[cfe-dev] Questions on Clang DataflowSanitizer Taint Propagation
Jong-Ju Park via cfe-dev
cfe-dev at lists.llvm.org
Tue Oct 11 03:37:33 PDT 2016
Dear Peter:
Thank you for taking your time to respond!
Consider the following code:
--------------------------------------------------------------------
//buf is some heap array of unsigned 8-bit integers
//Labels is a global pointer to dfsan_label
labels = malloc(sizeof(*labels) * something);
int index;
for (index = 0; index < something; index++) {
char* desc;
asprintf(&desc, "%d", index);
dfsan_label byteLabel = dfsan_create_label(desc, 0);
dfsan_set_label(byteLabel, &buf[index], 1);
labels[index] = byteLabel;
}
/* The code below will behave differently depending on
* whether it is within the same function as the for-loop or not
*
*/
//-----------------START---------------------------
u_int8_t copy = buf[someIndex];
dfsan_label bufRegionLabel1 = dfsan_read_label(&buf[someIndex], 1);
dfsan_label bufRegionLabel2 = dfsan_get_label(buf[someIndex]);
dfsan_label bufRegionLabel3 = dfsan_read_label(©, 1);
dfsan_label bufRegionLabel4 = dfsan_get_label(copy);
assert (bufRegionLabel1 == bufRegionLabel2);
assert (bufRegionLabel2 == bufRegionLabel3);
assert (bufRegionLabel3 == bufRegionLabel4);
//-----------------END--------------------------
/* The code above will behave differently depending on
* whether it is within the same function as the for-loop or not
*/
-------------------------------------------------------------------------
The 4 labels, bufRegionLabel1, bufRegionLabel2, bufRegionLabel3, and bufRegionLabel4,
are indeed identical if you have those lines within the same function as the above for-loop;
however, if you have them in a *different* function (of course, assuming that
you pass buf into the said function), then bufRegionLabel2, bufRegionLabel3,
and bufRegionLabel4 will all have (null) and (nil) label and data.
Only bufRegionLabel1 will work as expected.
Why is this so? What is going on?
Sincerely,
JongJu Park
More information about the cfe-dev
mailing list