[compiler-rt] r199895 - [Sanitizer] Fix false positive in printf interceptors: properly handle precision for %s

[Alexey Samsonov]

Author: samsonov
Date: Thu Jan 23 08:35:28 2014
New Revision: 199895

URL: http://llvm.org/viewvc/llvm-project?rev=199895&view=rev
Log:
[Sanitizer] Fix false positive in printf interceptors: properly handle precision for %s

Modified:
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors_format.inc
    compiler-rt/trunk/lib/sanitizer_common/tests/sanitizer_format_interceptor_test.cc

Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors_format.inc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors_format.inc?rev=199895&r1=199894&r2=199895&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors_format.inc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors_format.inc Thu Jan 23 08:35:28 2014
@@ -381,7 +381,8 @@ static const char *maybe_parse_number_or
 // Parse printf format string. Same as scanf_parse_next.
 static const char *printf_parse_next(const char *p, PrintfDirective *dir) {
   internal_memset(dir, 0, sizeof(*dir));
-  dir->argIdx = dir->precisionIdx = -1;
+  dir->argIdx = -1;
+  dir->precisionIdx = -1;
 
   while (*p) {
     if (*p != '%') {
@@ -526,7 +527,17 @@ static void printf_common(void *ctx, con
       continue;
     } else if (size == FSS_STRLEN) {
       if (void *argp = va_arg(aq, void *)) {
-        size = internal_strlen((const char *)argp) + 1;
+        if (dir.starredPrecision) {
+          // FIXME: properly support starred precision for strings.
+          size = 0;
+        } else if (dir.fieldPrecision > 0) {
+          // Won't read more than "precision" symbols.
+          size = internal_strnlen((const char *)argp, dir.fieldPrecision);
+          if (size < dir.fieldPrecision) size++;
+        } else {
+          // Whole string will be accessed.
+          size = internal_strlen((const char *)argp) + 1;
+        }
         COMMON_INTERCEPTOR_READ_RANGE(ctx, argp, size);
       }
     } else {

Modified: compiler-rt/trunk/lib/sanitizer_common/tests/sanitizer_format_interceptor_test.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/tests/sanitizer_format_interceptor_test.cc?rev=199895&r1=199894&r2=199895&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/tests/sanitizer_format_interceptor_test.cc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/tests/sanitizer_format_interceptor_test.cc Thu Jan 23 08:35:28 2014
@@ -238,8 +238,13 @@ TEST(SanitizerCommonInterceptors, Printf
 
   // Precision
   testPrintf("%10.10n", 1, I);
+  testPrintf("%.3s", 1, 3);
+  testPrintf("%.20s", 1, test_buf_size);
 
   // Dynamic precision
   testPrintf("%.*n", 1, I);
   testPrintf("%10.*n", 1, I);
+
+  // Dynamic precision for strings is not implemented yet.
+  testPrintf("%.*s", 1, 0);
 }