Page MenuHomePhabricator

[asan/win] Add init hooks to .CRT$XLAB
ClosedPublic

Authored by rnk on Nov 8 2016, 9:38 AM.

Details

Summary

User applications may register hooks in the .CRT$XL* callback list,
which is called very early by the loader. This is very common in
Chromium:
https://cs.chromium.org/search/?q=CRT.XL&sq=package:chromium&type=cs

This has flown under the radar for a long time because the loader
appears to catch exceptions originating from these callbacks. It's a
real problem when you're debugging an asan application, though, since it
makes the program crash early.

The solution is to add our own callback to this list, and sort it very
early in the list like we do elsewhere. Also add a test with such an
instrumented callback, and test that it gets called with asan.

Diff Detail

Repository
rL LLVM

Event Timeline

rnk updated this revision to Diff 77206.Nov 8 2016, 9:38 AM
rnk retitled this revision from to [asan/win] Add init hooks to .CRT$XLAB.
rnk updated this object.
rnk added a reviewer: etienneb.
rnk added a subscriber: llvm-commits.
rnk added a comment.Nov 8 2016, 10:56 AM

No, but I'm working on that next

etienneb edited edge metadata.Nov 8 2016, 11:20 AM

I tried the patch and it's not solving the bug I was facing.

see: https://llvm.org/bugs/show_bug.cgi?id=30903

=================================================================
==8172==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x01bdb6529fd0 in thread T0
    #0 0x7ff63f667aa4  (C:\src\llvm\ninja64\projects\compiler-rt\lib\asan\tests\default\Asan-x86_64-inline-Noinst-Test.exe+0x140047aa4)
    #1 0x7ff8c3a2b7fb  (C:\Windows\System32\ucrtbase.dll+0x18000b7fb)
    #2 0x7ff8c6cc7ec7  (C:\Windows\SYSTEM32\ntdll.dll+0x180007ec7)
    #3 0x7ff8c6cc7fb5  (C:\Windows\SYSTEM32\ntdll.dll+0x180007fb5)
    #4 0x7ff8c6cc7d93  (C:\Windows\SYSTEM32\ntdll.dll+0x180007d93)
    #5 0x7ff8c68ece69  (C:\Windows\System32\KERNEL32.DLL+0x18001ce69)
    #6 0x7ff63f6f3143  (C:\src\llvm\ninja64\projects\compiler-rt\lib\asan\tests\default\Asan-x86_64-inline-Noinst-Test.exe+0x1400d3143)
    #7 0x7ff63f6f3083  (C:\src\llvm\ninja64\projects\compiler-rt\lib\asan\tests\default\Asan-x86_64-inline-Noinst-Test.exe+0x1400d3083)
    #8 0x7ff63f6a8242  (C:\src\llvm\ninja64\projects\compiler-rt\lib\asan\tests\default\Asan-x86_64-inline-Noinst-Test.exe+0x140088242)
    #9 0x7ff8c68d8363  (C:\Windows\System32\KERNEL32.DLL+0x180008363)
    #10 0x7ff8c6d25e90  (C:\Windows\SYSTEM32\ntdll.dll+0x180065e90)

Address 0x01bdb6529fd0 is a wild pointer.
SUMMARY: AddressSanitizer: bad-free (C:\src\llvm\ninja64\projects\compiler-rt\lib\asan\tests\default\Asan-x86_64-inline-Noinst-Test.exe+0x140047aa4)
==8172==ABORTING
lib/asan/asan_win.cc
358 ↗(On Diff #77206)

nit: to be consitant with line 346-347 should be indented that way:

declspec(allocate(".CRT$XLAB"))
void (NTAPI *
asan_tls_init)( void *, unsigned long, void *) = asan_thread_init;

lib/asan/asan_win_dynamic_runtime_thunk.cc
74 ↗(On Diff #77206)

ditto

test/asan/TestCases/Windows/tls_init.cc
19 ↗(On Diff #77206)

this should be after line 24.
The behavior will be the same.

This revision was automatically updated to reflect the committed changes.