This is an archive of the discontinued LLVM Phabricator instance.

Differential D31457

[asan] Add strndup/__strndup interceptors if targeting linux.
ClosedPublic

Authored by pgousseau on Mar 29 2017, 3:57 AM.

Details

Reviewers
kcc
vitalybuka
filcab
eugenis
rnk
dvyukov
Commits
rG183d1368f311: [asan] Add strndup/__strndup interceptors.
rG0550581070ab: [asan] Recommit of r301904: Add strndup/__strndup interceptors
rGb7101479a899: [asan] Add strndup/__strndup interceptors if targeting linux.
rCRT304399: [asan] Add strndup/__strndup interceptors.
rCRT302781: [asan] Recommit of r301904: Add strndup/__strndup interceptors
rCRT301904: [asan] Add strndup/__strndup interceptors if targeting linux.
rL304399: [asan] Add strndup/__strndup interceptors.
rL302781: [asan] Recommit of r301904: Add strndup/__strndup interceptors
rL301904: [asan] Add strndup/__strndup interceptors if targeting linux.
Summary

This change adds the interceptors for strndup and strndup on linux as strndup get generated as strndup at -O3.

Diff Detail

Repository
rL LLVM

Event Timeline

pgousseau created this revision.Mar 29 2017, 3:57 AM
Herald added subscribers: kubamracek, srhines. · View Herald TranscriptMar 29 2017, 3:57 AM
pgousseau updated this revision to Diff 93354.Mar 29 2017, 4:08 AM

Fix bad copy paste in lit test.

kcc added inline comments.Mar 29 2017, 4:53 PM
lib/asan/asan_interceptors.cc
574 ↗(On Diff #93354)

this needs to go to lib/sanitizer_common/sanitizer_common_interceptors.inc and removed from lib/msan/msan_interceptors.cc

filcab added inline comments.Mar 30 2017, 5:46 AM
lib/asan/asan_interceptors.h
77 ↗(On Diff #93354)

This one (the plain strdup) should be intercepted in all SANITIZER_POSIX platforms. And it seems Android might have it: https://android.googlesource.com/platform/bionic/+/donut-release/libc/string/strndup.c
https://android.googlesource.com/platform/bionic/+/android-7.1.1_r28/libc/include/string.h

pgousseau updated this revision to Diff 93675.Mar 31 2017, 9:52 AM

Thank you Kostya and Filipe for the comments, I have made the following changes:

  • Moved proposed interceptors into sanitizer_common_interceptors.inc
  • Moved existing strndup msan interceptor into sanitizer_common_interceptors.inc
  • Added common function COMMON_INTERCEPTOR_STRNDUP_IMPL
  • Added intercept_strndup flag true by default
  • Enabled strndup interceptor on POSIX
pgousseau added a comment.Apr 7 2017, 8:48 AM

Ping!

kcc added a reviewer: vitalybuka.Apr 11 2017, 10:26 AM
filcab added inline comments.Apr 11 2017, 10:40 AM
lib/sanitizer_common/sanitizer_common_interceptors.inc
330 ↗(On Diff #93675)

Should the context be __strndup?
It's probably ok as it is if the __strndup function is not supposed to be user-visible.

lib/sanitizer_common/tests/sanitizer_test_utils.h
127 ↗(On Diff #93675)

We should also enter here if defined(__APPLE__) and if defined(__FreeBSD__), I think.
Can't think of more OS we support that should be here.

I'm not sure we should be taking Android out of the picture, as it seems strndup is available, AFAICT. @kcc/@vitalybuka (or others who might be working on Android) can you confirm if we should expect strndup to be available?

test/asan/TestCases/strndup_oob_test.cc
9 ↗(On Diff #93675)

I don't think this should require Linux. It should have Windows as unsupported, but should work on all (?) POSIX.
Maybe just put it in TestCases/Posix?

eugenis added inline comments.Apr 11 2017, 1:51 PM
lib/msan/msan_interceptors.cc
1339 ↗(On Diff #93675)

I don't like that the code tries to combine two very different implementations in one "common" interceptor - one that calls REAL(strlen) and one that uses malloc directly.

Common interceptor should implement the logic of strndup, and call individual sanitizers only to update their specific state - READ_RANGE at the start, and something like COPY_RANGE after.

I think the common implementation should use malloc directly.

lib/sanitizer_common/sanitizer_common_interceptors.inc
315 ↗(On Diff #93675)

this should use strnlen, like the msan interceptor it is replacing

lib/sanitizer_common/tests/sanitizer_test_utils.h
127 ↗(On Diff #93675)

Yes, strndup is available on Android.

pgousseau added a comment.Apr 12 2017, 10:46 AM

Thanks Filipe/Eugenis for the comments, one question I have is, since my change modifies the behaviour of msan strndup interceptor (cf. added msan/strndup.cc test), should I keep the msan change as part of this patch or do you prefer a separate review?

lib/msan/msan_interceptors.cc
1339 ↗(On Diff #93675)

Makes sense. Will update patch.

lib/sanitizer_common/sanitizer_common_interceptors.inc
315 ↗(On Diff #93675)

Makes sense thanks.

330 ↗(On Diff #93675)

Yes I think strndup is preferred because this is also the case with strdup/strndup in asan_interceptors.cc

lib/sanitizer_common/tests/sanitizer_test_utils.h
127 ↗(On Diff #93675)

Sounds good will do.

test/asan/TestCases/strndup_oob_test.cc
9 ↗(On Diff #93675)

Makes sense thanks!

eugenis edited edge metadata.Apr 12 2017, 11:46 AM

Keep it as one change.

pgousseau updated this revision to Diff 96921.Apr 27 2017, 8:04 AM

Hi Eugenis/Filipe,

I have implemented the requested changes:

  • Enabling strndup interceptor on all posix platforms including android
  • Unsupport test on win32
  • Implemented common logic of strndup in common interceptor and added COMMON_INTERCEPTOR_COPY_STRING

Let me know what you think!

Thanks,

Pierre

pgousseau marked 9 inline comments as done.Apr 27 2017, 8:06 AM
eugenis added a reviewer: dvyukov.Apr 27 2017, 2:38 PM
eugenis added inline comments.
lib/sanitizer_common/sanitizer_common_interceptors.inc
314 ↗(On Diff #96921)

MSan needs COPY_STRING for correctness. Without out, the destination buffer would be left uninitialized (poisoned). It needs to happen regardless of intercept_strndup.

Please add a test for this.

329 ↗(On Diff #96921)

Please avoid code duplication. Move the interceptor body to COMMON_INTERCEPTOR_STRNDUP_IMPL

333 ↗(On Diff #96921)

Hmm I have a vague recollection of tsan having problems with interceptors calling other interceptors. On the other hand, tsan interceptor for strdup calls REAL(strdup), which ends up in the malloc interceptor. Dmitry?

339 ↗(On Diff #96921)

internal_memcpy

pgousseau updated this revision to Diff 97107.Apr 28 2017, 8:32 AM

Thanks Eugeny for the comments,

I have made the requested changes:

  • call COPY_STRING regardless of intercept_strndup
  • modified msan test to check poisoning is preserved
  • Moved common implementation into COMMON_INTERCEPTOR_STRNDUP_IMPL
  • Use internal_memcpy
eugenis accepted this revision.May 1 2017, 2:23 PM

LGTM

lib/sanitizer_common/tests/sanitizer_test_utils.h
127 ↗(On Diff #93675)

maybe simply #if !defined(_MSC_VER)

This revision is now accepted and ready to land.May 1 2017, 2:23 PM
Closed by commit rL301904: [asan] Add strndup/__strndup interceptors if targeting linux. (authored by pgousseau). · Explain WhyMay 2 2017, 2:14 AM
This revision was automatically updated to reflect the committed changes.
pgousseau marked 2 inline comments as done.
pgousseau reopened this revision.May 2 2017, 6:30 AM

Reverted the change in rL301909.
The change seems to cause 2 build failures.
Undeclared __interceptor_malloc in esan_interceptors.cc.
Undeclared strnlen on OSX buildbots.

This revision is now accepted and ready to land.May 2 2017, 6:30 AM
pgousseau updated this revision to Diff 97439.May 2 2017, 6:32 AM

Attempt to fix build failures:

  • add declaration of __interceptor_malloc in esan_interceptors.cc
  • replace REAL(strnlen) by internal_strnlen
pgousseau added a comment.May 10 2017, 8:57 AM

Ping! Is it ok to recommit?

eugenis added a comment.May 10 2017, 10:54 AM

Looks good.

Closed by commit rL302781: [asan] Recommit of r301904: Add strndup/__strndup interceptors (authored by pgousseau). · Explain WhyMay 11 2017, 2:06 AM
This revision was automatically updated to reflect the committed changes.
pgousseau added a comment.May 11 2017, 4:37 AM

One of the test I have added (strndup_oob_test.cc) is failing on the s390 linux bot (cf http://lab.llvm.org:8011/builders/clang-s390x-linux/builds/8096) .
I have marked the test as unsupported on s390 for now in rL302789 if that's ok?

pgousseau added a comment.May 11 2017, 9:43 AM

strndup_oob_test.cc also fails on armv7l-unknown-linux-gnueabihf (cf http://lab.llvm.org:8011/builders/clang-cmake-thumbv7-a15-full-sh/builds/1521).
I have marked it as unsupported in rL302807 as this is a known issue.

vitalybuka added inline comments.May 17 2017, 6:07 PM
compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
230

Min() is redundant here, as (internal_strnlen(s, size) <= size)

233

must be "COMMON_INTERCEPTOR_READ_RANGE(ctx, s, Min(copy_length + 1, size)); "

(copy_length + 1) is a problem if "s" is not zero terminated

vitalybuka added inline comments.May 17 2017, 6:11 PM
compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
233

I am going to extend test and create a patch for this.

pgousseau added inline comments.May 18 2017, 2:37 AM
compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
233

Makes sense yes thanks! Now that this has been reverted in rL303324, do you still plan on making a patch for it?

pgousseau reopened this revision.May 18 2017, 8:07 AM

Reopening after issue was found and reverted in rL303339

This revision is now accepted and ready to land.May 18 2017, 8:07 AM
pgousseau updated this revision to Diff 99440.May 18 2017, 8:27 AM
  • Fix off by one issue using Vitaly's fix.
  • Expanded msan and asan unit tests to check for the correct handling of non zero terminated strings.
vitalybuka added inline comments.May 18 2017, 12:58 PM
lib/sanitizer_common/sanitizer_common_interceptors.inc
232 ↗(On Diff #99440)

probably should be COMMON_INTERCEPTOR_READ_STRING(ctx, s, Min(size, copy_length + 1));

pgousseau updated this revision to Diff 99530.May 19 2017, 2:05 AM

Invert arguments positions in Min call.

lib/sanitizer_common/sanitizer_common_interceptors.inc
232 ↗(On Diff #99440)

Sounds good, I have updated the patch.

pgousseau added a comment.May 30 2017, 8:57 AM

Ping! Latest comment has been addressed, ok to commit?

eugenis added a comment.May 30 2017, 11:45 AM
In D31457#759229, @pgousseau wrote:

Invert arguments positions in Min call.

I don't think the order of the arguments matters here. Vitaly's comment was about READ_STRING vs READ_RANGE.

pgousseau updated this revision to Diff 100836.May 31 2017, 1:49 AM

Replaced READ_RANGE by READ_STRING

pgousseau added a comment.May 31 2017, 1:52 AM
In D31457#767980, @eugenis wrote:
In D31457#759229, @pgousseau wrote:

Invert arguments positions in Min call.

I don't think the order of the arguments matters here. Vitaly's comment was about READ_STRING vs READ_RANGE.

Yes that makes more sense thanks, patch updated!

vitalybuka requested changes to this revision.May 31 2017, 10:55 AM

Looking.

This revision now requires changes to proceed.May 31 2017, 10:55 AM
vitalybuka accepted this revision.May 31 2017, 11:13 AM

LGTM

test/asan/TestCases/Posix/strndup_oob_test.cc
27 ↗(On Diff #100836)

Maybe another simple test

// RUN: %clang_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: %clang_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: %clang_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: %clang_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s

// When built as C on Linux, strndup is transformed to __strndup.
// RUN: %clang_asan -O3 -xc %s -o %t && not %run %t 2>&1 | FileCheck %s

// Unwind problem on arm: "main" is missing from the allocation stack trace.
// UNSUPPORTED: win32,s390,armv7l-unknown-linux-gnueabihf

#include <string.h>

char kChars[] = {'f', 'o', 'o'};

int main(int argc, char **argv) {
  char *copy = strndup(kChars, 3);
  copy = strndup(kChars, 10);
  // CHECK: AddressSanitizer: global-buffer-overflow
  // CHECK: {{.*}}main {{.*}}.cc:[[@LINE-2]]
  return *copy;
}
This revision is now accepted and ready to land.May 31 2017, 11:13 AM
Closed by commit rL304399: [asan] Add strndup/__strndup interceptors. (authored by pgousseau). · Explain WhyJun 1 2017, 2:37 AM
This revision was automatically updated to reflect the committed changes.
pgousseau added a comment.Jun 1 2017, 2:47 AM
In D31457#769039, @vitalybuka wrote:

LGTM

Thanks, patch committed with the extra test.

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
asan/
4 lines
tests/
21 lines
msan/
36 lines
tests/
6 lines
sanitizer_common/
43 lines
3 lines
14 lines
tests/
6 lines
test/
asan/
TestCases/
Posix/
26 lines
msan/
28 lines

Diff 97409

compiler-rt/trunk/lib/asan/asan_flags.cc

Show First 20 LinesShow All 188 Lines▼ Show 20 Lines#endif
if (!f->replace_str && common_flags()->intercept_strlen) { if (!f->replace_str && common_flags()->intercept_strlen) {
Report("WARNING: strlen interceptor is enabled even though replace_str=0. " Report("WARNING: strlen interceptor is enabled even though replace_str=0. "
"Use intercept_strlen=0 to disable it."); "Use intercept_strlen=0 to disable it.");
} }
if (!f->replace_str && common_flags()->intercept_strchr) { if (!f->replace_str && common_flags()->intercept_strchr) {
Report("WARNING: strchr* interceptors are enabled even though " Report("WARNING: strchr* interceptors are enabled even though "
"replace_str=0. Use intercept_strchr=0 to disable them."); "replace_str=0. Use intercept_strchr=0 to disable them.");
} }
if (!f->replace_str && common_flags()->intercept_strndup) {
Report("WARNING: strndup* interceptors are enabled even though "
"replace_str=0. Use intercept_strndup=0 to disable them.");
}
} }
} // namespace __asan } // namespace __asan
SANITIZER_INTERFACE_WEAK_DEF(const char*, __asan_default_options, void) { SANITIZER_INTERFACE_WEAK_DEF(const char*, __asan_default_options, void) {
return ""; return "";
} }

compiler-rt/trunk/lib/asan/tests/asan_str_test.cc

Show First 20 LinesShow All 148 Lines▼ Show 20 LinesTEST(AddressSanitizer, MAYBE_StrDupOOBTest) {
EXPECT_DEATH(Ident(strdup(str - 1)), LeftOOBReadMessage(1)); EXPECT_DEATH(Ident(strdup(str - 1)), LeftOOBReadMessage(1));
EXPECT_DEATH(Ident(strdup(str + size)), RightOOBReadMessage(0)); EXPECT_DEATH(Ident(strdup(str + size)), RightOOBReadMessage(0));
// Overwrite the terminating '\0' and hit unallocated memory. // Overwrite the terminating '\0' and hit unallocated memory.
str[size - 1] = 'z'; str[size - 1] = 'z';
EXPECT_DEATH(Ident(strdup(str)), RightOOBReadMessage(0)); EXPECT_DEATH(Ident(strdup(str)), RightOOBReadMessage(0));
free(str); free(str);
} }
#if SANITIZER_TEST_HAS_STRNDUP
TEST(AddressSanitizer, MAYBE_StrNDupOOBTest) {
size_t size = Ident(42);
char *str = MallocAndMemsetString(size);
char *new_str;
// Normal strndup calls.
str[size - 1] = '\0';
new_str = strndup(str, size - 13);
free(new_str);
new_str = strndup(str + size - 1, 13);
free(new_str);
// Argument points to not allocated memory.
EXPECT_DEATH(Ident(strndup(str - 1, 13)), LeftOOBReadMessage(1));
EXPECT_DEATH(Ident(strndup(str + size, 13)), RightOOBReadMessage(0));
// Overwrite the terminating '\0' and hit unallocated memory.
str[size - 1] = 'z';
EXPECT_DEATH(Ident(strndup(str, size + 13)), RightOOBReadMessage(0));
free(str);
}
#endif // SANITIZER_TEST_HAS_STRNDUP
TEST(AddressSanitizer, StrCpyOOBTest) { TEST(AddressSanitizer, StrCpyOOBTest) {
size_t to_size = Ident(30); size_t to_size = Ident(30);
size_t from_size = Ident(6); // less than to_size size_t from_size = Ident(6); // less than to_size
char *to = Ident((char*)malloc(to_size)); char *to = Ident((char*)malloc(to_size));
char *from = Ident((char*)malloc(from_size)); char *from = Ident((char*)malloc(from_size));
// Normal strcpy calls. // Normal strcpy calls.
strcpy(from, "hello"); strcpy(from, "hello");
strcpy(to, from); strcpy(to, from);
▲ Show 20 LinesShow All 442 LinesShow Last 20 Lines

compiler-rt/trunk/lib/msan/msan_interceptors.cc

Show First 20 LinesShow All 335 Lines▼ Show 20 LinesINTERCEPTOR(char *, __strdup, char *src) {
CopyShadowAndOrigin(res, src, n + 1, &stack); CopyShadowAndOrigin(res, src, n + 1, &stack);
return res; return res;
} }
#define MSAN_MAYBE_INTERCEPT___STRDUP INTERCEPT_FUNCTION(__strdup) #define MSAN_MAYBE_INTERCEPT___STRDUP INTERCEPT_FUNCTION(__strdup)
#else #else
#define MSAN_MAYBE_INTERCEPT___STRDUP #define MSAN_MAYBE_INTERCEPT___STRDUP
#endif #endif
INTERCEPTOR(char *, strndup, char *src, SIZE_T n) {
ENSURE_MSAN_INITED();
GET_STORE_STACK_TRACE;
// On FreeBSD strndup() leverages strnlen().
InterceptorScope interceptor_scope;
SIZE_T copy_size = REAL(strnlen)(src, n);
char *res = REAL(strndup)(src, n);
CopyShadowAndOrigin(res, src, copy_size, &stack);
__msan_unpoison(res + copy_size, 1); // \0
return res;
}
#if !SANITIZER_FREEBSD
INTERCEPTOR(char *, __strndup, char *src, SIZE_T n) {
ENSURE_MSAN_INITED();
GET_STORE_STACK_TRACE;
SIZE_T copy_size = REAL(strnlen)(src, n);
char *res = REAL(__strndup)(src, n);
CopyShadowAndOrigin(res, src, copy_size, &stack);
__msan_unpoison(res + copy_size, 1); // \0
return res;
}
#define MSAN_MAYBE_INTERCEPT___STRNDUP INTERCEPT_FUNCTION(__strndup)
#else
#define MSAN_MAYBE_INTERCEPT___STRNDUP
#endif
INTERCEPTOR(char *, gcvt, double number, SIZE_T ndigit, char *buf) { INTERCEPTOR(char *, gcvt, double number, SIZE_T ndigit, char *buf) {
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
char *res = REAL(gcvt)(number, ndigit, buf); char *res = REAL(gcvt)(number, ndigit, buf);
SIZE_T n = REAL(strlen)(buf); SIZE_T n = REAL(strlen)(buf);
__msan_unpoison(buf, n + 1); __msan_unpoison(buf, n + 1);
return res; return res;
} }
▲ Show 20 LinesShow All 987 Lines▼ Show 20 Lines#define COMMON_INTERCEPTOR_MEMMOVE_IMPL(ctx, to, from, size) \
return __msan_memmove(to, from, size); \ return __msan_memmove(to, from, size); \
} }
#define COMMON_INTERCEPTOR_MEMCPY_IMPL(ctx, to, from, size) \ #define COMMON_INTERCEPTOR_MEMCPY_IMPL(ctx, to, from, size) \
{ \ { \
(void)ctx; \ (void)ctx; \
return __msan_memcpy(to, from, size); \ return __msan_memcpy(to, from, size); \
} }
#define COMMON_INTERCEPTOR_COPY_STRING(ctx, to, from, size) \
do { \
GET_STORE_STACK_TRACE; \
CopyShadowAndOrigin(to, from, size, &stack); \
__msan_unpoison(to + size, 1); \
} while (false)
#include "sanitizer_common/sanitizer_platform_interceptors.h" #include "sanitizer_common/sanitizer_platform_interceptors.h"
#include "sanitizer_common/sanitizer_common_interceptors.inc" #include "sanitizer_common/sanitizer_common_interceptors.inc"
#define COMMON_SYSCALL_PRE_READ_RANGE(p, s) CHECK_UNPOISONED(p, s) #define COMMON_SYSCALL_PRE_READ_RANGE(p, s) CHECK_UNPOISONED(p, s)
#define COMMON_SYSCALL_PRE_WRITE_RANGE(p, s) \ #define COMMON_SYSCALL_PRE_WRITE_RANGE(p, s) \
do { \ do { \
} while (false) } while (false)
#define COMMON_SYSCALL_POST_READ_RANGE(p, s) \ #define COMMON_SYSCALL_POST_READ_RANGE(p, s) \
▲ Show 20 LinesShow All 151 Lines▼ Show 20 Linesvoid InitializeInterceptors() {
INTERCEPT_FUNCTION(wmemset); INTERCEPT_FUNCTION(wmemset);
INTERCEPT_FUNCTION(wmemcpy); INTERCEPT_FUNCTION(wmemcpy);
INTERCEPT_FUNCTION(wmempcpy); INTERCEPT_FUNCTION(wmempcpy);
INTERCEPT_FUNCTION(wmemmove); INTERCEPT_FUNCTION(wmemmove);
INTERCEPT_FUNCTION(strcpy); // NOLINT INTERCEPT_FUNCTION(strcpy); // NOLINT
INTERCEPT_FUNCTION(stpcpy); // NOLINT INTERCEPT_FUNCTION(stpcpy); // NOLINT
INTERCEPT_FUNCTION(strdup); INTERCEPT_FUNCTION(strdup);
MSAN_MAYBE_INTERCEPT___STRDUP; MSAN_MAYBE_INTERCEPT___STRDUP;
INTERCEPT_FUNCTION(strndup);
MSAN_MAYBE_INTERCEPT___STRNDUP;
INTERCEPT_FUNCTION(strncpy); // NOLINT INTERCEPT_FUNCTION(strncpy); // NOLINT
INTERCEPT_FUNCTION(gcvt); INTERCEPT_FUNCTION(gcvt);
INTERCEPT_FUNCTION(strcat); // NOLINT INTERCEPT_FUNCTION(strcat); // NOLINT
INTERCEPT_FUNCTION(strncat); // NOLINT INTERCEPT_FUNCTION(strncat); // NOLINT
INTERCEPT_STRTO(strtod); INTERCEPT_STRTO(strtod);
INTERCEPT_STRTO(strtof); INTERCEPT_STRTO(strtof);
INTERCEPT_STRTO(strtold); INTERCEPT_STRTO(strtold);
INTERCEPT_STRTO(strtol); INTERCEPT_STRTO(strtol);
▲ Show 20 LinesShow All 78 LinesShow Last 20 Lines

compiler-rt/trunk/lib/msan/tests/msan_test.cc

Show First 20 LinesShow All 1,575 Lines▼ Show 20 LinesTEST(MemorySanitizer, strdup) {
EXPECT_POISONED(x[2]); EXPECT_POISONED(x[2]);
EXPECT_NOT_POISONED(x[3]); EXPECT_NOT_POISONED(x[3]);
free(x); free(x);
} }
TEST(MemorySanitizer, strndup) { TEST(MemorySanitizer, strndup) {
char buf[4] = "abc"; char buf[4] = "abc";
__msan_poison(buf + 2, sizeof(*buf)); __msan_poison(buf + 2, sizeof(*buf));
char *x = strndup(buf, 3); char *x;
EXPECT_UMR(x = strndup(buf, 3));
EXPECT_NOT_POISONED(x[0]); EXPECT_NOT_POISONED(x[0]);
EXPECT_NOT_POISONED(x[1]); EXPECT_NOT_POISONED(x[1]);
EXPECT_POISONED(x[2]); EXPECT_POISONED(x[2]);
EXPECT_NOT_POISONED(x[3]); EXPECT_NOT_POISONED(x[3]);
free(x); free(x);
} }
TEST(MemorySanitizer, strndup_short) { TEST(MemorySanitizer, strndup_short) {
char buf[4] = "abc"; char buf[4] = "abc";
__msan_poison(buf + 1, sizeof(*buf)); __msan_poison(buf + 1, sizeof(*buf));
__msan_poison(buf + 2, sizeof(*buf)); __msan_poison(buf + 2, sizeof(*buf));
char *x = strndup(buf, 2); char *x;
EXPECT_UMR(x = strndup(buf, 2));
EXPECT_NOT_POISONED(x[0]); EXPECT_NOT_POISONED(x[0]);
EXPECT_POISONED(x[1]); EXPECT_POISONED(x[1]);
EXPECT_NOT_POISONED(x[2]); EXPECT_NOT_POISONED(x[2]);
free(x); free(x);
} }
template<class T, int size> template<class T, int size>
▲ Show 20 LinesShow All 2,907 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc

Show All 28 Lines
// COMMON_INTERCEPTOR_MUTEX_UNLOCK // COMMON_INTERCEPTOR_MUTEX_UNLOCK
// COMMON_INTERCEPTOR_MUTEX_REPAIR // COMMON_INTERCEPTOR_MUTEX_REPAIR
// COMMON_INTERCEPTOR_SET_PTHREAD_NAME // COMMON_INTERCEPTOR_SET_PTHREAD_NAME
// COMMON_INTERCEPTOR_HANDLE_RECVMSG // COMMON_INTERCEPTOR_HANDLE_RECVMSG
// COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED // COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED
// COMMON_INTERCEPTOR_MEMSET_IMPL // COMMON_INTERCEPTOR_MEMSET_IMPL
// COMMON_INTERCEPTOR_MEMMOVE_IMPL // COMMON_INTERCEPTOR_MEMMOVE_IMPL
// COMMON_INTERCEPTOR_MEMCPY_IMPL // COMMON_INTERCEPTOR_MEMCPY_IMPL
// COMMON_INTERCEPTOR_COPY_STRING
// COMMON_INTERCEPTOR_STRNDUP_IMPL
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "interception/interception.h" #include "interception/interception.h"
#include "sanitizer_addrhashmap.h" #include "sanitizer_addrhashmap.h"
#include "sanitizer_placement_new.h" #include "sanitizer_placement_new.h"
#include "sanitizer_platform_interceptors.h" #include "sanitizer_platform_interceptors.h"
#include "sanitizer_tls_get_addr.h" #include "sanitizer_tls_get_addr.h"
▲ Show 20 LinesShow All 167 Lines▼ Show 20 Lines#define COMMON_INTERCEPTOR_MEMCPY_IMPL(ctx, dst, src, size) \
if (common_flags()->intercept_intrin) { \ if (common_flags()->intercept_intrin) { \
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, dst, size); \ COMMON_INTERCEPTOR_WRITE_RANGE(ctx, dst, size); \
COMMON_INTERCEPTOR_READ_RANGE(ctx, src, size); \ COMMON_INTERCEPTOR_READ_RANGE(ctx, src, size); \
} \ } \
return REAL(memcpy)(dst, src, size); \ return REAL(memcpy)(dst, src, size); \
} }
#endif #endif
#ifndef COMMON_INTERCEPTOR_COPY_STRING
#define COMMON_INTERCEPTOR_COPY_STRING(ctx, to, from, size) {}
#endif
#ifndef COMMON_INTERCEPTOR_STRNDUP_IMPL
#define COMMON_INTERCEPTOR_STRNDUP_IMPL(ctx, s, size) \
COMMON_INTERCEPTOR_ENTER(ctx, strndup, s, size); \
uptr from_length = REAL(strnlen)(s, size); \
uptr copy_length = Min(size, from_length); \
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

Min() is redundant here, as (internal_strnlen(s, size) <= size)

vitalybuka: Min() is redundant here, as (internal_strnlen(s, size) <= size)
char *new_mem = (char *)WRAP(malloc)(copy_length + 1); \
if (common_flags()->intercept_strndup) { \
COMMON_INTERCEPTOR_READ_RANGE(ctx, s, copy_length + 1); \
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

must be "COMMON_INTERCEPTOR_READ_RANGE(ctx, s, Min(copy_length + 1, size)); "

(copy_length + 1) is a problem if "s" is not zero terminated

vitalybuka: must be "COMMON_INTERCEPTOR_READ_RANGE(ctx, s, Min(copy_length + 1, size)); " (copy_length +…
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

I am going to extend test and create a patch for this.

vitalybuka: I am going to extend test and create a patch for this.
pgousseauAuthorUnsubmitted
Not Done
ReplyInline Actions

Makes sense yes thanks! Now that this has been reverted in rL303324, do you still plan on making a patch for it?

pgousseau: Makes sense yes thanks! Now that this has been reverted in rL303324, do you still plan on…
} \
COMMON_INTERCEPTOR_COPY_STRING(ctx, new_mem, s, copy_length); \
internal_memcpy(new_mem, s, copy_length); \
new_mem[copy_length] = '\0'; \
return new_mem;
#endif
struct FileMetadata { struct FileMetadata {
// For open_memstream(). // For open_memstream().
char **addr; char **addr;
SIZE_T *size; SIZE_T *size;
}; };
struct CommonInterceptorMetadata { struct CommonInterceptorMetadata {
enum { enum {
▲ Show 20 LinesShow All 67 Lines▼ Show 20 Lines if (common_flags()->intercept_strlen)
COMMON_INTERCEPTOR_READ_RANGE(ctx, s, Min(length + 1, maxlen)); COMMON_INTERCEPTOR_READ_RANGE(ctx, s, Min(length + 1, maxlen));
return length; return length;
} }
#define INIT_STRNLEN COMMON_INTERCEPT_FUNCTION(strnlen) #define INIT_STRNLEN COMMON_INTERCEPT_FUNCTION(strnlen)
#else #else
#define INIT_STRNLEN #define INIT_STRNLEN
#endif #endif
#if SANITIZER_INTERCEPT_STRNDUP
INTERCEPTOR(char*, strndup, const char *s, uptr size) {
void *ctx;
COMMON_INTERCEPTOR_STRNDUP_IMPL(ctx, s, size);
}
#define INIT_STRNDUP COMMON_INTERCEPT_FUNCTION(strndup)
#else
#define INIT_STRNDUP
#endif // SANITIZER_INTERCEPT_STRNDUP
#if SANITIZER_INTERCEPT___STRNDUP
INTERCEPTOR(char*, __strndup, const char *s, uptr size) {
void *ctx;
COMMON_INTERCEPTOR_STRNDUP_IMPL(ctx, s, size);
}
#define INIT___STRNDUP COMMON_INTERCEPT_FUNCTION(__strndup)
#else
#define INIT___STRNDUP
#endif // SANITIZER_INTERCEPT___STRNDUP
#if SANITIZER_INTERCEPT_TEXTDOMAIN #if SANITIZER_INTERCEPT_TEXTDOMAIN
INTERCEPTOR(char*, textdomain, const char *domainname) { INTERCEPTOR(char*, textdomain, const char *domainname) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, textdomain, domainname); COMMON_INTERCEPTOR_ENTER(ctx, textdomain, domainname);
if (domainname) COMMON_INTERCEPTOR_READ_STRING(ctx, domainname, 0); if (domainname) COMMON_INTERCEPTOR_READ_STRING(ctx, domainname, 0);
char *domain = REAL(textdomain)(domainname); char *domain = REAL(textdomain)(domainname);
if (domain) { if (domain) {
COMMON_INTERCEPTOR_INITIALIZE_RANGE(domain, REAL(strlen)(domain) + 1); COMMON_INTERCEPTOR_INITIALIZE_RANGE(domain, REAL(strlen)(domain) + 1);
▲ Show 20 LinesShow All 5,833 Lines▼ Show 20 Lines
static void InitializeCommonInterceptors() { static void InitializeCommonInterceptors() {
static u64 metadata_mem[sizeof(MetadataHashMap) / sizeof(u64) + 1]; static u64 metadata_mem[sizeof(MetadataHashMap) / sizeof(u64) + 1];
interceptor_metadata_map = new((void *)&metadata_mem) MetadataHashMap(); interceptor_metadata_map = new((void *)&metadata_mem) MetadataHashMap();
INIT_TEXTDOMAIN; INIT_TEXTDOMAIN;
INIT_STRLEN; INIT_STRLEN;
INIT_STRNLEN; INIT_STRNLEN;
INIT_STRNDUP;
INIT___STRNDUP;
INIT_STRCMP; INIT_STRCMP;
INIT_STRNCMP; INIT_STRNCMP;
INIT_STRCASECMP; INIT_STRCASECMP;
INIT_STRNCASECMP; INIT_STRNCASECMP;
INIT_STRSTR; INIT_STRSTR;
INIT_STRCASESTR; INIT_STRCASESTR;
INIT_STRCHR; INIT_STRCHR;
INIT_STRCHRNUL; INIT_STRCHRNUL;
▲ Show 20 LinesShow All 188 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_flags.inc

Show First 20 LinesShow All 189 Lines▼ Show 20 LinesCOMMON_FLAG(bool, intercept_strtok, true,
"If set, uses a custom wrapper for the strtok function " "If set, uses a custom wrapper for the strtok function "
"to find more errors.") "to find more errors.")
COMMON_FLAG(bool, intercept_strpbrk, true, COMMON_FLAG(bool, intercept_strpbrk, true,
"If set, uses custom wrappers for strpbrk function " "If set, uses custom wrappers for strpbrk function "
"to find more errors.") "to find more errors.")
COMMON_FLAG(bool, intercept_strlen, true, COMMON_FLAG(bool, intercept_strlen, true,
"If set, uses custom wrappers for strlen and strnlen functions " "If set, uses custom wrappers for strlen and strnlen functions "
"to find more errors.") "to find more errors.")
COMMON_FLAG(bool, intercept_strndup, true,
"If set, uses custom wrappers for strndup functions "
"to find more errors.")
COMMON_FLAG(bool, intercept_strchr, true, COMMON_FLAG(bool, intercept_strchr, true,
"If set, uses custom wrappers for strchr, strchrnul, and strrchr " "If set, uses custom wrappers for strchr, strchrnul, and strrchr "
"functions to find more errors.") "functions to find more errors.")
COMMON_FLAG(bool, intercept_memcmp, true, COMMON_FLAG(bool, intercept_memcmp, true,
"If set, uses custom wrappers for memcmp function " "If set, uses custom wrappers for memcmp function "
"to find more errors.") "to find more errors.")
COMMON_FLAG(bool, strict_memcmp, true, COMMON_FLAG(bool, strict_memcmp, true,
"If true, assume that memcmp(p1, p2, n) always reads n bytes before " "If true, assume that memcmp(p1, p2, n) always reads n bytes before "
Show All 28 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h

Show All 19 Lines
# define SI_WINDOWS 0 # define SI_WINDOWS 0
# define SI_NOT_WINDOWS 1 # define SI_NOT_WINDOWS 1
# include "sanitizer_platform_limits_posix.h" # include "sanitizer_platform_limits_posix.h"
#else #else
# define SI_WINDOWS 1 # define SI_WINDOWS 1
# define SI_NOT_WINDOWS 0 # define SI_NOT_WINDOWS 0
#endif #endif
#if SANITIZER_POSIX
# define SI_POSIX 1
#else
# define SI_POSIX 0
#endif
#if SANITIZER_LINUX && !SANITIZER_ANDROID #if SANITIZER_LINUX && !SANITIZER_ANDROID
# define SI_LINUX_NOT_ANDROID 1 # define SI_LINUX_NOT_ANDROID 1
#else #else
# define SI_LINUX_NOT_ANDROID 0 # define SI_LINUX_NOT_ANDROID 0
#endif #endif
#if SANITIZER_ANDROID #if SANITIZER_ANDROID
# define SI_ANDROID 1 # define SI_ANDROID 1
Show All 28 Lines
#endif #endif
#if !SANITIZER_WINDOWS && !SANITIZER_MAC #if !SANITIZER_WINDOWS && !SANITIZER_MAC
# define SI_UNIX_NOT_MAC 1 # define SI_UNIX_NOT_MAC 1
#else #else
# define SI_UNIX_NOT_MAC 0 # define SI_UNIX_NOT_MAC 0
#endif #endif
#if SANITIZER_LINUX && !SANITIZER_FREEBSD
# define SI_LINUX_NOT_FREEBSD 1
# else
# define SI_LINUX_NOT_FREEBSD 0
#endif
#define SANITIZER_INTERCEPT_STRLEN 1 #define SANITIZER_INTERCEPT_STRLEN 1
#define SANITIZER_INTERCEPT_STRNLEN SI_NOT_MAC #define SANITIZER_INTERCEPT_STRNLEN SI_NOT_MAC
#define SANITIZER_INTERCEPT_STRCMP 1 #define SANITIZER_INTERCEPT_STRCMP 1
#define SANITIZER_INTERCEPT_STRSTR 1 #define SANITIZER_INTERCEPT_STRSTR 1
#define SANITIZER_INTERCEPT_STRCASESTR SI_NOT_WINDOWS #define SANITIZER_INTERCEPT_STRCASESTR SI_NOT_WINDOWS
#define SANITIZER_INTERCEPT_STRTOK 1 #define SANITIZER_INTERCEPT_STRTOK 1
#define SANITIZER_INTERCEPT_STRCHR 1 #define SANITIZER_INTERCEPT_STRCHR 1
#define SANITIZER_INTERCEPT_STRCHRNUL SI_UNIX_NOT_MAC #define SANITIZER_INTERCEPT_STRCHRNUL SI_UNIX_NOT_MAC
#define SANITIZER_INTERCEPT_STRRCHR 1 #define SANITIZER_INTERCEPT_STRRCHR 1
#define SANITIZER_INTERCEPT_STRSPN 1 #define SANITIZER_INTERCEPT_STRSPN 1
#define SANITIZER_INTERCEPT_STRPBRK 1 #define SANITIZER_INTERCEPT_STRPBRK 1
#define SANITIZER_INTERCEPT_TEXTDOMAIN SI_LINUX_NOT_ANDROID #define SANITIZER_INTERCEPT_TEXTDOMAIN SI_LINUX_NOT_ANDROID
#define SANITIZER_INTERCEPT_STRCASECMP SI_NOT_WINDOWS #define SANITIZER_INTERCEPT_STRCASECMP SI_NOT_WINDOWS
#define SANITIZER_INTERCEPT_MEMSET 1 #define SANITIZER_INTERCEPT_MEMSET 1
#define SANITIZER_INTERCEPT_MEMMOVE 1 #define SANITIZER_INTERCEPT_MEMMOVE 1
#define SANITIZER_INTERCEPT_MEMCPY 1 #define SANITIZER_INTERCEPT_MEMCPY 1
#define SANITIZER_INTERCEPT_MEMCMP 1 #define SANITIZER_INTERCEPT_MEMCMP 1
#define SANITIZER_INTERCEPT_STRNDUP SI_POSIX
#define SANITIZER_INTERCEPT___STRNDUP SI_LINUX_NOT_FREEBSD
#if defined(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__) && \ #if defined(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__) && \
__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ < 1070 __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ < 1070
# define SI_MAC_DEPLOYMENT_BELOW_10_7 1 # define SI_MAC_DEPLOYMENT_BELOW_10_7 1
#else #else
# define SI_MAC_DEPLOYMENT_BELOW_10_7 0 # define SI_MAC_DEPLOYMENT_BELOW_10_7 0
#endif #endif
// memmem on Darwin doesn't exist on 10.6 // memmem on Darwin doesn't exist on 10.6
// FIXME: enable memmem on Windows. // FIXME: enable memmem on Windows.
▲ Show 20 LinesShow All 247 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/tests/sanitizer_test_utils.h

Show First 20 LinesShow All 118 Lines▼ Show 20 Lines
#endif #endif
#if defined(__FreeBSD__) #if defined(__FreeBSD__)
# define SANITIZER_TEST_HAS_PRINTF_L 1 # define SANITIZER_TEST_HAS_PRINTF_L 1
#else #else
# define SANITIZER_TEST_HAS_PRINTF_L 0 # define SANITIZER_TEST_HAS_PRINTF_L 0
#endif #endif
#if !defined(_MSC_VER)
# define SANITIZER_TEST_HAS_STRNDUP 1
#else
# define SANITIZER_TEST_HAS_STRNDUP 0
#endif
#endif // SANITIZER_TEST_UTILS_H #endif // SANITIZER_TEST_UTILS_H

compiler-rt/trunk/test/asan/TestCases/Posix/strndup_oob_test.cc

// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
// When built as C on Linux, strndup is transformed to __strndup.
// RUN: %clangxx_asan -O3 -xc %s -o %t && not %run %t 2>&1 | FileCheck %s
// UNSUPPORTED: win32
#include <string.h>
char kString[] = "foo";
int main(int argc, char **argv) {
char *copy = strndup(kString, 2);
int x = copy[2 + argc]; // BOOM
// CHECK: AddressSanitizer: heap-buffer-overflow
// CHECK: #0 {{.*}}main {{.*}}strndup_oob_test.cc:[[@LINE-2]]
// CHECK-LABEL: allocated by thread T{{.*}} here:
// CHECK: #{{[01]}} {{.*}}strndup
// CHECK: #{{.*}}main {{.*}}strndup_oob_test.cc:[[@LINE-6]]
// CHECK-LABEL: SUMMARY
// CHECK: strndup_oob_test.cc:[[@LINE-7]]
return x;
}

compiler-rt/trunk/test/msan/strndup.cc

// RUN: %clangxx_msan %s -o %t && not %run %t 2>&1 | FileCheck --check-prefix=ON %s
// RUN: %clangxx_msan %s -o %t && MSAN_OPTIONS=intercept_strndup=0 %run %t 2>&1 | FileCheck --check-prefix=OFF --allow-empty %s
// When built as C on Linux, strndup is transformed to __strndup.
// RUN: %clangxx_msan -O3 -xc %s -o %t && not %run %t 2>&1 | FileCheck --check-prefix=ON %s
// UNSUPPORTED: win32
#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <sanitizer/msan_interface.h>
int main(int argc, char **argv) {
char kString[4] = "abc";
__msan_poison(kString + 2, 1);
char *copy = strndup(kString, 4); // BOOM
assert(__msan_test_shadow(copy, 4) == 2); // Poisoning is preserved.
free(copy);
return 0;
// ON: Uninitialized bytes in __interceptor_{{(__)?}}strndup at offset 2 inside [{{.*}}, 4)
// ON: MemorySanitizer: use-of-uninitialized-value
// ON: #0 {{.*}}main {{.*}}strndup.cc:[[@LINE-6]]
// ON-LABEL: SUMMARY
// ON: {{.*}}strndup.cc:[[@LINE-8]]
// OFF-NOT: MemorySanitizer
}