[llvm-commits] [compiler-rt] r169966 - in /compiler-rt/trunk/lib: asan/asan_interceptors.cc asan/tests/asan_test.cc msan/msan_interceptors.cc sanitizer_common/sanitizer_common_interceptors.h tsan/rtl/tsan_interceptors.cc
Sean Silva
silvas at purdue.edu
Wed Dec 12 14:52:26 PST 2012
Sorry for the delay in testing this. It fixed the issue for me. Now I
get what I expected:
sean:~/pg/streams % ./First.cpp First.o
Opening 'First.o'
ELF magic is valid
ELF class is ELF64
=================================================================
==22653== ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fffae4aa4df at pc 0x407110 bp 0x7fffae4aa2b0 sp 0x7fffae4aa280
WRITE of size 1 at 0x7fffae4aa4df thread T0
#0 0x40710f (/home/sean/pg/streams/a.out+0x40710f)
#1 0x414997 (/home/sean/pg/streams/a.out+0x414997)
#2 0x7f61b790876c (/lib/x86_64-linux-gnu/libc-2.15.so+0x2176c)
Address 0x7fffae4aa4df is located at offset 351 in frame <main> of T0's stack:
This frame has 7 object(s):
[32, 36) ''
[96, 100) ''
[160, 168) ''
[224, 228) 'fd'
[288, 304) 'e_ident'
[352, 356) 'bits'
[416, 480) 'hdr'
HINT: this may be a false positive if your program uses some custom
stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
Shadow byte and word:
0x1ffff5c9549b: f2
0x1ffff5c95498: f2 f2 f2 f2 04 f4 f4 f4
More shadow bytes:
0x1ffff5c95478: f2 f2 f2 f2 04 f4 f4 f4
0x1ffff5c95480: f2 f2 f2 f2 00 f4 f4 f4
0x1ffff5c95488: f2 f2 f2 f2 04 f4 f4 f4
0x1ffff5c95490: f2 f2 f2 f2 00 00 f4 f4
=>0x1ffff5c95498: f2 f2 f2 f2 04 f4 f4 f4
0x1ffff5c954a0: f2 f2 f2 f2 00 00 00 00
0x1ffff5c954a8: 00 00 00 00 f3 f3 f3 f3
0x1ffff5c954b0: 00 00 00 00 00 00 00 00
0x1ffff5c954b8: 00 00 00 00 00 00 00 00
Stats: 0M malloced (0M for red zones) by 0 calls
Stats: 0M realloced by 0 calls
Stats: 0M freed by 0 calls
Stats: 0M really freed by 0 calls
Stats: 0M (0 full pages) mmaped in 0 calls
mmaps by size class:
mallocs by size class:
frees by size class:
rfrees by size class:
Stats: malloc large: 0 small slow: 0
==22653== ABORTING
On Wed, Dec 12, 2012 at 4:54 AM, Kostya Serebryany <kcc at google.com> wrote:
> Author: kcc
> Date: Wed Dec 12 03:54:35 2012
> New Revision: 169966
>
> URL: http://llvm.org/viewvc/llvm-project?rev=169966&view=rev
> Log:
> [asan] add sanitizer_common/sanitizer_common_interceptors.h with pread/pread64/read interceptors. Use it in asan. Add asan tests for pread/etc. Add FIXME to tsan/msan interceptors
>
> Added:
> compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h
> Modified:
> compiler-rt/trunk/lib/asan/asan_interceptors.cc
> compiler-rt/trunk/lib/asan/tests/asan_test.cc
> compiler-rt/trunk/lib/msan/msan_interceptors.cc
> compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc
>
> Modified: compiler-rt/trunk/lib/asan/asan_interceptors.cc
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_interceptors.cc?rev=169966&r1=169965&r2=169966&view=diff
> ==============================================================================
> --- compiler-rt/trunk/lib/asan/asan_interceptors.cc (original)
> +++ compiler-rt/trunk/lib/asan/asan_interceptors.cc Wed Dec 12 03:54:35 2012
> @@ -46,9 +46,9 @@
> // checking the first and the last byte of a range.
> #define ACCESS_MEMORY_RANGE(offset, size, isWrite) do { \
> if (size > 0) { \
> - uptr ptr = (uptr)(offset); \
> - ACCESS_ADDRESS(ptr, isWrite); \
> - ACCESS_ADDRESS(ptr + (size) - 1, isWrite); \
> + uptr _ptr = (uptr)(offset); \
> + ACCESS_ADDRESS(_ptr, isWrite); \
> + ACCESS_ADDRESS(_ptr + (size) - 1, isWrite); \
> } \
> } while (0)
>
> @@ -98,6 +98,11 @@
> // ---------------------- Wrappers ---------------- {{{1
> using namespace __asan; // NOLINT
>
> +#define COMMON_INTERCEPTOR_WRITE_RANGE(ptr, size) ASAN_WRITE_RANGE(ptr, size)
> +#define COMMON_INTERCEPTOR_READ_RANGE(ptr, size) ASAN_READ_RANGE(ptr, size)
> +#define COMMON_INTERCEPTOR_ENTER(func, ...) ENSURE_ASAN_INITED()
> +#include "sanitizer_common/sanitizer_common_interceptors.h"
> +
> static thread_return_t THREAD_CALLING_CONV asan_thread_start(void *arg) {
> AsanThread *t = (AsanThread*)arg;
> asanThreadRegistry().SetCurrent(t);
> @@ -667,6 +672,9 @@
> #if MAC_INTERPOSE_FUNCTIONS
> return;
> #endif
> +
> + SANITIZER_COMMON_INTERCEPTORS_INIT;
> +
> // Intercept mem* functions.
> ASAN_INTERCEPT_FUNC(memcmp);
> ASAN_INTERCEPT_FUNC(memmove);
>
> Modified: compiler-rt/trunk/lib/asan/tests/asan_test.cc
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/tests/asan_test.cc?rev=169966&r1=169965&r2=169966&view=diff
> ==============================================================================
> --- compiler-rt/trunk/lib/asan/tests/asan_test.cc (original)
> +++ compiler-rt/trunk/lib/asan/tests/asan_test.cc Wed Dec 12 03:54:35 2012
> @@ -22,6 +22,9 @@
>
> #ifdef __linux__
> # include <sys/prctl.h>
> +# include <sys/types.h>
> +# include <sys/stat.h>
> +# include <fcntl.h>
> #endif
>
> #if defined(__i386__) || defined(__x86_64__)
> @@ -1563,6 +1566,45 @@
> CallMemTransferByPointer(&memmove);
> }
>
> +#ifdef __linux__
> +TEST(AddressSanitizer, pread) {
> + char *x = new char [10];
> + int fd = open("/proc/self/stat", O_RDONLY);
> + ASSERT_GT(fd, 0);
> + EXPECT_DEATH(pread(fd, x, 15, 0),
> + ASAN_PCRE_DOTALL
> + "AddressSanitizer: heap-buffer-overflow"
> + ".* is located 4 bytes to the right of 10-byte region");
> + close(fd);
> + delete x;
> +}
> +
> +TEST(AddressSanitizer, pread64) {
> + char *x = new char [10];
> + int fd = open("/proc/self/stat", O_RDONLY);
> + ASSERT_GT(fd, 0);
> + EXPECT_DEATH(pread64(fd, x, 15, 0),
> + ASAN_PCRE_DOTALL
> + "AddressSanitizer: heap-buffer-overflow"
> + ".* is located 4 bytes to the right of 10-byte region");
> + close(fd);
> + delete x;
> +}
> +
> +TEST(AddressSanitizer, read) {
> + char *x = new char [10];
> + int fd = open("/proc/self/stat", O_RDONLY);
> + ASSERT_GT(fd, 0);
> + EXPECT_DEATH(read(fd, x, 15),
> + ASAN_PCRE_DOTALL
> + "AddressSanitizer: heap-buffer-overflow"
> + ".* is located 4 bytes to the right of 10-byte region");
> + close(fd);
> + delete x;
> +}
> +
> +#endif // __linux__
> +
> // This test case fails
> // Clang optimizes memcpy/memset calls which lead to unaligned access
> TEST(AddressSanitizer, DISABLED_MemIntrinsicUnalignedAccessTest) {
>
> Modified: compiler-rt/trunk/lib/msan/msan_interceptors.cc
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan_interceptors.cc?rev=169966&r1=169965&r2=169966&view=diff
> ==============================================================================
> --- compiler-rt/trunk/lib/msan/msan_interceptors.cc (original)
> +++ compiler-rt/trunk/lib/msan/msan_interceptors.cc Wed Dec 12 03:54:35 2012
> @@ -10,6 +10,9 @@
> // This file is a part of MemorySanitizer.
> //
> // Interceptors for standard library functions.
> +//
> +// FIXME: move as many interceptors as possible into
> +// sanitizer_common/sanitizer_common_interceptors.h
> //===----------------------------------------------------------------------===//
>
> #include "interception/interception.h"
>
> Added: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h?rev=169966&view=auto
> ==============================================================================
> --- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h (added)
> +++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h Wed Dec 12 03:54:35 2012
> @@ -0,0 +1,58 @@
> +//===-- sanitizer_common_interceptors.h -------------------------*- C++ -*-===//
> +//
> +// The LLVM Compiler Infrastructure
> +//
> +// This file is distributed under the University of Illinois Open Source
> +// License. See LICENSE.TXT for details.
> +//
> +//===----------------------------------------------------------------------===//
> +//
> +// Common function interceptors for tools like AddressSanitizer,
> +// ThreadSanitizer, MemorySanitizer, etc.
> +//
> +// This file should be included into the tool's interceptor file,
> +// which has to define it's own macros:
> +// COMMON_INTERCEPTOR_ENTER
> +// COMMON_INTERCEPTOR_READ_RANGE
> +// COMMON_INTERCEPTOR_WRITE_RANGE
> +//
> +//===----------------------------------------------------------------------===//
> +#ifndef SANITIZER_COMMON_INTERCEPTORS_H
> +#define SANITIZER_COMMON_INTERCEPTORS_H
> +
> +typedef uptr size_t;
> +typedef sptr ssize_t;
> +typedef u64 off_t;
> +typedef u64 off64_t;
> +
> +INTERCEPTOR(ssize_t, read, int fd, void *ptr, size_t count) {
> + COMMON_INTERCEPTOR_ENTER(read, fd, ptr, count);
> + ssize_t res = REAL(read)(fd, ptr, count);
> + if (res > 0)
> + COMMON_INTERCEPTOR_WRITE_RANGE(ptr, res);
> + return res;
> +}
> +
> +INTERCEPTOR(ssize_t, pread, int fd, void *ptr, size_t count, off_t offset) {
> + COMMON_INTERCEPTOR_ENTER(pread, fd, ptr, count, offset);
> + ssize_t res = REAL(pread)(fd, ptr, count, offset);
> + if (res > 0)
> + COMMON_INTERCEPTOR_WRITE_RANGE(ptr, res);
> + return res;
> +}
> +
> +INTERCEPTOR(ssize_t, pread64, int fd, void *ptr, size_t count, off64_t offset) {
> + COMMON_INTERCEPTOR_ENTER(pread64, fd, ptr, count, offset);
> + ssize_t res = REAL(pread64)(fd, ptr, count, offset);
> + if (res > 0)
> + COMMON_INTERCEPTOR_WRITE_RANGE(ptr, res);
> + return res;
> +}
> +
> +#define SANITIZER_COMMON_INTERCEPTORS_INIT \
> + CHECK(INTERCEPT_FUNCTION(read)); \
> + CHECK(INTERCEPT_FUNCTION(pread)); \
> + CHECK(INTERCEPT_FUNCTION(pread64)) \
> + ;
> +
> +#endif // SANITIZER_COMMON_INTERCEPTORS_H
>
> Modified: compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc?rev=169966&r1=169965&r2=169966&view=diff
> ==============================================================================
> --- compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc (original)
> +++ compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc Wed Dec 12 03:54:35 2012
> @@ -9,6 +9,8 @@
> //
> // This file is a part of ThreadSanitizer (TSan), a race detector.
> //
> +// FIXME: move as many interceptors as possible into
> +// sanitizer_common/sanitizer_common_interceptors.h
> //===----------------------------------------------------------------------===//
>
> #include "sanitizer_common/sanitizer_atomic.h"
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
More information about the llvm-commits
mailing list