This is an archive of the discontinued LLVM Phabricator instance.

Differential D20280

[asan] Don't raise false alarm to recv/recvfrom when MSG_TRUNC is present.
ClosedPublic

Authored by m.ostapenko on May 16 2016, 2:55 AM.

Details

Reviewers
kcc
dvyukov
eugenis
Commits
rG02c21b3ef940: [asan] Don't raise false alarm to recv/recvfrom when MSG_TRUNC is present.
rCRT269749: [asan] Don't raise false alarm to recv/recvfrom when MSG_TRUNC is present.
rL269749: [asan] Don't raise false alarm to recv/recvfrom when MSG_TRUNC is present.
Summary

Currenty ASan checks the return value of real recv/recvfrom to see if the written bytes fit in the buffer. That works fine most of time. However, there is an exception: (from the RECV(2) man page)

MSG_TRUNC (since Linux 2.2)
    ... return the real length of the packet or datagram, even when it was longer than the passed buffer. ...

Some programs combine MSG_TRUNC, MSG_PEEK and a single-byte buffer to peek the incoming data size without reading (much of) them. In this case, the return value is usually longer than what's been written and ASan raises a false alarm here. To avoid such false positive reports, we can use min(res, len) in COMMON_INTERCEPTOR_WRITE_RANGE checks.

Diff Detail

Repository
rL LLVM

Event Timeline

m.ostapenko updated this revision to Diff 57325.May 16 2016, 2:55 AM
m.ostapenko retitled this revision from to [asan] Don't raise false alarm to recv/recvfrom when MSG_TRUNC is present..
m.ostapenko updated this object.
m.ostapenko added reviewers: kcc, dvyukov, eugenis.
m.ostapenko set the repository for this revision to rL LLVM.
m.ostapenko added subscribers: llvm-commits, laszio, ygribov.
Herald added subscribers: kubamracek, srhines, danalbert and 3 others. · View Herald TranscriptMay 16 2016, 2:55 AM
kcc edited edge metadata.May 16 2016, 10:34 AM

Code change LG, please move the test to the common dir.

test/asan/TestCases/Linux/recv_msg_trunc.cc
1 ↗(On Diff #57325)

Can you move this test to test/sanitizer_common/TestCases/Linux ?
And please verify that it fails there w/o your fix.

m.ostapenko updated this revision to Diff 57373.May 16 2016, 11:02 AM
m.ostapenko edited edge metadata.

Moved testcase to test/sanitizer_common/TestCases/Linux and verified that it passes with patch and fails without it.

kcc accepted this revision.May 16 2016, 11:16 AM
kcc edited edge metadata.

LGTM, thanks!

This revision is now accepted and ready to land.May 16 2016, 11:16 AM
Closed by commit rL269749: [asan] Don't raise false alarm to recv/recvfrom when MSG_TRUNC is present. (authored by chefmax). · Explain WhyMay 17 2016, 12:44 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lib/
sanitizer_common/
4 lines
test/
sanitizer_common/
TestCases/
Linux/
36 lines

Diff 57373

lib/sanitizer_common/sanitizer_common_interceptors.inc

Show First 20 LinesShow All 5,492 Lines▼ Show 20 Lines
#if SANITIZER_INTERCEPT_RECV_RECVFROM #if SANITIZER_INTERCEPT_RECV_RECVFROM
INTERCEPTOR(SSIZE_T, recv, int fd, void *buf, SIZE_T len, int flags) { INTERCEPTOR(SSIZE_T, recv, int fd, void *buf, SIZE_T len, int flags) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, recv, fd, buf, len, flags); COMMON_INTERCEPTOR_ENTER(ctx, recv, fd, buf, len, flags);
COMMON_INTERCEPTOR_FD_ACCESS(ctx, fd); COMMON_INTERCEPTOR_FD_ACCESS(ctx, fd);
SSIZE_T res = REAL(recv)(fd, buf, len, flags); SSIZE_T res = REAL(recv)(fd, buf, len, flags);
if (res > 0) { if (res > 0) {
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, res); COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, Min((SIZE_T)res, len));
} }
if (res >= 0 && fd >= 0) COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd); if (res >= 0 && fd >= 0) COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd);
return res; return res;
} }
INTERCEPTOR(SSIZE_T, recvfrom, int fd, void *buf, SIZE_T len, int flags, INTERCEPTOR(SSIZE_T, recvfrom, int fd, void *buf, SIZE_T len, int flags,
void *srcaddr, int *addrlen) { void *srcaddr, int *addrlen) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, recvfrom, fd, buf, len, flags, srcaddr, COMMON_INTERCEPTOR_ENTER(ctx, recvfrom, fd, buf, len, flags, srcaddr,
addrlen); addrlen);
COMMON_INTERCEPTOR_FD_ACCESS(ctx, fd); COMMON_INTERCEPTOR_FD_ACCESS(ctx, fd);
SIZE_T srcaddr_sz; SIZE_T srcaddr_sz;
if (srcaddr) srcaddr_sz = *addrlen; if (srcaddr) srcaddr_sz = *addrlen;
(void)srcaddr_sz; // prevent "set but not used" warning (void)srcaddr_sz; // prevent "set but not used" warning
SSIZE_T res = REAL(recvfrom)(fd, buf, len, flags, srcaddr, addrlen); SSIZE_T res = REAL(recvfrom)(fd, buf, len, flags, srcaddr, addrlen);
if (res > 0) { if (res > 0) {
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, res); COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, Min((SIZE_T)res, len));
if (srcaddr) if (srcaddr)
COMMON_INTERCEPTOR_INITIALIZE_RANGE(srcaddr, COMMON_INTERCEPTOR_INITIALIZE_RANGE(srcaddr,
Min((SIZE_T)*addrlen, srcaddr_sz)); Min((SIZE_T)*addrlen, srcaddr_sz));
} }
return res; return res;
} }
#define INIT_RECV_RECVFROM \ #define INIT_RECV_RECVFROM \
COMMON_INTERCEPT_FUNCTION(recv); \ COMMON_INTERCEPT_FUNCTION(recv); \
▲ Show 20 LinesShow All 279 LinesShow Last 20 Lines

test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc

  • This file was added.
// Test that ASan doesn't raise false alarm when MSG_TRUNC is present.
//
// RUN: %clangxx %s -o %t && %run %t 2>&1
//
// UNSUPPORTED: android
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <assert.h>
int main() {
int fd_0 = socket(AF_INET, SOCK_DGRAM, 0);
int fd_1 = socket(AF_INET, SOCK_DGRAM, 0);
struct sockaddr_in sin;
socklen_t len = sizeof(sin);
char *buf = (char *)malloc(1);
sin.sin_family = AF_INET;
// Choose a random port to bind.
sin.sin_port = 0;
sin.sin_addr.s_addr = INADDR_ANY;
assert(bind(fd_1, (struct sockaddr *)&sin, sizeof(sin)) == 0);
// Get the address and port binded.
assert(getsockname(fd_1, (struct sockaddr *)&sin, &len) == 0);
assert(sendto(fd_0, "hello", strlen("hello"), MSG_DONTWAIT,
(struct sockaddr *)&sin, sizeof(sin)) != -1);
assert(recv(fd_1, buf, 1, MSG_TRUNC) != -1);
free(buf);
return 0;
}