[llvm-commits] [compiler-rt] r169966 - in /compiler-rt/trunk/lib: asan/asan_interceptors.cc asan/tests/asan_test.cc msan/msan_interceptors.cc sanitizer_common/sanitizer_common_interceptors.h tsan/rtl/tsan_interceptors.cc
Kostya Serebryany
kcc at google.com
Wed Dec 12 20:47:04 PST 2012
Thanks!
On Thu, Dec 13, 2012 at 2:52 AM, Sean Silva <silvas at purdue.edu> wrote:
> Sorry for the delay in testing this. It fixed the issue for me. Now I
> get what I expected:
>
> sean:~/pg/streams % ./First.cpp First.o
> Opening 'First.o'
> ELF magic is valid
> ELF class is ELF64
> =================================================================
> ==22653== ERROR: AddressSanitizer: stack-buffer-overflow on address
> 0x7fffae4aa4df at pc 0x407110 bp 0x7fffae4aa2b0 sp 0x7fffae4aa280
> WRITE of size 1 at 0x7fffae4aa4df thread T0
> #0 0x40710f (/home/sean/pg/streams/a.out+0x40710f)
> #1 0x414997 (/home/sean/pg/streams/a.out+0x414997)
> #2 0x7f61b790876c (/lib/x86_64-linux-gnu/libc-2.15.so+0x2176c)
> Address 0x7fffae4aa4df is located at offset 351 in frame <main> of T0's
> stack:
> This frame has 7 object(s):
> [32, 36) ''
> [96, 100) ''
> [160, 168) ''
> [224, 228) 'fd'
> [288, 304) 'e_ident'
> [352, 356) 'bits'
> [416, 480) 'hdr'
> HINT: this may be a false positive if your program uses some custom
> stack unwind mechanism or swapcontext
> (longjmp and C++ exceptions *are* supported)
> Shadow byte and word:
> 0x1ffff5c9549b: f2
> 0x1ffff5c95498: f2 f2 f2 f2 04 f4 f4 f4
> More shadow bytes:
> 0x1ffff5c95478: f2 f2 f2 f2 04 f4 f4 f4
> 0x1ffff5c95480: f2 f2 f2 f2 00 f4 f4 f4
> 0x1ffff5c95488: f2 f2 f2 f2 04 f4 f4 f4
> 0x1ffff5c95490: f2 f2 f2 f2 00 00 f4 f4
> =>0x1ffff5c95498: f2 f2 f2 f2 04 f4 f4 f4
> 0x1ffff5c954a0: f2 f2 f2 f2 00 00 00 00
> 0x1ffff5c954a8: 00 00 00 00 f3 f3 f3 f3
> 0x1ffff5c954b0: 00 00 00 00 00 00 00 00
> 0x1ffff5c954b8: 00 00 00 00 00 00 00 00
> Stats: 0M malloced (0M for red zones) by 0 calls
> Stats: 0M realloced by 0 calls
> Stats: 0M freed by 0 calls
> Stats: 0M really freed by 0 calls
> Stats: 0M (0 full pages) mmaped in 0 calls
> mmaps by size class:
> mallocs by size class:
> frees by size class:
> rfrees by size class:
> Stats: malloc large: 0 small slow: 0
> ==22653== ABORTING
>
> On Wed, Dec 12, 2012 at 4:54 AM, Kostya Serebryany <kcc at google.com> wrote:
> > Author: kcc
> > Date: Wed Dec 12 03:54:35 2012
> > New Revision: 169966
> >
> > URL: http://llvm.org/viewvc/llvm-project?rev=169966&view=rev
> > Log:
> > [asan] add sanitizer_common/sanitizer_common_interceptors.h with
> pread/pread64/read interceptors. Use it in asan. Add asan tests for
> pread/etc. Add FIXME to tsan/msan interceptors
> >
> > Added:
> >
> compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h
> > Modified:
> > compiler-rt/trunk/lib/asan/asan_interceptors.cc
> > compiler-rt/trunk/lib/asan/tests/asan_test.cc
> > compiler-rt/trunk/lib/msan/msan_interceptors.cc
> > compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc
> >
> > Modified: compiler-rt/trunk/lib/asan/asan_interceptors.cc
> > URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_interceptors.cc?rev=169966&r1=169965&r2=169966&view=diff
> >
> ==============================================================================
> > --- compiler-rt/trunk/lib/asan/asan_interceptors.cc (original)
> > +++ compiler-rt/trunk/lib/asan/asan_interceptors.cc Wed Dec 12 03:54:35
> 2012
> > @@ -46,9 +46,9 @@
> > // checking the first and the last byte of a range.
> > #define ACCESS_MEMORY_RANGE(offset, size, isWrite) do { \
> > if (size > 0) { \
> > - uptr ptr = (uptr)(offset); \
> > - ACCESS_ADDRESS(ptr, isWrite); \
> > - ACCESS_ADDRESS(ptr + (size) - 1, isWrite); \
> > + uptr _ptr = (uptr)(offset); \
> > + ACCESS_ADDRESS(_ptr, isWrite); \
> > + ACCESS_ADDRESS(_ptr + (size) - 1, isWrite); \
> > } \
> > } while (0)
> >
> > @@ -98,6 +98,11 @@
> > // ---------------------- Wrappers ---------------- {{{1
> > using namespace __asan; // NOLINT
> >
> > +#define COMMON_INTERCEPTOR_WRITE_RANGE(ptr, size) ASAN_WRITE_RANGE(ptr,
> size)
> > +#define COMMON_INTERCEPTOR_READ_RANGE(ptr, size) ASAN_READ_RANGE(ptr,
> size)
> > +#define COMMON_INTERCEPTOR_ENTER(func, ...) ENSURE_ASAN_INITED()
> > +#include "sanitizer_common/sanitizer_common_interceptors.h"
> > +
> > static thread_return_t THREAD_CALLING_CONV asan_thread_start(void *arg)
> {
> > AsanThread *t = (AsanThread*)arg;
> > asanThreadRegistry().SetCurrent(t);
> > @@ -667,6 +672,9 @@
> > #if MAC_INTERPOSE_FUNCTIONS
> > return;
> > #endif
> > +
> > + SANITIZER_COMMON_INTERCEPTORS_INIT;
> > +
> > // Intercept mem* functions.
> > ASAN_INTERCEPT_FUNC(memcmp);
> > ASAN_INTERCEPT_FUNC(memmove);
> >
> > Modified: compiler-rt/trunk/lib/asan/tests/asan_test.cc
> > URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/tests/asan_test.cc?rev=169966&r1=169965&r2=169966&view=diff
> >
> ==============================================================================
> > --- compiler-rt/trunk/lib/asan/tests/asan_test.cc (original)
> > +++ compiler-rt/trunk/lib/asan/tests/asan_test.cc Wed Dec 12 03:54:35
> 2012
> > @@ -22,6 +22,9 @@
> >
> > #ifdef __linux__
> > # include <sys/prctl.h>
> > +# include <sys/types.h>
> > +# include <sys/stat.h>
> > +# include <fcntl.h>
> > #endif
> >
> > #if defined(__i386__) || defined(__x86_64__)
> > @@ -1563,6 +1566,45 @@
> > CallMemTransferByPointer(&memmove);
> > }
> >
> > +#ifdef __linux__
> > +TEST(AddressSanitizer, pread) {
> > + char *x = new char [10];
> > + int fd = open("/proc/self/stat", O_RDONLY);
> > + ASSERT_GT(fd, 0);
> > + EXPECT_DEATH(pread(fd, x, 15, 0),
> > + ASAN_PCRE_DOTALL
> > + "AddressSanitizer: heap-buffer-overflow"
> > + ".* is located 4 bytes to the right of 10-byte region");
> > + close(fd);
> > + delete x;
> > +}
> > +
> > +TEST(AddressSanitizer, pread64) {
> > + char *x = new char [10];
> > + int fd = open("/proc/self/stat", O_RDONLY);
> > + ASSERT_GT(fd, 0);
> > + EXPECT_DEATH(pread64(fd, x, 15, 0),
> > + ASAN_PCRE_DOTALL
> > + "AddressSanitizer: heap-buffer-overflow"
> > + ".* is located 4 bytes to the right of 10-byte region");
> > + close(fd);
> > + delete x;
> > +}
> > +
> > +TEST(AddressSanitizer, read) {
> > + char *x = new char [10];
> > + int fd = open("/proc/self/stat", O_RDONLY);
> > + ASSERT_GT(fd, 0);
> > + EXPECT_DEATH(read(fd, x, 15),
> > + ASAN_PCRE_DOTALL
> > + "AddressSanitizer: heap-buffer-overflow"
> > + ".* is located 4 bytes to the right of 10-byte region");
> > + close(fd);
> > + delete x;
> > +}
> > +
> > +#endif // __linux__
> > +
> > // This test case fails
> > // Clang optimizes memcpy/memset calls which lead to unaligned access
> > TEST(AddressSanitizer, DISABLED_MemIntrinsicUnalignedAccessTest) {
> >
> > Modified: compiler-rt/trunk/lib/msan/msan_interceptors.cc
> > URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan_interceptors.cc?rev=169966&r1=169965&r2=169966&view=diff
> >
> ==============================================================================
> > --- compiler-rt/trunk/lib/msan/msan_interceptors.cc (original)
> > +++ compiler-rt/trunk/lib/msan/msan_interceptors.cc Wed Dec 12 03:54:35
> 2012
> > @@ -10,6 +10,9 @@
> > // This file is a part of MemorySanitizer.
> > //
> > // Interceptors for standard library functions.
> > +//
> > +// FIXME: move as many interceptors as possible into
> > +// sanitizer_common/sanitizer_common_interceptors.h
> >
> //===----------------------------------------------------------------------===//
> >
> > #include "interception/interception.h"
> >
> > Added:
> compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h
> > URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h?rev=169966&view=auto
> >
> ==============================================================================
> > ---
> compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h
> (added)
> > +++
> compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.h Wed
> Dec 12 03:54:35 2012
> > @@ -0,0 +1,58 @@
> > +//===-- sanitizer_common_interceptors.h -------------------------*- C++
> -*-===//
> > +//
> > +// The LLVM Compiler Infrastructure
> > +//
> > +// This file is distributed under the University of Illinois Open Source
> > +// License. See LICENSE.TXT for details.
> > +//
> >
> +//===----------------------------------------------------------------------===//
> > +//
> > +// Common function interceptors for tools like AddressSanitizer,
> > +// ThreadSanitizer, MemorySanitizer, etc.
> > +//
> > +// This file should be included into the tool's interceptor file,
> > +// which has to define it's own macros:
> > +// COMMON_INTERCEPTOR_ENTER
> > +// COMMON_INTERCEPTOR_READ_RANGE
> > +// COMMON_INTERCEPTOR_WRITE_RANGE
> > +//
> >
> +//===----------------------------------------------------------------------===//
> > +#ifndef SANITIZER_COMMON_INTERCEPTORS_H
> > +#define SANITIZER_COMMON_INTERCEPTORS_H
> > +
> > +typedef uptr size_t;
> > +typedef sptr ssize_t;
> > +typedef u64 off_t;
> > +typedef u64 off64_t;
> > +
> > +INTERCEPTOR(ssize_t, read, int fd, void *ptr, size_t count) {
> > + COMMON_INTERCEPTOR_ENTER(read, fd, ptr, count);
> > + ssize_t res = REAL(read)(fd, ptr, count);
> > + if (res > 0)
> > + COMMON_INTERCEPTOR_WRITE_RANGE(ptr, res);
> > + return res;
> > +}
> > +
> > +INTERCEPTOR(ssize_t, pread, int fd, void *ptr, size_t count, off_t
> offset) {
> > + COMMON_INTERCEPTOR_ENTER(pread, fd, ptr, count, offset);
> > + ssize_t res = REAL(pread)(fd, ptr, count, offset);
> > + if (res > 0)
> > + COMMON_INTERCEPTOR_WRITE_RANGE(ptr, res);
> > + return res;
> > +}
> > +
> > +INTERCEPTOR(ssize_t, pread64, int fd, void *ptr, size_t count, off64_t
> offset) {
> > + COMMON_INTERCEPTOR_ENTER(pread64, fd, ptr, count, offset);
> > + ssize_t res = REAL(pread64)(fd, ptr, count, offset);
> > + if (res > 0)
> > + COMMON_INTERCEPTOR_WRITE_RANGE(ptr, res);
> > + return res;
> > +}
> > +
> > +#define SANITIZER_COMMON_INTERCEPTORS_INIT \
> > + CHECK(INTERCEPT_FUNCTION(read)); \
> > + CHECK(INTERCEPT_FUNCTION(pread)); \
> > + CHECK(INTERCEPT_FUNCTION(pread64)) \
> > + ;
> > +
> > +#endif // SANITIZER_COMMON_INTERCEPTORS_H
> >
> > Modified: compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc
> > URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc?rev=169966&r1=169965&r2=169966&view=diff
> >
> ==============================================================================
> > --- compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc (original)
> > +++ compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc Wed Dec 12
> 03:54:35 2012
> > @@ -9,6 +9,8 @@
> > //
> > // This file is a part of ThreadSanitizer (TSan), a race detector.
> > //
> > +// FIXME: move as many interceptors as possible into
> > +// sanitizer_common/sanitizer_common_interceptors.h
> >
> //===----------------------------------------------------------------------===//
> >
> > #include "sanitizer_common/sanitizer_atomic.h"
> >
> >
> > _______________________________________________
> > llvm-commits mailing list
> > llvm-commits at cs.uiuc.edu
> > http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20121213/2dea4fbb/attachment.html>
More information about the llvm-commits
mailing list