diff options
author | Kostya Serebryany <kcc@google.com> | 2016-12-14 19:10:17 +0000 |
---|---|---|
committer | Kostya Serebryany <kcc@google.com> | 2016-12-14 19:10:17 +0000 |
commit | 1963d393f7a15b8cc9df163a118cce93e689be33 (patch) | |
tree | 6656f15cbd8269d13323b973f8cf93714887e400 | |
parent | c769290b1ef351ab85d6b3dea5a778ab39ae2188 (diff) |
[sanitizer] intercept bstring functions, patch by Kuang-che Wu (https://reviews.llvm.org/D27659)
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@289690 91177308-0d34-0410-b5e6-96231b3b80d8
-rw-r--r-- | lib/msan/msan_interceptors.cc | 5 | ||||
-rw-r--r-- | lib/sanitizer_common/sanitizer_common_interceptors.inc | 36 | ||||
-rw-r--r-- | lib/sanitizer_common/sanitizer_platform_interceptors.h | 3 | ||||
-rw-r--r-- | test/asan/TestCases/Linux/bcmp_test.cc | 23 | ||||
-rw-r--r-- | test/asan/TestCases/Linux/bcopy_test.cc | 22 | ||||
-rw-r--r-- | test/asan/TestCases/Linux/bzero_test.cc | 13 |
6 files changed, 97 insertions, 5 deletions
diff --git a/lib/msan/msan_interceptors.cc b/lib/msan/msan_interceptors.cc index 53f10ab8e..f8137acf0 100644 --- a/lib/msan/msan_interceptors.cc +++ b/lib/msan/msan_interceptors.cc @@ -178,10 +178,6 @@ INTERCEPTOR(void *, memset, void *s, int c, SIZE_T n) { return __msan_memset(s, c, n); } -INTERCEPTOR(void *, bcopy, const void *src, void *dest, SIZE_T n) { - return __msan_memmove(dest, src, n); -} - INTERCEPTOR(int, posix_memalign, void **memptr, SIZE_T alignment, SIZE_T size) { GET_MALLOC_STACK_TRACE; CHECK_EQ(alignment & (alignment - 1), 0); @@ -1519,7 +1515,6 @@ void InitializeInterceptors() { INTERCEPT_FUNCTION(mempcpy); INTERCEPT_FUNCTION(memset); INTERCEPT_FUNCTION(memmove); - INTERCEPT_FUNCTION(bcopy); INTERCEPT_FUNCTION(wmemset); INTERCEPT_FUNCTION(wmemcpy); INTERCEPT_FUNCTION(wmempcpy); diff --git a/lib/sanitizer_common/sanitizer_common_interceptors.inc b/lib/sanitizer_common/sanitizer_common_interceptors.inc index 90fb43441..320bdde75 100644 --- a/lib/sanitizer_common/sanitizer_common_interceptors.inc +++ b/lib/sanitizer_common/sanitizer_common_interceptors.inc @@ -4906,6 +4906,39 @@ INTERCEPTOR(void *, __bzero, void *block, uptr size) { #define INIT___BZERO #endif // SANITIZER_INTERCEPT___BZERO +#if SANITIZER_INTERCEPT_BZERO +DECLARE_REAL_AND_INTERCEPTOR(void *, memset, void *, int, uptr) + +INTERCEPTOR(void, bzero, void *block, uptr size) { + WRAP(memset)(block, 0, size); +} +#define INIT_BZERO COMMON_INTERCEPT_FUNCTION(bzero); +#else +#define INIT_BZERO +#endif // SANITIZER_INTERCEPT_BZERO + +#if SANITIZER_INTERCEPT_BCOPY +DECLARE_REAL_AND_INTERCEPTOR(void *, memmove, void *, const void *, uptr) + +INTERCEPTOR(void, bcopy, const void *src, void *dest, uptr size) { + WRAP(memmove)(dest, src, size); +} +#define INIT_BCOPY COMMON_INTERCEPT_FUNCTION(bcopy); +#else +#define INIT_BCOPY +#endif // SANITIZER_INTERCEPT_BCOPY + +#if SANITIZER_INTERCEPT_BCMP +DECLARE_REAL_AND_INTERCEPTOR(int, memcmp, const void *, const void *, uptr) + +INTERCEPTOR(int, bcmp, const void *s1, const void *s2, uptr size) { + return WRAP(memcmp)(s1, s2, size); +} +#define INIT_BCMP COMMON_INTERCEPT_FUNCTION(bcmp); +#else +#define INIT_BCMP +#endif // SANITIZER_INTERCEPT_BCMP + #if SANITIZER_INTERCEPT_FTIME INTERCEPTOR(int, ftime, __sanitizer_timeb *tp) { void *ctx; @@ -6056,6 +6089,9 @@ static void InitializeCommonInterceptors() { INIT_CAPGET; INIT_AEABI_MEM; INIT___BZERO; + INIT_BZERO; + INIT_BCOPY; + INIT_BCMP; INIT_FTIME; INIT_XDR; INIT_TSEARCH; diff --git a/lib/sanitizer_common/sanitizer_platform_interceptors.h b/lib/sanitizer_common/sanitizer_platform_interceptors.h index 8904a12f9..d54463a69 100644 --- a/lib/sanitizer_common/sanitizer_platform_interceptors.h +++ b/lib/sanitizer_common/sanitizer_platform_interceptors.h @@ -274,6 +274,9 @@ #define SANITIZER_INTERCEPT_AEABI_MEM 0 #endif #define SANITIZER_INTERCEPT___BZERO SI_MAC +#define SANITIZER_INTERCEPT_BZERO SI_LINUX || SI_FREEBSD || SI_MAC +#define SANITIZER_INTERCEPT_BCOPY SI_LINUX || SI_FREEBSD || SI_MAC +#define SANITIZER_INTERCEPT_BCMP SI_LINUX || SI_FREEBSD || SI_MAC #define SANITIZER_INTERCEPT_FTIME !SI_FREEBSD && SI_NOT_WINDOWS #define SANITIZER_INTERCEPT_XDR SI_LINUX_NOT_ANDROID #define SANITIZER_INTERCEPT_TSEARCH SI_LINUX_NOT_ANDROID || SI_MAC diff --git a/test/asan/TestCases/Linux/bcmp_test.cc b/test/asan/TestCases/Linux/bcmp_test.cc new file mode 100644 index 000000000..61853f08f --- /dev/null +++ b/test/asan/TestCases/Linux/bcmp_test.cc @@ -0,0 +1,23 @@ +// RUN: %clangxx_asan %s -o %t +// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=A1 +// RUN: not %run %t 1 2>&1 | FileCheck %s --check-prefix=A2 +// RUN: %env_asan_opts=intercept_memcmp=0 %run %t + +#include <strings.h> +int main(int argc, char **argv) { + char a1[] = {1, 2, 3, 4, 5, 6, 7, 8}; + char a2[] = {3, 4, 5, 6, 7, 8, 9}; + int res; + if (argc == 1) + res = bcmp(a1, a2, sizeof(a1)); // BOOM + else + res = bcmp(a2, a1, sizeof(a1)); // BOOM + // A1: AddressSanitizer: stack-buffer-overflow + // A1: {{#0.*memcmp}} + // A1: 'a2' <== Memory access at offset + // + // A2: AddressSanitizer: stack-buffer-overflow + // A2: {{#0.*memcmp}} + // A2: 'a2' <== Memory access at offset + return res == 0; +} diff --git a/test/asan/TestCases/Linux/bcopy_test.cc b/test/asan/TestCases/Linux/bcopy_test.cc new file mode 100644 index 000000000..ad21b719b --- /dev/null +++ b/test/asan/TestCases/Linux/bcopy_test.cc @@ -0,0 +1,22 @@ +// RUN: %clangxx_asan %s -o %t +// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=A1 +// RUN: not %run %t 1 2>&1 | FileCheck %s --check-prefix=A2 +// RUN: %env_asan_opts=replace_intrin=0 %run %t + +#include <strings.h> +int main(int argc, char **argv) { + char a1[] = {1, 2, 3, 4, 5, 6, 7, 8}; + char a2[] = {3, 4, 5, 6, 7, 8, 9}; + if (argc == 1) + bcopy(a1, a2, sizeof(a1)); // BOOM + else + bcopy(a2, a1, sizeof(a1)); // BOOM + // A1: AddressSanitizer: stack-buffer-overflow + // A1: {{#0.*memmove}} + // A1: 'a2' <== Memory access at offset + // + // A2: AddressSanitizer: stack-buffer-overflow + // A2: {{#0.*memmove}} + // A2: 'a2' <== Memory access at offset + return 0; +} diff --git a/test/asan/TestCases/Linux/bzero_test.cc b/test/asan/TestCases/Linux/bzero_test.cc new file mode 100644 index 000000000..8149ad97a --- /dev/null +++ b/test/asan/TestCases/Linux/bzero_test.cc @@ -0,0 +1,13 @@ +// RUN: %clangxx_asan %s -o %t +// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=A1 +// RUN: %env_asan_opts=replace_intrin=0 %run %t + +#include <strings.h> +int main(int argc, char **argv) { + char a1[] = {1, 2, 3, 4, 5, 6, 7, 8}; + bzero(a1, sizeof(a1) + 1); // BOOM + // A1: AddressSanitizer: stack-buffer-overflow + // A1: {{#0.*memset}} + // A1: 'a1' <== Memory access at offset + return 0; +} |