This is an archive of the discontinued LLVM Phabricator instance.

[compiler-rt] Fix memmove/memcpy overlap detection on windows
ClosedPublic

Authored by etienneb on Jul 20 2016, 10:12 PM.

Download Raw Diff

Details

Reviewers

Commits

rGaa76a0cf914f: [compiler-rt] Fix memmove/memcpy overlap detection on windows
rCRT276299: [compiler-rt] Fix memmove/memcpy overlap detection on windows
rL276299: [compiler-rt] Fix memmove/memcpy overlap detection on windows

Summary

The memcpy and memmove functions are the same on windows.
The overlap detection logic is incorrect.

printf-1 test:

stdin>:2:114: note: possible intended match here
==877412==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x0000002bf2a8,0x0000002bf2ad) and [0x0000002bf2a9, 0x0000002bf2ae) overlap
```                                                                                                                 ^

Diff Detail

Event Timeline

etienneb updated this revision to Diff 64819.Jul 20 2016, 10:12 PM

etienneb retitled this revision from to [compiler-rt] Fix memmove/memcpy overlap detection on windows.

etienneb updated this object.

etienneb added a reviewer: rnk.

etienneb added subscribers: • chrisha, wang0109, llvm-commits.

Herald added a subscriber: kubamracek. · View Herald TranscriptJul 20 2016, 10:12 PM

etienneb updated this object.Jul 20 2016, 10:25 PM

rnk added inline comments.Jul 21 2016, 6:51 AM

lib/asan/asan_interceptors.cc
433	Should we go back, intercept memmove instead of memcpy, and then initialize REAL(memset) to REAL(memmove) so that we don't crash when calling it? Suppose the user calls memcpy or memmove on free memory. The stack trace can either contain asam_memcpy or asan_memmove. Which do you think is better?

move to an different approach

I tried the other approach, and it seems to work fine.

fix unittests

lgtm

This revision is now accepted and ready to land.Jul 21 2016, 9:08 AM

etienneb closed this revision.Jul 21 2016, 9:14 AM

Revision Contents

Path

Size

lib/

asan/

asan_interceptors.cc

7 lines

tests/

asan_str_test.cc

2 lines

Diff 64909

lib/asan/asan_interceptors.cc

Show First 20 Lines • Show All 424 Lines • ▼ Show 20 Lines	#define ASAN_MEMSET_IMPL(ctx, block, c, size) do { \
} \		} \
return REAL(memset)(block, c, size); \		return REAL(memset)(block, c, size); \
} while (0)		} while (0)

void __asan_memset(void block, int c, uptr size) {		void __asan_memset(void block, int c, uptr size) {
ASAN_MEMSET_IMPL(nullptr, block, c, size);		ASAN_MEMSET_IMPL(nullptr, block, c, size);
}		}

#define ASAN_MEMMOVE_IMPL(ctx, to, from, size) do { \		#define ASAN_MEMMOVE_IMPL(ctx, to, from, size) do { \
		rnkUnsubmitted Done Reply Inline Actions Should we go back, intercept memmove instead of memcpy, and then initialize REAL(memset) to REAL(memmove) so that we don't crash when calling it? Suppose the user calls memcpy or memmove on free memory. The stack trace can either contain asam_memcpy or asan_memmove. Which do you think is better? rnk: Should we go back, intercept memmove instead of memcpy, and then initialize REAL(memset) to…
if (UNLIKELY(!asan_inited)) \		if (UNLIKELY(!asan_inited)) \
return internal_memmove(to, from, size); \		return internal_memmove(to, from, size); \
ENSURE_ASAN_INITED(); \		ENSURE_ASAN_INITED(); \
if (flags()->replace_intrin) { \		if (flags()->replace_intrin) { \
ASAN_READ_RANGE(ctx, from, size); \		ASAN_READ_RANGE(ctx, from, size); \
ASAN_WRITE_RANGE(ctx, to, size); \		ASAN_WRITE_RANGE(ctx, to, size); \
} \		} \
return internal_memmove(to, from, size); \		return internal_memmove(to, from, size); \
▲ Show 20 Lines • Show All 278 Lines • ▼ Show 20 Lines
namespace __asan {		namespace __asan {
void InitializeAsanInterceptors() {		void InitializeAsanInterceptors() {
static bool was_called_once;		static bool was_called_once;
CHECK(was_called_once == false);		CHECK(was_called_once == false);
was_called_once = true;		was_called_once = true;
InitializeCommonInterceptors();		InitializeCommonInterceptors();

// Intercept mem* functions.		// Intercept mem* functions.
ASAN_INTERCEPT_FUNC(memcpy);
ASAN_INTERCEPT_FUNC(memset);		ASAN_INTERCEPT_FUNC(memset);
if (PLATFORM_HAS_DIFFERENT_MEMCPY_AND_MEMMOVE) {
// In asan, REAL(memmove) is not used, but it is used in msan.
ASAN_INTERCEPT_FUNC(memmove);		ASAN_INTERCEPT_FUNC(memmove);
		if (PLATFORM_HAS_DIFFERENT_MEMCPY_AND_MEMMOVE) {
		ASAN_INTERCEPT_FUNC(memcpy);
		} else {
		*&REAL(memcpy) = REAL(memmove);
}		}
CHECK(REAL(memcpy));		CHECK(REAL(memcpy));

// Intercept str* functions.		// Intercept str* functions.
ASAN_INTERCEPT_FUNC(strcat); // NOLINT		ASAN_INTERCEPT_FUNC(strcat); // NOLINT
ASAN_INTERCEPT_FUNC(strcpy); // NOLINT		ASAN_INTERCEPT_FUNC(strcpy); // NOLINT
ASAN_INTERCEPT_FUNC(wcslen);		ASAN_INTERCEPT_FUNC(wcslen);
ASAN_INTERCEPT_FUNC(strncat);		ASAN_INTERCEPT_FUNC(strncat);
▲ Show 20 Lines • Show All 66 Lines • Show Last 20 Lines

lib/asan/tests/asan_str_test.cc

	Show First 20 Lines • Show All 450 Lines • ▼ Show 20 Lines
	TEST(AddressSanitizer, StrArgsOverlapTest) {			TEST(AddressSanitizer, StrArgsOverlapTest) {
	size_t size = Ident(100);			size_t size = Ident(100);
	char str = Ident((char)malloc(size));			char str = Ident((char)malloc(size));

	// Do not check memcpy() on OS X 10.7 and later, where it actually aliases			// Do not check memcpy() on OS X 10.7 and later, where it actually aliases
	// memmove().			// memmove().
	#if !defined(__APPLE__) \|\| !defined(MAC_OS_X_VERSION_10_7) \|\| \			#if !defined(__APPLE__) \|\| !defined(MAC_OS_X_VERSION_10_7) \|\| \
	(MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_7)			(MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_7)
				#if PLATFORM_HAS_DIFFERENT_MEMCPY_AND_MEMMOVE
	// Check "memcpy". Use Ident() to avoid inlining.			// Check "memcpy". Use Ident() to avoid inlining.
	memset(str, 'z', size);			memset(str, 'z', size);
	Ident(memcpy)(str + 1, str + 11, 10);			Ident(memcpy)(str + 1, str + 11, 10);
	Ident(memcpy)(str, str, 0);			Ident(memcpy)(str, str, 0);
	EXPECT_DEATH(Ident(memcpy)(str, str + 14, 15), OverlapErrorMessage("memcpy"));			EXPECT_DEATH(Ident(memcpy)(str, str + 14, 15), OverlapErrorMessage("memcpy"));
	EXPECT_DEATH(Ident(memcpy)(str + 14, str, 15), OverlapErrorMessage("memcpy"));			EXPECT_DEATH(Ident(memcpy)(str + 14, str, 15), OverlapErrorMessage("memcpy"));
	#endif			#endif
				#endif

	// We do not treat memcpy with to==from as a bug.			// We do not treat memcpy with to==from as a bug.
	// See http://llvm.org/bugs/show_bug.cgi?id=11763.			// See http://llvm.org/bugs/show_bug.cgi?id=11763.
	// EXPECT_DEATH(Ident(memcpy)(str + 20, str + 20, 1),			// EXPECT_DEATH(Ident(memcpy)(str + 20, str + 20, 1),
	// OverlapErrorMessage("memcpy"));			// OverlapErrorMessage("memcpy"));

	// Check "strcpy".			// Check "strcpy".
	memset(str, 'z', size);			memset(str, 'z', size);
	▲ Show 20 Lines • Show All 123 Lines • Show Last 20 Lines