
src/
9 lines

Diff 382657

openmp/runtime/src/ompt-general.cpp

Show First 20 LinesShow All 340 Lines▼ Show 20 Lines#if KMP_OS_UNIX
OMPT_VERBOSE_INIT_PRINT("Opening %s... ", fname); OMPT_VERBOSE_INIT_PRINT("Opening %s... ", fname);
void *h = dlopen(fname, RTLD_LAZY); void *h = dlopen(fname, RTLD_LAZY);
if (!h) { if (!h) {
OMPT_VERBOSE_INIT_CONTINUED_PRINT("Failed: %s\n", dlerror()); OMPT_VERBOSE_INIT_CONTINUED_PRINT("Failed: %s\n", dlerror());
} else { } else {
OMPT_VERBOSE_INIT_CONTINUED_PRINT("Success. \n"); OMPT_VERBOSE_INIT_CONTINUED_PRINT("Success. \n");
OMPT_VERBOSE_INIT_PRINT("Searching for ompt_start_tool in %s... ", OMPT_VERBOSE_INIT_PRINT("Searching for ompt_start_tool in %s... ",
fname); fname);
dlerror(); // Clear any existing error
protze.joachimUnsubmitted
Not Done
ReplyInline Actions

I would argue, that dlerror is cleared at this point, but calling the function anyways should not harm.

protze.joachim: I would argue, that dlerror is cleared at this point, but calling the function anyways should…
start_tool = (ompt_start_tool_t)dlsym(h, "ompt_start_tool"); start_tool = (ompt_start_tool_t)dlsym(h, "ompt_start_tool");
if (!start_tool) { if (!start_tool) {
OMPT_VERBOSE_INIT_CONTINUED_PRINT("Failed: %s\n", dlerror()); char *error = dlerror();
if (error != NULL) {
OMPT_VERBOSE_INIT_CONTINUED_PRINT("Failed: %s\n", error);
} else {
OMPT_VERBOSE_INIT_CONTINUED_PRINT("Failed: %s\n",
"ompt_start_tool = NULL");
}
} else } else
#elif KMP_OS_WINDOWS #elif KMP_OS_WINDOWS
OMPT_VERBOSE_INIT_PRINT("Opening %s... ", fname); OMPT_VERBOSE_INIT_PRINT("Opening %s... ", fname);
HMODULE h = LoadLibrary(fname); HMODULE h = LoadLibrary(fname);
if (!h) { if (!h) {
OMPT_VERBOSE_INIT_CONTINUED_PRINT("Failed: Error %u\n", GetLastError()); OMPT_VERBOSE_INIT_CONTINUED_PRINT("Failed: Error %u\n", GetLastError());
} else { } else {
OMPT_VERBOSE_INIT_CONTINUED_PRINT("Success. \n"); OMPT_VERBOSE_INIT_CONTINUED_PRINT("Success. \n");
▲ Show 20 LinesShow All 636 LinesShow Last 20 Lines