This is an archive of the discontinued LLVM Phabricator instance.

[sanitizer] Remove crypt and crypt_r interceptors

Authored by MaskRay on Apr 27 2023, 8:15 PM.



From Florian Weimer's D144073

On GNU/Linux (glibc), the crypt and crypt_r functions are not part of the main shared object (, but libcrypt (with multiple possible sonames). The sanitizer libraries do not depend on libcrypt, so it can happen that during sanitizer library initialization, no real implementation will be found because the crypt, crypt_r functions are not present in the process image (yet). If its interceptors are called nevertheless, this results in a call through a null pointer when the sanitizer library attempts to forward the call to the real implementation.

Many distributions have already switched to libxcrypt, a library that is separate from glibc and that can be build with sanitizers directly (avoiding the need for interceptors). This patch disables building the interceptor for glibc targets.

Let's remove crypt and crypt_r interceptors (D68431) to fix issues with
newer glibc.

For older glibc, msan will not know that an uninstrumented crypt_r call
initializes data, so there is a risk for false positives. However, with some
codebase survey, I think crypt_r uses are very few and the call sites typically
have a memset(&data, 0, sizeof(data)); anyway.


Diff Detail

Event Timeline

MaskRay created this revision.Apr 27 2023, 8:15 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 27 2023, 8:15 PM
Herald added a subscriber: Enna1. · View Herald Transcript
MaskRay requested review of this revision.Apr 27 2023, 8:15 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 27 2023, 8:15 PM
MaskRay updated this revision to Diff 517780.Apr 27 2023, 8:17 PM

remove Posix/crypt.cpp

This loses us coverage on musl and other libcs, unfortunately. musl will be keeping crypt indefinitely, although it does "support" overriding/interposition as well w/ libxcrypt (even if it's somewhat discouraged). But I'm also not sure how we can actually prevent that, so right now, sanitizing crypt at all is dangerous (c.f. the bugs @fweimer shared).

I agree it's cleaner to drop it entirely, the crypt situation is special.

thesamesam accepted this revision.Apr 27 2023, 8:24 PM
This revision is now accepted and ready to land.Apr 27 2023, 8:24 PM
fweimer accepted this revision.Apr 27 2023, 10:17 PM
vitalybuka accepted this revision.Apr 27 2023, 10:19 PM
This revision was landed with ongoing or failed builds.Apr 28 2023, 9:59 AM
This revision was automatically updated to reflect the committed changes.