[llvm-commits] [compiler-rt] r169966 - in /compiler-rt/trunk/lib: asan/asan_interceptors.cc asan/tests/asan_test.cc msan/msan_interceptors.cc sanitizer_common/sanitizer_common_interceptors.h tsan/rtl/tsan_interceptors.cc

Sean Silva silvas at purdue.edu
Wed Dec 12 14:52:26 PST 2012


Sorry for the delay in testing this. It fixed the issue for me. Now I
get what I expected:

sean:~/pg/streams % ./First.cpp First.o
Opening 'First.o'
ELF magic is valid
ELF class is ELF64
=================================================================
==22653== ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fffae4aa4df at pc 0x407110 bp 0x7fffae4aa2b0 sp 0x7fffae4aa280
WRITE of size 1 at 0x7fffae4aa4df thread T0
    #0 0x40710f (/home/sean/pg/streams/a.out+0x40710f)
    #1 0x414997 (/home/sean/pg/streams/a.out+0x414997)
    #2 0x7f61b790876c (/lib/x86_64-linux-gnu/libc-2.15.so+0x2176c)
Address 0x7fffae4aa4df is located at offset 351 in frame <main> of T0's stack:
  This frame has 7 object(s):
    [32, 36) ''
    [96, 100) ''
    [160, 168) ''
    [224, 228) 'fd'
    [288, 304) 'e_ident'
    [352, 356) 'bits'
    [416, 480) 'hdr'
HINT: this may be a false positive if your program uses some custom
stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
Shadow byte and word:
  0x1ffff5c9549b: f2
  0x1ffff5c95498: f2 f2 f2 f2 04 f4 f4 f4
More shadow bytes:
  0x1ffff5c95478: f2 f2 f2 f2 04 f4 f4 f4
  0x1ffff5c95480: f2 f2 f2 f2 00 f4 f4 f4
  0x1ffff5c95488: f2 f2 f2 f2 04 f4 f4 f4
  0x1ffff5c95490: f2 f2 f2 f2 00 00 f4 f4
=>0x1ffff5c95498: f2 f2 f2 f2 04 f4 f4 f4
  0x1ffff5c954a0: f2 f2 f2 f2 00 00 00 00
  0x1ffff5c954a8: 00 00 00 00 f3 f3 f3 f3
  0x1ffff5c954b0: 00 00 00 00 00 00 00 00
  0x1ffff5c954b8: 00 00 00 00 00 00 00 00
Stats: 0M malloced (0M for red zones) by 0 calls
Stats: 0M realloced by 0 calls
Stats: 0M freed by 0 calls
Stats: 0M really freed by 0 calls
Stats: 0M (0 full pages) mmaped in 0 calls
  mmaps   by size class:
  mallocs by size class:
  frees   by size class:
  rfrees  by size class:
Stats: malloc large: 0 small slow: 0
==22653== ABORTING

On Wed, Dec 12, 2012 at 4:54 AM, Kostya Serebryany <kcc at google.com> wrote:
> Author: kcc
> Date: Wed Dec 12 03:54:35 2012
> New Revision: 169966
>
> URL: http://llvm.org/viewvc/llvm-project?rev=169966&view=rev
> Log:
> [asan] add sanitizer_common/sanitizer_common_interceptors.h with pread/pread64/read interceptors. Use it in asan. Add asan tests for pread/etc. Add FIXME to tsan/msan interceptors
>
> Added:
>     compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h
> Modified:
>     compiler-rt/trunk/lib/asan/asan_interceptors.cc
>     compiler-rt/trunk/lib/asan/tests/asan_test.cc
>     compiler-rt/trunk/lib/msan/msan_interceptors.cc
>     compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc
>
> Modified: compiler-rt/trunk/lib/asan/asan_interceptors.cc
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_interceptors.cc?rev=169966&r1=169965&r2=169966&view=diff
> ==============================================================================
> --- compiler-rt/trunk/lib/asan/asan_interceptors.cc (original)
> +++ compiler-rt/trunk/lib/asan/asan_interceptors.cc Wed Dec 12 03:54:35 2012
> @@ -46,9 +46,9 @@
>  // checking the first and the last byte of a range.
>  #define ACCESS_MEMORY_RANGE(offset, size, isWrite) do { \
>    if (size > 0) { \
> -    uptr ptr = (uptr)(offset); \
> -    ACCESS_ADDRESS(ptr, isWrite); \
> -    ACCESS_ADDRESS(ptr + (size) - 1, isWrite); \
> +    uptr _ptr = (uptr)(offset); \
> +    ACCESS_ADDRESS(_ptr, isWrite); \
> +    ACCESS_ADDRESS(_ptr + (size) - 1, isWrite); \
>    } \
>  } while (0)
>
> @@ -98,6 +98,11 @@
>  // ---------------------- Wrappers ---------------- {{{1
>  using namespace __asan;  // NOLINT
>
> +#define COMMON_INTERCEPTOR_WRITE_RANGE(ptr, size) ASAN_WRITE_RANGE(ptr, size)
> +#define COMMON_INTERCEPTOR_READ_RANGE(ptr, size) ASAN_READ_RANGE(ptr, size)
> +#define COMMON_INTERCEPTOR_ENTER(func, ...) ENSURE_ASAN_INITED()
> +#include "sanitizer_common/sanitizer_common_interceptors.h"
> +
>  static thread_return_t THREAD_CALLING_CONV asan_thread_start(void *arg) {
>    AsanThread *t = (AsanThread*)arg;
>    asanThreadRegistry().SetCurrent(t);
> @@ -667,6 +672,9 @@
>  #if MAC_INTERPOSE_FUNCTIONS
>    return;
>  #endif
> +
> +  SANITIZER_COMMON_INTERCEPTORS_INIT;
> +
>    // Intercept mem* functions.
>    ASAN_INTERCEPT_FUNC(memcmp);
>    ASAN_INTERCEPT_FUNC(memmove);
>
> Modified: compiler-rt/trunk/lib/asan/tests/asan_test.cc
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/tests/asan_test.cc?rev=169966&r1=169965&r2=169966&view=diff
> ==============================================================================
> --- compiler-rt/trunk/lib/asan/tests/asan_test.cc (original)
> +++ compiler-rt/trunk/lib/asan/tests/asan_test.cc Wed Dec 12 03:54:35 2012
> @@ -22,6 +22,9 @@
>
>  #ifdef __linux__
>  # include <sys/prctl.h>
> +# include <sys/types.h>
> +# include <sys/stat.h>
> +# include <fcntl.h>
>  #endif
>
>  #if defined(__i386__) || defined(__x86_64__)
> @@ -1563,6 +1566,45 @@
>    CallMemTransferByPointer(&memmove);
>  }
>
> +#ifdef __linux__
> +TEST(AddressSanitizer, pread) {
> +  char *x = new char [10];
> +  int fd = open("/proc/self/stat", O_RDONLY);
> +  ASSERT_GT(fd, 0);
> +  EXPECT_DEATH(pread(fd, x, 15, 0),
> +               ASAN_PCRE_DOTALL
> +               "AddressSanitizer: heap-buffer-overflow"
> +               ".* is located 4 bytes to the right of 10-byte region");
> +  close(fd);
> +  delete x;
> +}
> +
> +TEST(AddressSanitizer, pread64) {
> +  char *x = new char [10];
> +  int fd = open("/proc/self/stat", O_RDONLY);
> +  ASSERT_GT(fd, 0);
> +  EXPECT_DEATH(pread64(fd, x, 15, 0),
> +               ASAN_PCRE_DOTALL
> +               "AddressSanitizer: heap-buffer-overflow"
> +               ".* is located 4 bytes to the right of 10-byte region");
> +  close(fd);
> +  delete x;
> +}
> +
> +TEST(AddressSanitizer, read) {
> +  char *x = new char [10];
> +  int fd = open("/proc/self/stat", O_RDONLY);
> +  ASSERT_GT(fd, 0);
> +  EXPECT_DEATH(read(fd, x, 15),
> +               ASAN_PCRE_DOTALL
> +               "AddressSanitizer: heap-buffer-overflow"
> +               ".* is located 4 bytes to the right of 10-byte region");
> +  close(fd);
> +  delete x;
> +}
> +
> +#endif  // __linux__
> +
>  // This test case fails
>  // Clang optimizes memcpy/memset calls which lead to unaligned access
>  TEST(AddressSanitizer, DISABLED_MemIntrinsicUnalignedAccessTest) {
>
> Modified: compiler-rt/trunk/lib/msan/msan_interceptors.cc
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan_interceptors.cc?rev=169966&r1=169965&r2=169966&view=diff
> ==============================================================================
> --- compiler-rt/trunk/lib/msan/msan_interceptors.cc (original)
> +++ compiler-rt/trunk/lib/msan/msan_interceptors.cc Wed Dec 12 03:54:35 2012
> @@ -10,6 +10,9 @@
>  // This file is a part of MemorySanitizer.
>  //
>  // Interceptors for standard library functions.
> +//
> +// FIXME: move as many interceptors as possible into
> +// sanitizer_common/sanitizer_common_interceptors.h
>  //===----------------------------------------------------------------------===//
>
>  #include "interception/interception.h"
>
> Added: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h?rev=169966&view=auto
> ==============================================================================
> --- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h (added)
> +++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h Wed Dec 12 03:54:35 2012
> @@ -0,0 +1,58 @@
> +//===-- sanitizer_common_interceptors.h -------------------------*- C++ -*-===//
> +//
> +//                     The LLVM Compiler Infrastructure
> +//
> +// This file is distributed under the University of Illinois Open Source
> +// License. See LICENSE.TXT for details.
> +//
> +//===----------------------------------------------------------------------===//
> +//
> +// Common function interceptors for tools like AddressSanitizer,
> +// ThreadSanitizer, MemorySanitizer, etc.
> +//
> +// This file should be included into the tool's interceptor file,
> +// which has to define it's own macros:
> +//   COMMON_INTERCEPTOR_ENTER
> +//   COMMON_INTERCEPTOR_READ_RANGE
> +//   COMMON_INTERCEPTOR_WRITE_RANGE
> +//
> +//===----------------------------------------------------------------------===//
> +#ifndef SANITIZER_COMMON_INTERCEPTORS_H
> +#define SANITIZER_COMMON_INTERCEPTORS_H
> +
> +typedef uptr size_t;
> +typedef sptr ssize_t;
> +typedef u64  off_t;
> +typedef u64  off64_t;
> +
> +INTERCEPTOR(ssize_t, read, int fd, void *ptr, size_t count) {
> +  COMMON_INTERCEPTOR_ENTER(read, fd, ptr, count);
> +  ssize_t res = REAL(read)(fd, ptr, count);
> +  if (res > 0)
> +    COMMON_INTERCEPTOR_WRITE_RANGE(ptr, res);
> +  return res;
> +}
> +
> +INTERCEPTOR(ssize_t, pread, int fd, void *ptr, size_t count, off_t offset) {
> +  COMMON_INTERCEPTOR_ENTER(pread, fd, ptr, count, offset);
> +  ssize_t res = REAL(pread)(fd, ptr, count, offset);
> +  if (res > 0)
> +    COMMON_INTERCEPTOR_WRITE_RANGE(ptr, res);
> +  return res;
> +}
> +
> +INTERCEPTOR(ssize_t, pread64, int fd, void *ptr, size_t count, off64_t offset) {
> +  COMMON_INTERCEPTOR_ENTER(pread64, fd, ptr, count, offset);
> +  ssize_t res = REAL(pread64)(fd, ptr, count, offset);
> +  if (res > 0)
> +    COMMON_INTERCEPTOR_WRITE_RANGE(ptr, res);
> +  return res;
> +}
> +
> +#define SANITIZER_COMMON_INTERCEPTORS_INIT \
> +  CHECK(INTERCEPT_FUNCTION(read));         \
> +  CHECK(INTERCEPT_FUNCTION(pread));        \
> +  CHECK(INTERCEPT_FUNCTION(pread64))       \
> +  ;
> +
> +#endif  // SANITIZER_COMMON_INTERCEPTORS_H
>
> Modified: compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc
> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc?rev=169966&r1=169965&r2=169966&view=diff
> ==============================================================================
> --- compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc (original)
> +++ compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc Wed Dec 12 03:54:35 2012
> @@ -9,6 +9,8 @@
>  //
>  // This file is a part of ThreadSanitizer (TSan), a race detector.
>  //
> +// FIXME: move as many interceptors as possible into
> +// sanitizer_common/sanitizer_common_interceptors.h
>  //===----------------------------------------------------------------------===//
>
>  #include "sanitizer_common/sanitizer_atomic.h"
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits



More information about the llvm-commits mailing list