[asan] Don't raise false alarm to recv/recvfrom when MSG_TRUNC is present.

Fix https://llvm.org/bugs/show_bug.cgi?id=27673.

Currenty ASan checks the return value of real recv/recvfrom to see if the written bytes fit in the buffer. That works fine most of time.
However, there is an exception: (from the RECV(2) man page)

MSG_TRUNC (since Linux 2.2)
    ... return the real length of the packet or datagram, even when it was longer than the passed buffer. ...

Some programs combine MSG_TRUNC, MSG_PEEK and a single-byte buffer to peek the incoming data size without reading (much of) them. In this case,
the return value is usually longer than what's been written and ASan raises a false alarm here. To avoid such false positive reports,
we can use min(res, len) in COMMON_INTERCEPTOR_WRITE_RANGE checks.

Differential Revision: http://reviews.llvm.org/D20280


git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269749 91177308-0d34-0410-b5e6-96231b3b80d8

2 files changed, 38 insertions, 2 deletions

diff --git a/lib/sanitizer_common/sanitizer_common_interceptors.inc b/lib/sanitizer_common/sanitizer_common_interceptors.inc
index 188722164..16117cd28 100644
--- a/lib/sanitizer_common/sanitizer_common_interceptors.inc
+++ b/lib/sanitizer_common/sanitizer_common_interceptors.inc
@@ -5498,7 +5498,7 @@ INTERCEPTOR(SSIZE_T, recv, int fd, void *buf, SIZE_T len, int flags) {
   COMMON_INTERCEPTOR_FD_ACCESS(ctx, fd);
   SSIZE_T res = REAL(recv)(fd, buf, len, flags);
   if (res > 0) {
-    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, res);
+    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, Min((SIZE_T)res, len));
   }
   if (res >= 0 && fd >= 0) COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd);
   return res;
@@ -5515,7 +5515,7 @@ INTERCEPTOR(SSIZE_T, recvfrom, int fd, void *buf, SIZE_T len, int flags,
   (void)srcaddr_sz;  // prevent "set but not used" warning
   SSIZE_T res = REAL(recvfrom)(fd, buf, len, flags, srcaddr, addrlen);
   if (res > 0) {
-    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, res);
+    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, Min((SIZE_T)res, len));
     if (srcaddr)
       COMMON_INTERCEPTOR_INITIALIZE_RANGE(srcaddr,
                                           Min((SIZE_T)*addrlen, srcaddr_sz));
diff --git a/test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc b/test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc
new file mode 100644
index 000000000..a806ce0f1
--- /dev/null
+++ b/test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc
@@ -0,0 +1,36 @@
+// Test that ASan doesn't raise false alarm when MSG_TRUNC is present.
+//
+// RUN: %clangxx %s -o %t && %run %t 2>&1
+//
+// UNSUPPORTED: android
+
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <assert.h>
+
+int main() {
+  int fd_0 = socket(AF_INET, SOCK_DGRAM, 0);
+  int fd_1 = socket(AF_INET, SOCK_DGRAM, 0);
+  struct sockaddr_in sin;
+  socklen_t len = sizeof(sin);
+  char *buf = (char *)malloc(1);
+
+  sin.sin_family = AF_INET;
+  // Choose a random port to bind.
+  sin.sin_port = 0;
+  sin.sin_addr.s_addr = INADDR_ANY;
+
+  assert(bind(fd_1, (struct sockaddr *)&sin, sizeof(sin)) == 0);
+  // Get the address and port binded.
+  assert(getsockname(fd_1, (struct sockaddr *)&sin, &len) == 0);
+  assert(sendto(fd_0, "hello", strlen("hello"), MSG_DONTWAIT,
+                (struct sockaddr *)&sin, sizeof(sin)) != -1);
+  assert(recv(fd_1, buf, 1, MSG_TRUNC) != -1);
+  free(buf);
+
+  return 0;
+}
+