diff options
author | Maxim Ostapenko <m.ostapenko@partner.samsung.com> | 2016-05-17 07:38:27 +0000 |
---|---|---|
committer | Maxim Ostapenko <m.ostapenko@partner.samsung.com> | 2016-05-17 07:38:27 +0000 |
commit | f0ccaf3554182da4c7a038ae96a869e0e202bd2c (patch) | |
tree | 7d90481c5f40a0df04da89e3af276e14a5dd12b1 /test | |
parent | db00dbbe78b6af476122c33bb8322d4613ed4615 (diff) |
[asan] Don't raise false alarm to recv/recvfrom when MSG_TRUNC is present.
Fix https://llvm.org/bugs/show_bug.cgi?id=27673.
Currenty ASan checks the return value of real recv/recvfrom to see if the written bytes fit in the buffer. That works fine most of time.
However, there is an exception: (from the RECV(2) man page)
MSG_TRUNC (since Linux 2.2)
... return the real length of the packet or datagram, even when it was longer than the passed buffer. ...
Some programs combine MSG_TRUNC, MSG_PEEK and a single-byte buffer to peek the incoming data size without reading (much of) them. In this case,
the return value is usually longer than what's been written and ASan raises a false alarm here. To avoid such false positive reports,
we can use min(res, len) in COMMON_INTERCEPTOR_WRITE_RANGE checks.
Differential Revision: http://reviews.llvm.org/D20280
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269749 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test')
-rw-r--r-- | test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc b/test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc new file mode 100644 index 000000000..a806ce0f1 --- /dev/null +++ b/test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc @@ -0,0 +1,36 @@ +// Test that ASan doesn't raise false alarm when MSG_TRUNC is present. +// +// RUN: %clangxx %s -o %t && %run %t 2>&1 +// +// UNSUPPORTED: android + +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/ip.h> +#include <assert.h> + +int main() { + int fd_0 = socket(AF_INET, SOCK_DGRAM, 0); + int fd_1 = socket(AF_INET, SOCK_DGRAM, 0); + struct sockaddr_in sin; + socklen_t len = sizeof(sin); + char *buf = (char *)malloc(1); + + sin.sin_family = AF_INET; + // Choose a random port to bind. + sin.sin_port = 0; + sin.sin_addr.s_addr = INADDR_ANY; + + assert(bind(fd_1, (struct sockaddr *)&sin, sizeof(sin)) == 0); + // Get the address and port binded. + assert(getsockname(fd_1, (struct sockaddr *)&sin, &len) == 0); + assert(sendto(fd_0, "hello", strlen("hello"), MSG_DONTWAIT, + (struct sockaddr *)&sin, sizeof(sin)) != -1); + assert(recv(fd_1, buf, 1, MSG_TRUNC) != -1); + free(buf); + + return 0; +} + |