[cfe-dev] Questions on Clang DataflowSanitizer Taint Propagation

Peter Collingbourne via cfe-dev cfe-dev at lists.llvm.org
Tue Oct 11 09:43:07 PDT 2016


It may be a bug, but unless you can provide a *self contained* example that
I can easily run (i.e. a main function, not just code snippets), I can't
help you.

Peter

On Tue, Oct 11, 2016 at 3:37 AM, Jong-Ju Park <jongjup at sfu.ca> wrote:

> Dear Peter:
>
> Thank you for taking your time to respond!
>
> Consider the following code:
>
> --------------------------------------------------------------------
>
> //buf is some heap array of unsigned 8-bit integers
>
> //Labels is a global pointer to dfsan_label
> labels = malloc(sizeof(*labels) * something);
>
> int index;
>
> for (index = 0; index < something; index++) {
>     char* desc;
>     asprintf(&desc, "%d", index);
>     dfsan_label byteLabel = dfsan_create_label(desc, 0);
>     dfsan_set_label(byteLabel, &buf[index], 1);
>     labels[index] = byteLabel;
> }
>
>
> /* The code below will behave differently depending on
>  * whether it is within the same function as the for-loop or not
>  *
>  */
>
> //-----------------START---------------------------
>
> u_int8_t copy = buf[someIndex];
>
> dfsan_label bufRegionLabel1 = dfsan_read_label(&buf[someIndex], 1);
> dfsan_label bufRegionLabel2 = dfsan_get_label(buf[someIndex]);
> dfsan_label bufRegionLabel3 = dfsan_read_label(&copy, 1);
> dfsan_label bufRegionLabel4 = dfsan_get_label(copy);
>
> assert (bufRegionLabel1 == bufRegionLabel2);
> assert (bufRegionLabel2 == bufRegionLabel3);
> assert (bufRegionLabel3 == bufRegionLabel4);
>
> //-----------------END--------------------------
>
> /* The code above will behave differently depending on
>  * whether it is within the same function as the for-loop or not
>  */
>
> -------------------------------------------------------------------------
>
> The 4 labels, bufRegionLabel1, bufRegionLabel2, bufRegionLabel3, and
> bufRegionLabel4,
> are indeed identical if you have those lines within the same function as
> the above for-loop;
> however, if you have them in a *different* function (of course, assuming
> that
> you pass buf into the said function), then bufRegionLabel2,
> bufRegionLabel3,
> and bufRegionLabel4 will all have (null) and (nil) label and data.
> Only bufRegionLabel1 will work as expected.
>
> Why is this so? What is going on?
>
>
> Sincerely,
>
> JongJu Park
>



-- 
-- 
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20161011/fd65b599/attachment.html>


More information about the cfe-dev mailing list