[PATCH] D17608: [sanitizer] Use res instead of len as a third parameter in COMMON_INTERCEPTOR_WRITE_RANGE in recv and recvfrom interceptors.

Maxim Ostapenko via llvm-commits llvm-commits at lists.llvm.org
Thu Feb 25 07:23:51 PST 2016 

m.ostapenko created this revision.
m.ostapenko added reviewers: kcc, samsonov, dvyukov.
m.ostapenko added subscribers: llvm-commits, ygribov.
m.ostapenko set the repository for this revision to rL LLVM.

We should pass **res** as third parameter to COMMON_INTERCEPTOR_WRITE_RANGE , not **len**, because otherwise we can write to unrelated memory (in MSan) or get wrong report (in ASan);

Repository:
  rL LLVM

http://reviews.llvm.org/D17608

Files:
  lib/sanitizer_common/sanitizer_common_interceptors.inc
  test/asan/TestCases/Linux/recvfrom.cc

Index: test/asan/TestCases/Linux/recvfrom.cc
===================================================================
--- test/asan/TestCases/Linux/recvfrom.cc
+++ test/asan/TestCases/Linux/recvfrom.cc
@@ -33,7 +33,7 @@
     fprintf(stderr, "ERROR on binding\n");
 
   recvfrom(sockfd, buf, kBufSize, 0, NULL, NULL); // BOOM
-  // CHECK: {{WRITE of size 10 at 0x.* thread T1}}
+  // CHECK: {{WRITE of size 9 at 0x.* thread T1}}
   // CHECK: {{    #1 0x.* in server_thread_udp.*recvfrom.cc:}}[[@LINE-2]]
   // CHECK: {{Address 0x.* is located in stack of thread T1 at offset}}
   // CHECK-NEXT: in{{.*}}server_thread_udp{{.*}}recvfrom.cc
Index: lib/sanitizer_common/sanitizer_common_interceptors.inc
===================================================================
--- lib/sanitizer_common/sanitizer_common_interceptors.inc
+++ lib/sanitizer_common/sanitizer_common_interceptors.inc
@@ -5340,7 +5340,7 @@
   COMMON_INTERCEPTOR_FD_ACCESS(ctx, fd);
   SSIZE_T res = REAL(recv)(fd, buf, len, flags);
   if (res > 0) {
-    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, len);
+    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, res);
   }
   if (res >= 0 && fd >= 0) COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd);
   return res;
@@ -5356,7 +5356,7 @@
   if (srcaddr) srcaddr_sz = *addrlen;
   SSIZE_T res = REAL(recvfrom)(fd, buf, len, flags, srcaddr, addrlen);
   if (res > 0) {
-    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, len);
+    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, res);
     if (srcaddr)
       COMMON_INTERCEPTOR_INITIALIZE_RANGE(srcaddr,
                                           Min((SIZE_T)*addrlen, srcaddr_sz));


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D17608.49059.patch
Type: text/x-patch
Size: 1608 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160225/a795fb6c/attachment.bin>

More information about the llvm-commits mailing list