This is an archive of the discontinued LLVM Phabricator instance.

Differential D29440

[compiler-rt] Fix incorrect use of snprintf
ClosedPublic

Authored by vitalybuka on Feb 2 2017, 1:09 AM.

Details

Reviewers
eugenis
Commits
rG89d054fc6461: [compiler-rt] Fix incorrect use of snprintf
rCRT293930: [compiler-rt] Fix incorrect use of snprintf
rL293930: [compiler-rt] Fix incorrect use of snprintf
Summary

snprintf returns buffer size needed for printing. If buffer was small, calling
code receives incorrectly symbolized buffer and fail.

Diff Detail

Repository
rL LLVM

Event Timeline

vitalybuka created this revision.Feb 2 2017, 1:09 AM
Herald added subscribers: dberris, kubamracek. · View Herald TranscriptFeb 2 2017, 1:09 AM
vitalybuka updated this revision to Diff 86778.Feb 2 2017, 1:12 AM

Additional warning

eugenis added inline comments.Feb 2 2017, 11:54 AM
lib/sanitizer_common/sanitizer_symbolizer_libcdep.cc
361 ↗(On Diff #86778)

I think it should be >=.

Writes at most "length" symbols to "buffer" (including trailing '\0').
 Returns the number of symbols that should have been written to buffer
(not including trailing '\0'). Thus, the string is truncated
 iff return value is not less than "length".

lib/sanitizer_common/symbolizer/sanitizer_symbolize.cc
45 ↗(On Diff #86778)

I think it should be <.

vitalybuka updated this revision to Diff 86869.Feb 2 2017, 12:08 PM

snprintf returned value does not include termination 0

Harbormaster completed remote builds in B3571: Diff 86869.Feb 2 2017, 12:08 PM
vitalybuka marked 2 inline comments as done.Feb 2 2017, 12:08 PM
eugenis accepted this revision.Feb 2 2017, 12:16 PM
eugenis added inline comments.
test/sanitizer_common/TestCases/symbolize_stack.cc
1 ↗(On Diff #86869)

add a comment that you are testing symbolization of very long function names

This revision is now accepted and ready to land.Feb 2 2017, 12:16 PM
vitalybuka marked an inline comment as done.Feb 2 2017, 12:20 PM
vitalybuka updated this revision to Diff 86871.Feb 2 2017, 12:20 PM

comment

Closed by commit rL293930: [compiler-rt] Fix incorrect use of snprintf (authored by vitalybuka). · Explain WhyFeb 2 2017, 12:21 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
sanitizer_common/
21 lines
1 line
symbolizer/
14 lines
test/
sanitizer_common/
TestCases/
28 lines

Diff 86872

compiler-rt/trunk/lib/sanitizer_common/sanitizer_symbolizer_libcdep.cc

Show First 20 LinesShow All 350 Lines▼ Show 20 Lines
const char *LLVMSymbolizer::FormatAndSendCommand(bool is_data, const char *LLVMSymbolizer::FormatAndSendCommand(bool is_data,
const char *module_name, const char *module_name,
uptr module_offset, uptr module_offset,
ModuleArch arch) { ModuleArch arch) {
CHECK(module_name); CHECK(module_name);
const char *is_data_str = is_data ? "DATA " : ""; const char *is_data_str = is_data ? "DATA " : "";
if (arch == kModuleArchUnknown) { if (arch == kModuleArchUnknown) {
internal_snprintf(buffer_, kBufferSize, "%s\"%s\" 0x%zx\n", is_data_str, if (internal_snprintf(buffer_, kBufferSize, "%s\"%s\" 0x%zx\n", is_data_str,
module_name, module_offset); module_name,
module_offset) >= static_cast<int>(kBufferSize)) {
Report("WARNING: Command buffer too small");
return nullptr;
}
} else { } else {
internal_snprintf(buffer_, kBufferSize, "%s\"%s:%s\" 0x%zx\n", is_data_str, if (internal_snprintf(buffer_, kBufferSize, "%s\"%s:%s\" 0x%zx\n",
module_name, ModuleArchToString(arch), module_offset); is_data_str, module_name, ModuleArchToString(arch),
module_offset) >= static_cast<int>(kBufferSize)) {
Report("WARNING: Command buffer too small");
return nullptr;
}
} }
return symbolizer_process_->SendCommand(buffer_); return symbolizer_process_->SendCommand(buffer_);
} }
SymbolizerProcess::SymbolizerProcess(const char *path, bool use_forkpty) SymbolizerProcess::SymbolizerProcess(const char *path, bool use_forkpty)
: path_(path), : path_(path),
input_fd_(kInvalidFd), input_fd_(kInvalidFd),
output_fd_(kInvalidFd), output_fd_(kInvalidFd),
▲ Show 20 LinesShow All 49 Lines▼ Show 20 Lines while (true) {
// its stdout. // its stdout.
if (!success || just_read == 0) { if (!success || just_read == 0) {
Report("WARNING: Can't read from symbolizer at fd %d\n", input_fd_); Report("WARNING: Can't read from symbolizer at fd %d\n", input_fd_);
return false; return false;
} }
read_len += just_read; read_len += just_read;
if (ReachedEndOfOutput(buffer, read_len)) if (ReachedEndOfOutput(buffer, read_len))
break; break;
if (read_len + 1 == max_length) {
Report("WARNING: Symbolizer buffer too small");
read_len = 0;
break;
}
} }
buffer[read_len] = '\0'; buffer[read_len] = '\0';
return true; return true;
} }
bool SymbolizerProcess::WriteToSymbolizer(const char *buffer, uptr length) { bool SymbolizerProcess::WriteToSymbolizer(const char *buffer, uptr length) {
if (length == 0) if (length == 0)
return true; return true;
Show All 10 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc

Show First 20 LinesShow All 418 Lines▼ Show 20 Lines const char *Demangle(const char *name) override {
} }
return name; return name;
} }
private: private:
InternalSymbolizer() { } InternalSymbolizer() { }
static const int kBufferSize = 16 * 1024; static const int kBufferSize = 16 * 1024;
static const int kMaxDemangledNameSize = 1024;
char buffer_[kBufferSize]; char buffer_[kBufferSize];
}; };
#else // SANITIZER_SUPPORTS_WEAK_HOOKS #else // SANITIZER_SUPPORTS_WEAK_HOOKS
class InternalSymbolizer : public SymbolizerTool { class InternalSymbolizer : public SymbolizerTool {
public: public:
static InternalSymbolizer *get(LowLevelAllocator *alloc) { return 0; } static InternalSymbolizer *get(LowLevelAllocator *alloc) { return 0; }
}; };
▲ Show 20 LinesShow All 101 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/symbolizer/sanitizer_symbolize.cc

Show All 35 Linesbool __sanitizer_symbolize_code(const char *ModuleName, uint64_t ModuleOffset,
std::string Result; std::string Result;
{ {
llvm::raw_string_ostream OS(Result); llvm::raw_string_ostream OS(Result);
llvm::symbolize::DIPrinter Printer(OS); llvm::symbolize::DIPrinter Printer(OS);
auto ResOrErr = auto ResOrErr =
getDefaultSymbolizer()->symbolizeInlinedCode(ModuleName, ModuleOffset); getDefaultSymbolizer()->symbolizeInlinedCode(ModuleName, ModuleOffset);
Printer << (ResOrErr ? ResOrErr.get() : llvm::DIInliningInfo()); Printer << (ResOrErr ? ResOrErr.get() : llvm::DIInliningInfo());
} }
__sanitizer::internal_snprintf(Buffer, MaxLength, "%s", Result.c_str()); return __sanitizer::internal_snprintf(Buffer, MaxLength, "%s",
return true; Result.c_str()) < MaxLength;
} }
bool __sanitizer_symbolize_data(const char *ModuleName, uint64_t ModuleOffset, bool __sanitizer_symbolize_data(const char *ModuleName, uint64_t ModuleOffset,
char *Buffer, int MaxLength) { char *Buffer, int MaxLength) {
std::string Result; std::string Result;
{ {
llvm::raw_string_ostream OS(Result); llvm::raw_string_ostream OS(Result);
llvm::symbolize::DIPrinter Printer(OS); llvm::symbolize::DIPrinter Printer(OS);
auto ResOrErr = auto ResOrErr =
getDefaultSymbolizer()->symbolizeData(ModuleName, ModuleOffset); getDefaultSymbolizer()->symbolizeData(ModuleName, ModuleOffset);
Printer << (ResOrErr ? ResOrErr.get() : llvm::DIGlobal()); Printer << (ResOrErr ? ResOrErr.get() : llvm::DIGlobal());
} }
__sanitizer::internal_snprintf(Buffer, MaxLength, "%s", Result.c_str()); return __sanitizer::internal_snprintf(Buffer, MaxLength, "%s",
return true; Result.c_str()) < MaxLength;
} }
void __sanitizer_symbolize_flush() { getDefaultSymbolizer()->flush(); } void __sanitizer_symbolize_flush() { getDefaultSymbolizer()->flush(); }
int __sanitizer_symbolize_demangle(const char *Name, char *Buffer, int __sanitizer_symbolize_demangle(const char *Name, char *Buffer,
int MaxLength) { int MaxLength) {
std::string Result = std::string Result =
llvm::symbolize::LLVMSymbolizer::DemangleName(Name, nullptr); llvm::symbolize::LLVMSymbolizer::DemangleName(Name, nullptr);
__sanitizer::internal_snprintf(Buffer, MaxLength, "%s", Result.c_str()); return __sanitizer::internal_snprintf(Buffer, MaxLength, "%s",
return static_cast<int>(Result.size() + 1); Result.c_str()) < MaxLength
? static_cast<int>(Result.size() + 1)
: 0;
} }
} // extern "C" } // extern "C"

compiler-rt/trunk/test/sanitizer_common/TestCases/symbolize_stack.cc

// RUN: %clangxx -O0 %s -o %t && %run %t 2>&1 | FileCheck %s
// Test that symbolizer does not crash on frame with large function name.
#include <sanitizer/common_interface_defs.h>
#include <vector>
template <int N> struct A {
template <class T> void RecursiveTemplateFunction(const T &t);
};
template <int N>
template <class T>
__attribute__((noinline)) void A<N>::RecursiveTemplateFunction(const T &) {
std::vector<T> t;
return A<N - 1>().RecursiveTemplateFunction(t);
}
template <>
template <class T>
__attribute__((noinline)) void A<0>::RecursiveTemplateFunction(const T &) {
__sanitizer_print_stack_trace();
}
int main() {
// CHECK: {{vector<.*vector<.*vector<.*vector<.*vector<}}
A<10>().RecursiveTemplateFunction(0);
}