[compiler-rt] r179177 - [ASan] Do not check the shadow of NULL argument in the time() interceptor.

Alexander Potapenko glider at google.com
Wed Apr 10 08:28:26 PDT 2013 

Should we protect the first shadow memory page to avoid such errors in
the future?

On Wed, Apr 10, 2013 at 7:13 PM, Alexander Potapenko <glider at google.com> wrote:
> Author: glider
> Date: Wed Apr 10 10:13:00 2013
> New Revision: 179177
>
> URL: http://llvm.org/viewvc/llvm-project?rev=179177&view=rev
> Log:
> [ASan] Do not check the shadow of NULL argument in the time() interceptor.
> Add a test for time().
>
> Added:
>     compiler-rt/trunk/lib/asan/lit_tests/time_interceptor.cc
> Modified:
>     compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
>
> Added: compiler-rt/trunk/lib/asan/lit_tests/time_interceptor.cc
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/lit_tests/time_interceptor.cc?rev=179177&view=auto
> ==============================================================================
> --- compiler-rt/trunk/lib/asan/lit_tests/time_interceptor.cc (added)
> +++ compiler-rt/trunk/lib/asan/lit_tests/time_interceptor.cc Wed Apr 10 10:13:00 2013
> @@ -0,0 +1,20 @@
> +// RUN: %clangxx_asan -m64 -O0 %s -fsanitize-address-zero-base-shadow -pie -o %t && %t 2>&1 | %symbolize | FileCheck %s
> +
> +// Test the time() interceptor. Also includes a regression test for time(NULL),
> +// which caused ASan to crash in the zero-based shadow mode.
> +
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <time.h>
> +
> +int main() {
> +  time_t *tm = (time_t*)malloc(sizeof(time_t));
> +  free(tm);
> +  time_t t = time(NULL);
> +  fprintf(stderr, "Time: %s\n", ctime(&t));
> +  // CHECK: {{Time: .* .* .*}}
> +  t = time(tm);
> +  printf("Time: %s\n", ctime(&t));
> +  // CHECK: use-after-free
> +  return 0;
> +}
>
> Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc?rev=179177&r1=179176&r2=179177&view=diff
> ==============================================================================
> --- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc (original)
> +++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc Wed Apr 10 10:13:00 2013
> @@ -236,7 +236,7 @@ INTERCEPTOR(unsigned long, time, unsigne
>    void *ctx;
>    COMMON_INTERCEPTOR_ENTER(ctx, time, t);
>    unsigned long res = REAL(time)(t);
> -  if (res != (unsigned long)-1) {
> +  if (t && res != (unsigned long)-1) {
>      COMMON_INTERCEPTOR_WRITE_RANGE(ctx, t, sizeof(*t));
>    }
>    return res;
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits



-- 
Alexander Potapenko
Software Engineer
Google Moscow

More information about the llvm-commits mailing list