[PATCH] D14795: [msan] Don't unpoison phdrs on dlopen(NULL, 0)

Reid Kleckner via llvm-commits llvm-commits at lists.llvm.org
Wed Nov 18 16:32:47 PST 2015 

rnk created this revision.
rnk added a reviewer: eugenis.
rnk added a subscriber: llvm-commits.

dlopen(NULL, ...) is intended to give you back a handle to the
executable for use with dlsym. Casting it to link_map and using it with
ForEachMappedRegion results in a crash.

We also shouldn't unpoison the globals of a DSO that is already in
memory. This ensures that we don't do it for the executable, but in
general, MSan may have false positives if the DSO is already loaded.

http://reviews.llvm.org/D14795

Files:
  lib/msan/msan_interceptors.cc
  test/msan/dlopen_executable.cc

Index: test/msan/dlopen_executable.cc
===================================================================
--- /dev/null
+++ test/msan/dlopen_executable.cc
@@ -0,0 +1,17 @@
+// RUN: %clangxx_msan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <assert.h>
+#include <dlfcn.h>
+#include <stdlib.h>
+
+static int my_global;
+
+int main(void) {
+  int *uninit = (int*)malloc(sizeof(int));
+  my_global = *uninit;
+  void *p = dlopen(0, RTLD_NOW);
+  assert(p && "failed to get handle to executable");
+  return my_global;
+  // CHECK: MemorySanitizer: use-of-uninitialized-value
+  // CHECK: #0 {{.*}} in main{{.*}}dlopen_executable.cc:[[@LINE-2]]
+}
Index: lib/msan/msan_interceptors.cc
===================================================================
--- lib/msan/msan_interceptors.cc
+++ lib/msan/msan_interceptors.cc
@@ -1434,10 +1434,11 @@
   } while (false)  // FIXME
 #define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name)
 #define COMMON_INTERCEPTOR_ON_EXIT(ctx) OnExit()
-#define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle)  \
-  do {                                                       \
-    link_map *map = GET_LINK_MAP_BY_DLOPEN_HANDLE((handle)); \
-    if (map) ForEachMappedRegion(map, __msan_unpoison);      \
+#define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle)                    \
+  do {                                                                         \
+    link_map *map = GET_LINK_MAP_BY_DLOPEN_HANDLE((handle));                   \
+    if (filename && map)                                                       \
+      ForEachMappedRegion(map, __msan_unpoison);                               \
   } while (false)
 
 #define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end)                           \


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D14795.40577.patch
Type: text/x-patch
Size: 1759 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20151119/60e92df5/attachment.bin>

More information about the llvm-commits mailing list