[llvm-bugs] [Bug 37106] New: DataFlowSanitizer works wrong when snprintf use char-array as argument

via llvm-bugs llvm-bugs at lists.llvm.org
Thu Apr 12 02:22:06 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=37106

            Bug ID: 37106
           Summary: DataFlowSanitizer works wrong when snprintf use
                    char-array as argument
           Product: libraries
           Version: 5.0
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Miscellaneous Instrumentation passes
          Assignee: unassignedbugs at nondot.org
          Reporter: 3n4t5yu at gmail.com
                CC: llvm-bugs at lists.llvm.org

1. the code:
#include <stdio.h>

void fun()
{
        char buf[1000] ;
        char h[100] ;
        h[1] = 'a' ;
        h[0] = '\0' ;
        snprintf(buf, sizeof(buf), "%s", h) ;
}


2. the compile command:
clang -O3 -fsanitize=dataflow 1.c
unless you use -O0, you would got a clang crash


3. the crash

Wrong types for attribute: byval inalloca nest noalias nocapture nonnull
readnone readonly sret dereferenceable(1) dereferenceable_or_null(1)
  %12 = call i32 (i8*, i64, i8*, i16, i16, i16, i16*, i16*, ...)
@__dfsw_snprintf(i8* nonnull %0, i64 1000, i8* getelementptr inbounds ([3 x
i8], [3 x i8]* @.str, i64 0, i64 0), i16 nonnull zeroext 0, i16 zeroext 0, i16
zeroext 0, i16* %11, i16* %labelreturn, i8* %1) #5
fatal error: error in backend: Broken function found, compilation aborted!
clang-5.0: error: clang frontend command failed with exit code 70 (use -v to
see invocation)
clang version 5.0.1 (tags/RELEASE_501/final)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /wangchu_data/LLVM5_Install/bin
clang-5.0: note: diagnostic msg: PLEASE submit a bug report to
http://llvm.org/bugs/ and include the crash backtrace, preprocessed source, and
associated run script.
clang-5.0: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-5.0: note: diagnostic msg: /tmp/dfsan_bug-0cbaaf.c
clang-5.0: note: diagnostic msg: /tmp/dfsan_bug-0cbaaf.sh
clang-5.0: note: diagnostic msg: 

********************


4. 
$clang --version
clang version 5.0.1 (tags/RELEASE_501/final)
Target: x86_64-unknown-linux-gnu
Thread model: posix

I guess, it could be caused by some wrong inserted IR which generated by
DataFlowSanitizer PASS when use snprintf with char-array argument.

DFSan is great tool, please fix it :)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180412/a55cd5be/attachment.html>

More information about the llvm-bugs mailing list