diff options
author | Kostya Kortchinsky <kostyak@google.com> | 2018-01-23 23:07:42 +0000 |
---|---|---|
committer | Kostya Kortchinsky <kostyak@google.com> | 2018-01-23 23:07:42 +0000 |
commit | d0c532095b9333f331f7afdea053f3676c9549fd (patch) | |
tree | e550d061ffc770210e1d14be0509c68eef30faf1 /lib/scudo/scudo_allocator.cpp | |
parent | 2fbd5f8be24f33ba6fcf66034dbf826bc4903f7b (diff) |
[scudo] Allow for weak hooks, gated by a define
Summary:
Hooks in the allocation & deallocation paths can be a security risk (see for an
example https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html
which used the glibc's __free_hook to complete exploitation).
But some users have expressed a need for them, even if only for tests and
memory benchmarks. So allow for `__sanitizer_malloc_hook` &
`__sanitizer_free_hook` to be called if defined, and gate them behind a global
define `SCUDO_CAN_USE_HOOKS` defaulting to 0.
Reviewers: alekseyshl
Reviewed By: alekseyshl
Subscribers: #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D42430
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@323278 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/scudo/scudo_allocator.cpp')
-rw-r--r-- | lib/scudo/scudo_allocator.cpp | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/scudo/scudo_allocator.cpp b/lib/scudo/scudo_allocator.cpp index 0e18141f4..31317b7cf 100644 --- a/lib/scudo/scudo_allocator.cpp +++ b/lib/scudo/scudo_allocator.cpp @@ -430,7 +430,8 @@ struct ScudoAllocator { } void *Ptr = reinterpret_cast<void *>(UserPtr); Chunk::storeHeader(Ptr, &Header); - // if (&__sanitizer_malloc_hook) __sanitizer_malloc_hook(Ptr, Size); + if (SCUDO_CAN_USE_HOOKS && &__sanitizer_malloc_hook) + __sanitizer_malloc_hook(Ptr, Size); return Ptr; } @@ -480,7 +481,8 @@ struct ScudoAllocator { // the TLS destructors, ending up in initialized thread specific data never // being destroyed properly. Any other heap operation will do a full init. initThreadMaybe(/*MinimalInit=*/true); - // if (&__sanitizer_free_hook) __sanitizer_free_hook(Ptr); + if (SCUDO_CAN_USE_HOOKS && &__sanitizer_free_hook) + __sanitizer_free_hook(Ptr); if (UNLIKELY(!Ptr)) return; if (UNLIKELY(!Chunk::isAligned(Ptr))) { |