[compiler-rt] r347415 - [compiler-rt][UBSan] silence_unsigned_overflow: do *NOT* ignore *fatal* unsigned overflows

Roman Lebedev via llvm-commits llvm-commits at lists.llvm.org
Wed Nov 21 12:35:44 PST 2018 

Author: lebedevri
Date: Wed Nov 21 12:35:43 2018
New Revision: 347415

URL: http://llvm.org/viewvc/llvm-project?rev=347415&view=rev
Log:
[compiler-rt][UBSan] silence_unsigned_overflow: do *NOT* ignore *fatal* unsigned overflows

Summary:
D48660 / rL335762 added a `silence_unsigned_overflow` env flag for [[ https://github.com/google/oss-fuzz/pull/1717 | oss-fuzz needs ]],
that allows to silence the reports from unsigned overflows.
It makes sense, it is there because `-fsanitize=integer` sanitizer is not enabled on oss-fuzz,
so this allows to still use it as an interestingness signal, without getting the actual reports.

However there is a slight problem here.
All types of unsigned overflows are ignored.
Even if `-fno-sanitize-recover=unsigned` was used (which means the program will die after the report)
there will still be no report, the program will just silently die.

At the moment there are just two projects on oss-fuzz that care:
* [[ https://github.com/google/oss-fuzz/blob/8eeffa627f937040aaf8ba1b7d93f43f77d74fb9/projects/llvm_libcxx/build.sh#L18-L20 | libc++ ]]
* [[ https://github.com/google/oss-fuzz/blob/8eeffa627f937040aaf8ba1b7d93f43f77d74fb9/projects/librawspeed/build.sh | RawSpeed ]] (me)

I suppose this could be overridden there ^, but i really don't think this is intended behavior in any case..

Reviewers: kcc, Dor1s, #sanitizers, filcab, vsk, kubamracek

Reviewed By: Dor1s

Subscribers: dberris, mclow.lists, llvm-commits

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D54771

Modified:
    compiler-rt/trunk/lib/ubsan/ubsan_flags.inc
    compiler-rt/trunk/lib/ubsan/ubsan_handlers.cc
    compiler-rt/trunk/test/ubsan/TestCases/Integer/no-recover.cpp

Modified: compiler-rt/trunk/lib/ubsan/ubsan_flags.inc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/ubsan/ubsan_flags.inc?rev=347415&r1=347414&r2=347415&view=diff
==============================================================================
--- compiler-rt/trunk/lib/ubsan/ubsan_flags.inc (original)
+++ compiler-rt/trunk/lib/ubsan/ubsan_flags.inc Wed Nov 21 12:35:43 2018
@@ -25,5 +25,5 @@ UBSAN_FLAG(const char *, suppressions, "
 UBSAN_FLAG(bool, report_error_type, false,
         "Print specific error type instead of 'undefined-behavior' in summary.")
 UBSAN_FLAG(bool, silence_unsigned_overflow, false,
-	"Do not print error reports for unsigned integer overflow. "
-	"Used to provide fuzzing signal without blowing up logs.")
+        "Do not print non-fatal error reports for unsigned integer overflow. "
+        "Used to provide fuzzing signal without blowing up logs.")

Modified: compiler-rt/trunk/lib/ubsan/ubsan_handlers.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/ubsan/ubsan_handlers.cc?rev=347415&r1=347414&r2=347415&view=diff
==============================================================================
--- compiler-rt/trunk/lib/ubsan/ubsan_handlers.cc (original)
+++ compiler-rt/trunk/lib/ubsan/ubsan_handlers.cc Wed Nov 21 12:35:43 2018
@@ -119,7 +119,9 @@ static void handleIntegerOverflowImpl(Ov
   if (ignoreReport(Loc, Opts, ET))
     return;
 
-  if (!IsSigned && flags()->silence_unsigned_overflow)
+  // If this is an unsigned overflow in non-fatal mode, potentially ignore it.
+  if (!IsSigned && !Opts.FromUnrecoverableHandler &&
+      flags()->silence_unsigned_overflow)
     return;
 
   ScopedReport R(Opts, Loc, ET);

Modified: compiler-rt/trunk/test/ubsan/TestCases/Integer/no-recover.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/ubsan/TestCases/Integer/no-recover.cpp?rev=347415&r1=347414&r2=347415&view=diff
==============================================================================
--- compiler-rt/trunk/test/ubsan/TestCases/Integer/no-recover.cpp (original)
+++ compiler-rt/trunk/test/ubsan/TestCases/Integer/no-recover.cpp Wed Nov 21 12:35:43 2018
@@ -1,7 +1,9 @@
 // RUN: %clangxx -fsanitize=unsigned-integer-overflow %s -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=RECOVER
 // RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=all -fsanitize-recover=unsigned-integer-overflow %s -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=RECOVER
 // RUN: %env_ubsan_opts=silence_unsigned_overflow=1 %run %t 2>&1 | FileCheck %s --check-prefix=SILENT-RECOVER --allow-empty
-// RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=unsigned-integer-overflow %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=ABORT
+// RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=unsigned-integer-overflow %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=ABORT
+// RUN: %env_ubsan_opts=silence_unsigned_overflow=1 not %run %t 2>&1 | FileCheck %s --check-prefix=ABORT
 
 #include <stdint.h>

More information about the llvm-commits mailing list