[PATCH] D30384: [asan] Add an interceptor for strtok
Manuel Rigger via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Sun Feb 26 11:15:23 PST 2017
mrigger created this revision.
This change addresses https://github.com/google/sanitizers/issues/766. I tested the change with `make check-asan` and the newly added test case.
https://reviews.llvm.org/D30384
Files:
asan_interceptors.cc
tests/asan_str_test.cc
Index: tests/asan_str_test.cc
===================================================================
--- tests/asan_str_test.cc
+++ tests/asan_str_test.cc
@@ -107,6 +107,27 @@
free(heap_string);
}
+TEST(AddressSanitizer, StrTokTest) {
+ size_t size = Ident(100);
+ char *s = MallocAndMemsetString(size, 'o');
+ s[size - 1] = '\0';
+ char *delim = Ident((char*)malloc(2));
+ delim[0] = ' ';
+ delim[1] = '\n';
+ // Normal call.
+ strtok(s, s);
+ // Cause out-of-bounds read by missing NULL terminator.
+ EXPECT_DEATH(Ident(strtok(s, delim)), RightOOBReadMessage(0));
+ EXPECT_DEATH(Ident(strtok(delim, s)), RightOOBReadMessage(0));
+ s[size - 1] = 'a';
+ EXPECT_DEATH(Ident(strtok(s, s)), RightOOBReadMessage(0));
+ // Argument points to not-allocated memory.
+ EXPECT_DEATH(Ident(strtok(delim-1, delim-1)), LeftOOBReadMessage(1));
+ free(s);
+ free(delim);
+}
+
+
#if SANITIZER_TEST_HAS_STRNLEN
TEST(AddressSanitizer, StrNLenOOBTest) {
size_t size = Ident(123);
Index: asan_interceptors.cc
===================================================================
--- asan_interceptors.cc
+++ asan_interceptors.cc
@@ -538,6 +538,19 @@
return REAL(strcpy)(to, from); // NOLINT
}
+INTERCEPTOR(char*, strtok, char *str, const char *delimiters) {
+ void *ctx;
+ ASAN_INTERCEPTOR_ENTER(ctx, strtok);
+ ENSURE_ASAN_INITED();
+ if (flags()->replace_str) {
+ uptr del_size = REAL(strlen)(delimiters) + 1;
+ uptr str_size = REAL(strlen)(str) + 1;
+ ASAN_READ_RANGE(ctx, delimiters, del_size);
+ ASAN_READ_RANGE(ctx, str, str_size);
+ }
+ return REAL(strtok)(str, delimiters);
+}
+
INTERCEPTOR(char*, strdup, const char *s) {
void *ctx;
ASAN_INTERCEPTOR_ENTER(ctx, strdup);
@@ -716,6 +729,7 @@
ASAN_INTERCEPT_FUNC(strcat); // NOLINT
ASAN_INTERCEPT_FUNC(strcpy); // NOLINT
ASAN_INTERCEPT_FUNC(wcslen);
+ ASAN_INTERCEPT_FUNC(strtok);
ASAN_INTERCEPT_FUNC(strncat);
ASAN_INTERCEPT_FUNC(strncpy);
ASAN_INTERCEPT_FUNC(strdup);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D30384.89814.patch
Type: text/x-patch
Size: 1983 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170226/51ee3e47/attachment.bin>
More information about the llvm-commits
mailing list