Index: lib/lsan/lsan_common_mac.cc =================================================================== --- lib/lsan/lsan_common_mac.cc +++ lib/lsan/lsan_common_mac.cc @@ -92,8 +92,34 @@ // required on Darwin. void InitializePlatformSpecificModules() {} +// Sections which can't contain contain global pointers. This list errs on the +// side of caution to avoid false positives, at the expense of performance. +// +// Other potentially safe sections include: +// __all_image_info, __crash_info, __const, __got, __interpose, __objc_msg_break +// +// Sections which definitely cannot be included here are: +// __objc_data, __objc_const, __data, __bss, __common, __thread_data, +// __thread_bss, __thread_vars, __objc_opt_rw, __objc_opt_ptrs +static const char *kSkippedSecNames[] = { + "__cfstring", + "__la_symbol_ptr", + "__mod_init_func", + "__mod_term_func", + "__nl_symbol_ptr", + "__objc_classlist", + "__objc_classrefs", + "__objc_imageinfo", + "__objc_nlclslist", + "__objc_protolist", + "__objc_selrefs", + "__objc_superrefs" +}; + // Scans global variables for heap pointers. void ProcessGlobalRegions(Frontier *frontier) { + for (auto name : kSkippedSecNames) CHECK(ARRAY_SIZE(name) < kMaxSegName); + MemoryMappingLayout memory_mapping(false); InternalMmapVector modules(/*initial_capacity*/ 128); memory_mapping.DumpListOfModules(&modules); @@ -104,8 +130,11 @@ for (const __sanitizer::LoadedModule::AddressRange &range : modules[i].ranges()) { - // Sections storing global variables are writable and non-executable - if (range.executable || !range.writable) continue; + if (!range.writable || range.executable) continue; + + for (auto name : kSkippedSecNames) { + if (!internal_strcmp(range.name, name)) continue; + } ScanGlobalRange(range.beg, range.end, frontier); } Index: lib/sanitizer_common/sanitizer_common.h =================================================================== --- lib/sanitizer_common/sanitizer_common.h +++ lib/sanitizer_common/sanitizer_common.h @@ -702,6 +702,7 @@ } const uptr kModuleUUIDSize = 16; +const uptr kMaxSegName = 16; // Represents a binary loaded into virtual memory (e.g. this can be an // executable or a shared object). @@ -720,7 +721,8 @@ void set(const char *module_name, uptr base_address, ModuleArch arch, u8 uuid[kModuleUUIDSize], bool instrumented); void clear(); - void addAddressRange(uptr beg, uptr end, bool executable, bool writable); + void addAddressRange(uptr beg, uptr end, bool executable, bool writable, + const char *name = nullptr); bool containsAddress(uptr address) const; const char *full_name() const { return full_name_; } @@ -736,13 +738,17 @@ uptr end; bool executable; bool writable; + char name[kMaxSegName]; - AddressRange(uptr beg, uptr end, bool executable, bool writable) + AddressRange(uptr beg, uptr end, bool executable, bool writable, + const char *name) : next(nullptr), beg(beg), end(end), executable(executable), - writable(writable) {} + writable(writable) { + internal_strncpy(this->name, (name ? name : ""), ARRAY_SIZE(this->name)); + } }; const IntrusiveList &ranges() const { return ranges_; } Index: lib/sanitizer_common/sanitizer_common.cc =================================================================== --- lib/sanitizer_common/sanitizer_common.cc +++ lib/sanitizer_common/sanitizer_common.cc @@ -285,9 +285,10 @@ } void LoadedModule::addAddressRange(uptr beg, uptr end, bool executable, - bool writable) { + bool writable, const char *name) { void *mem = InternalAlloc(sizeof(AddressRange)); - AddressRange *r = new(mem) AddressRange(beg, end, executable, writable); + AddressRange *r = + new(mem) AddressRange(beg, end, executable, writable, name); ranges_.push_back(r); if (executable && end > max_executable_address_) max_executable_address_ = end; Index: lib/sanitizer_common/sanitizer_procmaps.h =================================================================== --- lib/sanitizer_common/sanitizer_procmaps.h +++ lib/sanitizer_common/sanitizer_procmaps.h @@ -37,7 +37,8 @@ static const uptr kProtectionExecute = 4; static const uptr kProtectionShared = 8; -struct MemoryMappedSegment { +class MemoryMappedSegment { + public: MemoryMappedSegment(char *buff = nullptr, uptr size = 0) : filename(buff), filename_size(size) {} ~MemoryMappedSegment() {} @@ -55,6 +56,23 @@ uptr protection; ModuleArch arch; u8 uuid[kModuleUUIDSize]; + +#if SANITIZER_MAC + char name[kMaxSegName]; + + private: + friend class MemoryMappingLayout; + + template + void NextSectionLoad(LoadedModule *module); + void AddAddressRanges(LoadedModule *module); + + uptr nsects_; + char *current_load_cmd_addr_; + u32 lc_type_; + uptr base_virt_addr_; + uptr addr_mask_; +#endif }; class MemoryMappingLayout { Index: lib/sanitizer_common/sanitizer_procmaps_mac.cc =================================================================== --- lib/sanitizer_common/sanitizer_procmaps_mac.cc +++ lib/sanitizer_common/sanitizer_procmaps_mac.cc @@ -35,6 +35,33 @@ #endif namespace __sanitizer { +template +void MemoryMappedSegment::NextSectionLoad(LoadedModule *module) { + const Section *sc = (const Section *)current_load_cmd_addr_; + current_load_cmd_addr_ += sizeof(Section); + + uptr sec_start = (sc->addr & addr_mask_) + base_virt_addr_; + uptr sec_end = sec_start + sc->size; + module->addAddressRange(sec_start, sec_end, IsExecutable(), IsWritable(), + sc->sectname); +} + +void MemoryMappedSegment::AddAddressRanges(LoadedModule *module) { + if (!nsects_) { + module->addAddressRange(start, end, IsExecutable(), IsWritable(), name); + return; + } + + do { + if (lc_type_ == LC_SEGMENT) { + NextSectionLoad(module); +#ifdef MH_MAGIC_64 + } else if (lc_type_ == LC_SEGMENT_64) { + NextSectionLoad(module); +#endif + } + } while (--nsects_); +} MemoryMappingLayout::MemoryMappingLayout(bool cache_enabled) { Reset(); @@ -143,21 +170,27 @@ current_load_cmd_addr_ += ((const load_command *)lc)->cmdsize; if (((const load_command *)lc)->cmd == kLCSegment) { const SegmentCommand* sc = (const SegmentCommand *)lc; + segment->current_load_cmd_addr_ = (char *)lc + sizeof(SegmentCommand); + segment->lc_type_ = kLCSegment; + segment->nsects_ = sc->nsects; if (current_image_ == kDyldImageIdx) { + segment->base_virt_addr_ = (uptr)get_dyld_hdr(); // vmaddr is masked with 0xfffff because on macOS versions < 10.12, // it contains an absolute address rather than an offset for dyld. // To make matters even more complicated, this absolute address // isn't actually the absolute segment address, but the offset portion // of the address is accurate when combined with the dyld base address, // and the mask will give just this offset. - segment->start = (sc->vmaddr & 0xfffff) + (uptr)get_dyld_hdr(); - segment->end = (sc->vmaddr & 0xfffff) + sc->vmsize + (uptr)get_dyld_hdr(); + segment->addr_mask_ = 0xfffff; } else { - const sptr dlloff = _dyld_get_image_vmaddr_slide(current_image_); - segment->start = sc->vmaddr + dlloff; - segment->end = sc->vmaddr + sc->vmsize + dlloff; + segment->base_virt_addr_ = + (uptr)_dyld_get_image_vmaddr_slide(current_image_); + segment->addr_mask_ = ~0; } + segment->start = + (sc->vmaddr & segment->addr_mask_) + segment->base_virt_addr_; + segment->end = segment->start + sc->vmsize; // Return the initial protection. segment->protection = sc->initprot; @@ -169,6 +202,7 @@ : _dyld_get_image_name(current_image_); internal_strncpy(segment->filename, src, segment->filename_size); } + internal_strncpy(segment->name, sc->segname, ARRAY_SIZE(segment->name)); segment->arch = current_arch_; internal_memcpy(segment->uuid, current_uuid_, kModuleUUIDSize); return true; @@ -292,7 +326,7 @@ Reset(); InternalScopedString module_name(kMaxPathLength); MemoryMappedSegment segment(module_name.data(), kMaxPathLength); - for (uptr i = 0; Next(&segment); i++) { + while (Next(&segment)) { if (segment.filename[0] == '\0') continue; LoadedModule *cur_module = nullptr; if (!modules->empty() && @@ -304,8 +338,7 @@ cur_module->set(segment.filename, segment.start, segment.arch, segment.uuid, current_instrumented_); } - cur_module->addAddressRange(segment.start, segment.end, - segment.IsExecutable(), segment.IsWritable()); + segment.AddAddressRanges(cur_module); } }