This is an archive of the discontinued LLVM Phabricator instance.

Differential D150498

ASan: add backtrace_symbols test and clarify code is correct
ClosedPublic

Authored by thurston on May 12 2023, 5:01 PM.

Download Raw Diff

Details

Reviewers

vitalybuka

Commits

rG04fd535409dd: ASan: add backtrace_symbols test and clarify code is correct

Summary

This is another patch for https://github.com/google/sanitizers/issues/321
(sanitizer interceptors can write to freed memory, causing corruption),
in this case for backtrace_symbols.

backtrace_symbols is already correct, hence this patch removes the
TODO note. Additionally, this patch adds a test case for it.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

thurston created this revision.May 12 2023, 5:01 PM

Herald added a project: Restricted Project. · View Herald TranscriptMay 12 2023, 5:01 PM

Herald added a subscriber: Enna1. · View Herald Transcript

thurston requested review of this revision.May 12 2023, 5:01 PM

Herald added a project: Restricted Project. · View Herald TranscriptMay 12 2023, 5:01 PM

Herald added a subscriber: Restricted Project. · View Herald Transcript

thurston added a reviewer: vitalybuka.May 12 2023, 5:02 PM

Harbormaster completed remote builds in B231741: Diff 521842.May 12 2023, 5:51 PM

vitalybuka accepted this revision.May 12 2023, 10:17 PM

This revision is now accepted and ready to land.May 12 2023, 10:17 PM

Closed by commit rG04fd535409dd: ASan: add backtrace_symbols test and clarify code is correct (authored by thurston). · Explain WhyMay 12 2023, 10:39 PM

This revision was automatically updated to reflect the committed changes.

thurston added a commit: rG04fd535409dd: ASan: add backtrace_symbols test and clarify code is correct.

thurston mentioned this in rGd9377c1deda2: ASan: unbreak Windows build by limiting backtrace* tests to glibc.May 12 2023, 10:57 PM

Revision Contents

Path

Size

compiler-rt/

lib/

sanitizer_common/

sanitizer_common_interceptors.inc

5 lines

test/

asan/

TestCases/

backtrace_symbols_interceptor.cpp

36 lines

Diff 521870

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 4,412 Lines • ▼ Show 20 Lines	INTERCEPTOR(int, backtrace, void **buffer, int size) {
return res;		return res;
}		}

INTERCEPTOR(char , backtrace_symbols, void buffer, int size) {		INTERCEPTOR(char , backtrace_symbols, void buffer, int size) {
void *ctx;		void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, backtrace_symbols, buffer, size);		COMMON_INTERCEPTOR_ENTER(ctx, backtrace_symbols, buffer, size);
if (buffer && size)		if (buffer && size)
COMMON_INTERCEPTOR_READ_RANGE(ctx, buffer, size * sizeof(*buffer));		COMMON_INTERCEPTOR_READ_RANGE(ctx, buffer, size * sizeof(*buffer));
// FIXME: under ASan the call below may write to freed memory and corrupt		// The COMMON_INTERCEPTOR_READ_RANGE above ensures that 'buffer' is
// its metadata. See		// valid for reading.
// https://github.com/google/sanitizers/issues/321.
char **res = REAL(backtrace_symbols)(buffer, size);		char **res = REAL(backtrace_symbols)(buffer, size);
if (res && size) {		if (res && size) {
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, res, size * sizeof(*res));		COMMON_INTERCEPTOR_WRITE_RANGE(ctx, res, size * sizeof(*res));
for (int i = 0; i < size; ++i)		for (int i = 0; i < size; ++i)
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, res[i], internal_strlen(res[i]) + 1);		COMMON_INTERCEPTOR_WRITE_RANGE(ctx, res[i], internal_strlen(res[i]) + 1);
}		}
return res;		return res;
}		}
▲ Show 20 Lines • Show All 6,247 Lines • Show Last 20 Lines

compiler-rt/test/asan/TestCases/backtrace_symbols_interceptor.cpp

This file was added.

				// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 \| FileCheck %s

				// Test the backtrace_symbols() interceptor.

				#include <assert.h>
				#include <execinfo.h>
				#include <math.h>
				#include <stdio.h>
				#include <stdlib.h>

				#define MAX_BT 100

				int main() {
				void buffer = (void )malloc(sizeof(void ) MAX_BT);
				assert(buffer != NULL);

				int numEntries = backtrace(buffer, MAX_BT);
				printf("backtrace returned %d entries\n", numEntries);

				free(buffer);

				// Deliberate use-after-free of 'buffer'. We expect ASan to
				// catch this, without triggering internal sanitizer errors.
				char **strings = backtrace_symbols(buffer, numEntries);
				assert(strings != NULL);

				for (int i = 0; i < numEntries; i++) {
				printf("%s\n", strings[i]);
				}

				free(strings);

				// CHECK: use-after-free
				// CHECK: SUMMARY
				return 0;
				}