[compiler-rt] r184546 - [ASan] reimplement strdup() interceptor to get nicer stack traces for memory chunks allocated there

Fri Jun 21 07:41:59 PDT 2013

Author: samsonov
Date: Fri Jun 21 09:41:59 2013
New Revision: 184546

URL: http://llvm.org/viewvc/llvm-project?rev=184546&view=rev
Log:
[ASan] reimplement strdup() interceptor to get nicer stack traces for memory chunks allocated there

Added:
    compiler-rt/trunk/lib/asan/lit_tests/TestCases/strdup_oob_test.cc
Modified:
    compiler-rt/trunk/lib/asan/asan_interceptors.cc

Modified: compiler-rt/trunk/lib/asan/asan_interceptors.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_interceptors.cc?rev=184546&r1=184545&r2=184546&view=diff
==============================================================================

--- compiler-rt/trunk/lib/asan/asan_interceptors.cc (original)
+++ compiler-rt/trunk/lib/asan/asan_interceptors.cc Fri Jun 21 09:41:59 2013
@@ -461,21 +461,16 @@ INTERCEPTOR(char*, strcpy, char *to, con
 
 #if ASAN_INTERCEPT_STRDUP
 INTERCEPTOR(char*, strdup, const char *s) {
-#if SANITIZER_MAC
-  // FIXME: because internal_strdup() uses InternalAlloc(), which currently
-  // just calls malloc() on Mac, we can't use internal_strdup() with the
-  // dynamic runtime. We can remove the call to REAL(strdup) once InternalAlloc
-  // starts using mmap() instead.
-  // See also http://code.google.com/p/address-sanitizer/issues/detail?id=123.
-  if (!asan_inited) return REAL(strdup)(s);
-#endif
   if (!asan_inited) return internal_strdup(s);
   ENSURE_ASAN_INITED();
+  uptr length = REAL(strlen)(s);
   if (flags()->replace_str) {
-    uptr length = REAL(strlen)(s);
     ASAN_READ_RANGE(s, length + 1);
   }
-  return REAL(strdup)(s);
+  GET_STACK_TRACE_MALLOC;
+  void *new_mem = asan_malloc(length + 1, &stack);
+  REAL(memcpy)(new_mem, s, length + 1);
+  return reinterpret_cast<char*>(new_mem);
 }
 #endif
 

Added: compiler-rt/trunk/lib/asan/lit_tests/TestCases/strdup_oob_test.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/lit_tests/TestCases/strdup_oob_test.cc?rev=184546&view=auto
==============================================================================
--- compiler-rt/trunk/lib/asan/lit_tests/TestCases/strdup_oob_test.cc (added)
+++ compiler-rt/trunk/lib/asan/lit_tests/TestCases/strdup_oob_test.cc Fri Jun 21 09:41:59 2013
@@ -0,0 +1,19 @@
+// RUN: %clangxx_asan -O0 %s -o %t && %t 2>&1 | %symbolize | FileCheck %s
+// RUN: %clangxx_asan -O1 %s -o %t && %t 2>&1 | %symbolize | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && %t 2>&1 | %symbolize | FileCheck %s
+// RUN: %clangxx_asan -O3 %s -o %t && %t 2>&1 | %symbolize | FileCheck %s
+
+#include <string.h>
+
+char kString[] = "foo";
+
+int main(int argc, char **argv) {
+  char *copy = strdup(kString);
+  int x = copy[4 + argc];  // BOOM
+  // CHECK: AddressSanitizer: heap-buffer-overflow
+  // CHECK: #0 {{.*}}main {{.*}}strdup_oob_test.cc:[[@LINE-2]]
+  // CHECK: allocated by thread T{{.*}} here:
+  // CHECK: #0 {{.*}}strdup
+  // CHECK: strdup_oob_test.cc:[[@LINE-6]]
+  return x;
+}



