[PATCH] Sanitize printf functions

Yury Gribov tetra2005 at gmail.com
Thu Jan 9 00:37:41 PST 2014



================
Comment at: sanitizer_common/sanitizer_common_interceptors.inc:698
@@ +697,3 @@
+    int res = REAL(vname)(str, __VA_ARGS__);                                   \
+    if (res > 0 && common_flags()->check_printf) {                             \
+      COMMON_INTERCEPTOR_WRITE_RANGE(ctx, str, res + 1);                       \
----------------
Evgeniy Stepanov wrote:
> I'd remove check_printf from this condition, otherwise we'd get an MSan regression when check_printf is disabled. Also, these writes don't depend on format string parsing, and are most certainly correct.
> 
> The same goes to other v*printf interceptors.
> 
Note that check_printf is true by default and MSan will still use it's own interceptors for now.

================
Comment at: sanitizer_common/sanitizer_common_interceptors_scanf.inc:11
@@ -11,2 +10,3 @@
+// Scanf/printf implementation for use in *Sanitizer interceptors.
 // Follows http://pubs.opengroup.org/onlinepubs/9699919799/functions/fscanf.html
 // with a few common GNU extensions.
----------------
Evgeniy Stepanov wrote:
> Yury Gribov wrote:
> > Alexander Potapenko wrote:
> > > How about this line? Is there a printf specification we're following?
> > Oh, this is a good one. I've blindly reused scanf parser but it seems that printf format has richer syntax: it has flags and precision + asterisk semantics is different. I'll fix this in next rev.
> Yes, this is kind of scary.
> AFAIK, glibc has a comprehensive set of tests for scanf format string parsing. Jakub Jelinek ran this code on them and found several tricky bugs in the parser. Could you look into doing the same for printf?
> 
> AFAIK, glibc has a comprehensive set of tests for scanf format string parsing.

Are we talking about these:

$ find glibc-master -name tst\* -o -name test\* | grep printf
glibc-master/stdio-common/tst-swprintf.c
glibc-master/stdio-common/test-vfprintf.c
glibc-master/stdio-common/tst-printf-round.c
glibc-master/stdio-common/tst-printf.c
glibc-master/stdio-common/tst-sprintf3.c
glibc-master/stdio-common/tst-printf.sh
glibc-master/stdio-common/tst-sprintf2.c
glibc-master/stdio-common/tst-sprintf.c
glibc-master/stdio-common/tst-obprintf.c
glibc-master/stdio-common/tst-wc-printf.c
glibc-master/stdio-common/tst-printfsz.c

> Could you look into doing the same for printf?

I probably should...



http://llvm-reviews.chandlerc.com/D2480



More information about the llvm-commits mailing list