From d97da5b44c1d8c1fa5c23b8f16dc630105517993 Mon Sep 17 00:00:00 2001
From: Maxim Ostapenko <chefmax7@gmail.com>
Date: Mon, 18 Dec 2017 15:31:26 +0000
Subject: [asan] Add interceptor for printf_chk

There could be a situation when a specific DSO was built with FORTIFY_SOURCE option. In case asan-ed binary link against that DSO,
libasan can't handle the possible memory error because it does not have interceptors for spinrtf_chk, snprintf_chk, vprintf_chk,
vsnprintf_chk, __fprintf_chk functions. Let's interceptors for them.

Patch by Denis Khalikov.

Differential Revision: https://reviews.llvm.org/D40951


git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320990 91177308-0d34-0410-b5e6-96231b3b80d8
---
 test/asan/TestCases/Linux/printf-fortify-1.c | 18 ++++++++++++++++++
 test/asan/TestCases/Linux/printf-fortify-2.c | 18 ++++++++++++++++++
 test/asan/TestCases/Linux/printf-fortify-3.c | 22 ++++++++++++++++++++++
 test/asan/TestCases/Linux/printf-fortify-4.c | 22 ++++++++++++++++++++++
 test/asan/TestCases/Linux/printf-fortify-5.c | 18 ++++++++++++++++++
 5 files changed, 98 insertions(+)
 create mode 100644 test/asan/TestCases/Linux/printf-fortify-1.c
 create mode 100644 test/asan/TestCases/Linux/printf-fortify-2.c
 create mode 100644 test/asan/TestCases/Linux/printf-fortify-3.c
 create mode 100644 test/asan/TestCases/Linux/printf-fortify-4.c
 create mode 100644 test/asan/TestCases/Linux/printf-fortify-5.c

(limited to 'test')

diff --git a/test/asan/TestCases/Linux/printf-fortify-1.c b/test/asan/TestCases/Linux/printf-fortify-1.c
new file mode 100644
index 000000000..2e0c70c1e
--- /dev/null
+++ b/test/asan/TestCases/Linux/printf-fortify-1.c
@@ -0,0 +1,18 @@
+// RUN: %clang -fPIC -shared -O2 -D_FORTIFY_SOURCE=2 -D_DSO %s -o %t.so
+// RUN: %clang_asan -o %t %t.so %s
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) int foo() {
+  char *write_buffer = (char *)malloc(1);
+  // CHECK: AddressSanitizer: heap-buffer-overflow
+  sprintf(write_buffer, "%s_%s", "one", "two");
+  return write_buffer[0];
+}
+#else
+extern int foo();
+int main() { return foo(); }
+#endif
diff --git a/test/asan/TestCases/Linux/printf-fortify-2.c b/test/asan/TestCases/Linux/printf-fortify-2.c
new file mode 100644
index 000000000..6ea1e00e4
--- /dev/null
+++ b/test/asan/TestCases/Linux/printf-fortify-2.c
@@ -0,0 +1,18 @@
+// RUN: %clang -fPIC -shared -O2 -D_FORTIFY_SOURCE=2 -D_DSO %s -o %t.so
+// RUN: %clang_asan %s -o %t %t.so
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) int foo() {
+  char *write_buffer = (char *)malloc(1);
+  // CHECK: AddressSanitizer: heap-buffer-overflow
+  snprintf(write_buffer, 4096, "%s_%s", "one", "two");
+  return write_buffer[0];
+}
+#else
+extern int foo();
+int main() { return foo(); }
+#endif
diff --git a/test/asan/TestCases/Linux/printf-fortify-3.c b/test/asan/TestCases/Linux/printf-fortify-3.c
new file mode 100644
index 000000000..a4b49dc98
--- /dev/null
+++ b/test/asan/TestCases/Linux/printf-fortify-3.c
@@ -0,0 +1,22 @@
+// RUN: %clang -shared -fPIC -D_DSO -O2 -D_FORTIFY_SOURCE=2 %s -o %t.so
+// RUN: %clang_asan %s -o %t %t.so
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) char foo(const char *format, ...) {
+  char *write_buffer = (char *)malloc(1);
+  va_list ap;
+  va_start(ap, format);
+  // CHECK: AddressSanitizer: heap-buffer-overflow
+  vsprintf(write_buffer, format, ap);
+  va_end(ap);
+  return write_buffer[0];
+}
+#else
+extern int foo(const char *format, ...);
+int main() { return foo("%s_%s", "one", "two"); }
+#endif
diff --git a/test/asan/TestCases/Linux/printf-fortify-4.c b/test/asan/TestCases/Linux/printf-fortify-4.c
new file mode 100644
index 000000000..57ec42f38
--- /dev/null
+++ b/test/asan/TestCases/Linux/printf-fortify-4.c
@@ -0,0 +1,22 @@
+// RUN: %clang -fPIC -shared -O2 -D_FORTIFY_SOURCE=2 -D_DSO %s -o %t.so
+// RUN: %clang_asan %s -o %t %t.so
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) char foo(const char *format, ...) {
+  char *write_buffer = (char *)malloc(1);
+  va_list ap;
+  va_start(ap, format);
+  // CHECK: AddressSanitizer: heap-buffer-overflow
+  vsnprintf(write_buffer, 4096, format, ap);
+  va_end(ap);
+  return write_buffer[0];
+}
+#else
+extern int foo(const char *format, ...);
+int main() { return foo("%s_%s", "one", "two"); }
+#endif
diff --git a/test/asan/TestCases/Linux/printf-fortify-5.c b/test/asan/TestCases/Linux/printf-fortify-5.c
new file mode 100644
index 000000000..487457a90
--- /dev/null
+++ b/test/asan/TestCases/Linux/printf-fortify-5.c
@@ -0,0 +1,18 @@
+// RUN: %clang -fPIC -shared -O2 -D_FORTIFY_SOURCE=2 -D_DSO %s -o %t.so
+// RUN: %clang_asan -o %t %t.so %s
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) int foo() {
+  char *read_buffer = (char *)malloc(1);
+  // CHECK: AddressSanitizer: heap-buffer-overflow
+  fprintf(stderr, read_buffer, 4096);
+  return read_buffer[0];
+}
+#else
+extern int foo();
+int main() { return foo(); }
+#endif
-- 
cgit v1.2.3