[compiler-rt] r269749 - [asan] Don't raise false alarm to recv/recvfrom when MSG_TRUNC is present.

Maxim Ostapenko via llvm-commits llvm-commits at lists.llvm.org
Tue May 17 00:38:27 PDT 2016 

Author: chefmax
Date: Tue May 17 02:38:27 2016
New Revision: 269749

URL: http://llvm.org/viewvc/llvm-project?rev=269749&view=rev
Log:
[asan] Don't raise false alarm to recv/recvfrom when MSG_TRUNC is present.

Fix https://llvm.org/bugs/show_bug.cgi?id=27673.

Currenty ASan checks the return value of real recv/recvfrom to see if the written bytes fit in the buffer. That works fine most of time.
However, there is an exception: (from the RECV(2) man page)

MSG_TRUNC (since Linux 2.2)
    ... return the real length of the packet or datagram, even when it was longer than the passed buffer. ...

Some programs combine MSG_TRUNC, MSG_PEEK and a single-byte buffer to peek the incoming data size without reading (much of) them. In this case,
the return value is usually longer than what's been written and ASan raises a false alarm here. To avoid such false positive reports,
we can use min(res, len) in COMMON_INTERCEPTOR_WRITE_RANGE checks.

Differential Revision: http://reviews.llvm.org/D20280

Added:
    compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc
Modified:
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc

Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc?rev=269749&r1=269748&r2=269749&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc Tue May 17 02:38:27 2016
@@ -5498,7 +5498,7 @@ INTERCEPTOR(SSIZE_T, recv, int fd, void
   COMMON_INTERCEPTOR_FD_ACCESS(ctx, fd);
   SSIZE_T res = REAL(recv)(fd, buf, len, flags);
   if (res > 0) {
-    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, res);
+    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, Min((SIZE_T)res, len));
   }
   if (res >= 0 && fd >= 0) COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd);
   return res;
@@ -5515,7 +5515,7 @@ INTERCEPTOR(SSIZE_T, recvfrom, int fd, v
   (void)srcaddr_sz;  // prevent "set but not used" warning
   SSIZE_T res = REAL(recvfrom)(fd, buf, len, flags, srcaddr, addrlen);
   if (res > 0) {
-    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, res);
+    COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, Min((SIZE_T)res, len));
     if (srcaddr)
       COMMON_INTERCEPTOR_INITIALIZE_RANGE(srcaddr,
                                           Min((SIZE_T)*addrlen, srcaddr_sz));

Added: compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc?rev=269749&view=auto
==============================================================================
--- compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc (added)
+++ compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/recv_msg_trunc.cc Tue May 17 02:38:27 2016
@@ -0,0 +1,36 @@
+// Test that ASan doesn't raise false alarm when MSG_TRUNC is present.
+//
+// RUN: %clangxx %s -o %t && %run %t 2>&1
+//
+// UNSUPPORTED: android
+
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <assert.h>
+
+int main() {
+  int fd_0 = socket(AF_INET, SOCK_DGRAM, 0);
+  int fd_1 = socket(AF_INET, SOCK_DGRAM, 0);
+  struct sockaddr_in sin;
+  socklen_t len = sizeof(sin);
+  char *buf = (char *)malloc(1);
+
+  sin.sin_family = AF_INET;
+  // Choose a random port to bind.
+  sin.sin_port = 0;
+  sin.sin_addr.s_addr = INADDR_ANY;
+
+  assert(bind(fd_1, (struct sockaddr *)&sin, sizeof(sin)) == 0);
+  // Get the address and port binded.
+  assert(getsockname(fd_1, (struct sockaddr *)&sin, &len) == 0);
+  assert(sendto(fd_0, "hello", strlen("hello"), MSG_DONTWAIT,
+                (struct sockaddr *)&sin, sizeof(sin)) != -1);
+  assert(recv(fd_1, buf, 1, MSG_TRUNC) != -1);
+  free(buf);
+
+  return 0;
+}
+

More information about the llvm-commits mailing list