[compiler-rt] r320990 - [asan] Add interceptor for printf_chk
Maxim Ostapenko via llvm-commits
llvm-commits at lists.llvm.org
Mon Dec 18 07:31:26 PST 2017
Author: chefmax
Date: Mon Dec 18 07:31:26 2017
New Revision: 320990
URL: http://llvm.org/viewvc/llvm-project?rev=320990&view=rev
Log:
[asan] Add interceptor for printf_chk
There could be a situation when a specific DSO was built with FORTIFY_SOURCE option. In case asan-ed binary link against that DSO,
libasan can't handle the possible memory error because it does not have interceptors for spinrtf_chk, snprintf_chk, vprintf_chk,
vsnprintf_chk, __fprintf_chk functions. Let's interceptors for them.
Patch by Denis Khalikov.
Differential Revision: https://reviews.llvm.org/D40951
Added:
compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-1.c
compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-2.c
compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-3.c
compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-4.c
compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-5.c
Modified:
compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc?rev=320990&r1=320989&r2=320990&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc Mon Dec 18 07:31:26 2017
@@ -1552,6 +1552,12 @@ INTERCEPTOR(int, vsnprintf, char *str, S
va_list ap)
VSNPRINTF_INTERCEPTOR_IMPL(vsnprintf, str, size, format, ap)
+#if SANITIZER_INTERCEPT___PRINTF_CHK
+INTERCEPTOR(int, __vsnprintf_chk, char *str, SIZE_T size, int flag,
+ SIZE_T size_to, const char *format, va_list ap)
+VSNPRINTF_INTERCEPTOR_IMPL(vsnprintf, str, size, format, ap)
+#endif
+
#if SANITIZER_INTERCEPT_PRINTF_L
INTERCEPTOR(int, vsnprintf_l, char *str, SIZE_T size, void *loc,
const char *format, va_list ap)
@@ -1565,6 +1571,12 @@ FORMAT_INTERCEPTOR_IMPL(snprintf_l, vsnp
INTERCEPTOR(int, vsprintf, char *str, const char *format, va_list ap)
VSPRINTF_INTERCEPTOR_IMPL(vsprintf, str, format, ap)
+#if SANITIZER_INTERCEPT___PRINTF_CHK
+INTERCEPTOR(int, __vsprintf_chk, char *str, int flag, SIZE_T size_to,
+ const char *format, va_list ap)
+VSPRINTF_INTERCEPTOR_IMPL(vsprintf, str, format, ap)
+#endif
+
INTERCEPTOR(int, vasprintf, char **strp, const char *format, va_list ap)
VASPRINTF_INTERCEPTOR_IMPL(vasprintf, strp, format, ap)
@@ -1593,12 +1605,30 @@ FORMAT_INTERCEPTOR_IMPL(printf, vprintf,
INTERCEPTOR(int, fprintf, __sanitizer_FILE *stream, const char *format, ...)
FORMAT_INTERCEPTOR_IMPL(fprintf, vfprintf, stream, format)
+#if SANITIZER_INTERCEPT___PRINTF_CHK
+INTERCEPTOR(int, __fprintf_chk, __sanitizer_FILE *stream, SIZE_T size,
+ const char *format, ...)
+FORMAT_INTERCEPTOR_IMPL(__fprintf_chk, vfprintf, stream, format)
+#endif
+
INTERCEPTOR(int, sprintf, char *str, const char *format, ...) // NOLINT
FORMAT_INTERCEPTOR_IMPL(sprintf, vsprintf, str, format) // NOLINT
+#if SANITIZER_INTERCEPT___PRINTF_CHK
+INTERCEPTOR(int, __sprintf_chk, char *str, int flag, SIZE_T size_to,
+ const char *format, ...) // NOLINT
+FORMAT_INTERCEPTOR_IMPL(__sprintf_chk, vsprintf, str, format) // NOLINT
+#endif
+
INTERCEPTOR(int, snprintf, char *str, SIZE_T size, const char *format, ...)
FORMAT_INTERCEPTOR_IMPL(snprintf, vsnprintf, str, size, format)
+#if SANITIZER_INTERCEPT___PRINTF_CHK
+INTERCEPTOR(int, __snprintf_chk, char *str, SIZE_T size, int flag,
+ SIZE_T size_to, const char *format, ...) // NOLINT
+FORMAT_INTERCEPTOR_IMPL(__snprintf_chk, vsnprintf, str, size, format) // NOLINT
+#endif
+
INTERCEPTOR(int, asprintf, char **strp, const char *format, ...)
FORMAT_INTERCEPTOR_IMPL(asprintf, vasprintf, strp, format)
@@ -1638,6 +1668,17 @@ FORMAT_INTERCEPTOR_IMPL(__isoc99_snprint
#define INIT_PRINTF
#endif
+#if SANITIZER_INTERCEPT___PRINTF_CHK
+#define INIT___PRINTF_CHK \
+ COMMON_INTERCEPT_FUNCTION(__sprintf_chk); \
+ COMMON_INTERCEPT_FUNCTION(__snprintf_chk); \
+ COMMON_INTERCEPT_FUNCTION(__vsprintf_chk); \
+ COMMON_INTERCEPT_FUNCTION(__vsnprintf_chk); \
+ COMMON_INTERCEPT_FUNCTION(__fprintf_chk);
+#else
+#define INIT___PRINTF_CHK
+#endif
+
#if SANITIZER_INTERCEPT_PRINTF_L
#define INIT_PRINTF_L \
COMMON_INTERCEPT_FUNCTION(snprintf_l); \
@@ -6560,4 +6601,6 @@ static void InitializeCommonInterceptors
COMMON_INTERCEPT_FUNCTION(__libc_mutex_unlock);
COMMON_INTERCEPT_FUNCTION(__libc_thr_setcancelstate);
#endif
+
+ INIT___PRINTF_CHK;
}
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h?rev=320990&r1=320989&r2=320990&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h Mon Dec 18 07:31:26 2017
@@ -177,6 +177,9 @@
# define SANITIZER_INTERCEPT_ISOC99_PRINTF SI_LINUX_NOT_ANDROID
#endif
+#define SANITIZER_INTERCEPT___PRINTF_CHK \
+ (SANITIZER_INTERCEPT_PRINTF && SI_LINUX_NOT_ANDROID)
+
#define SANITIZER_INTERCEPT_FREXP SI_NOT_FUCHSIA
#define SANITIZER_INTERCEPT_FREXPF_FREXPL SI_POSIX
Added: compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-1.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-1.c?rev=320990&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-1.c (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-1.c Mon Dec 18 07:31:26 2017
@@ -0,0 +1,18 @@
+// RUN: %clang -fPIC -shared -O2 -D_FORTIFY_SOURCE=2 -D_DSO %s -o %t.so
+// RUN: %clang_asan -o %t %t.so %s
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) int foo() {
+ char *write_buffer = (char *)malloc(1);
+ // CHECK: AddressSanitizer: heap-buffer-overflow
+ sprintf(write_buffer, "%s_%s", "one", "two");
+ return write_buffer[0];
+}
+#else
+extern int foo();
+int main() { return foo(); }
+#endif
Added: compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-2.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-2.c?rev=320990&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-2.c (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-2.c Mon Dec 18 07:31:26 2017
@@ -0,0 +1,18 @@
+// RUN: %clang -fPIC -shared -O2 -D_FORTIFY_SOURCE=2 -D_DSO %s -o %t.so
+// RUN: %clang_asan %s -o %t %t.so
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) int foo() {
+ char *write_buffer = (char *)malloc(1);
+ // CHECK: AddressSanitizer: heap-buffer-overflow
+ snprintf(write_buffer, 4096, "%s_%s", "one", "two");
+ return write_buffer[0];
+}
+#else
+extern int foo();
+int main() { return foo(); }
+#endif
Added: compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-3.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-3.c?rev=320990&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-3.c (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-3.c Mon Dec 18 07:31:26 2017
@@ -0,0 +1,22 @@
+// RUN: %clang -shared -fPIC -D_DSO -O2 -D_FORTIFY_SOURCE=2 %s -o %t.so
+// RUN: %clang_asan %s -o %t %t.so
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) char foo(const char *format, ...) {
+ char *write_buffer = (char *)malloc(1);
+ va_list ap;
+ va_start(ap, format);
+ // CHECK: AddressSanitizer: heap-buffer-overflow
+ vsprintf(write_buffer, format, ap);
+ va_end(ap);
+ return write_buffer[0];
+}
+#else
+extern int foo(const char *format, ...);
+int main() { return foo("%s_%s", "one", "two"); }
+#endif
Added: compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-4.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-4.c?rev=320990&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-4.c (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-4.c Mon Dec 18 07:31:26 2017
@@ -0,0 +1,22 @@
+// RUN: %clang -fPIC -shared -O2 -D_FORTIFY_SOURCE=2 -D_DSO %s -o %t.so
+// RUN: %clang_asan %s -o %t %t.so
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) char foo(const char *format, ...) {
+ char *write_buffer = (char *)malloc(1);
+ va_list ap;
+ va_start(ap, format);
+ // CHECK: AddressSanitizer: heap-buffer-overflow
+ vsnprintf(write_buffer, 4096, format, ap);
+ va_end(ap);
+ return write_buffer[0];
+}
+#else
+extern int foo(const char *format, ...);
+int main() { return foo("%s_%s", "one", "two"); }
+#endif
Added: compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-5.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-5.c?rev=320990&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-5.c (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-5.c Mon Dec 18 07:31:26 2017
@@ -0,0 +1,18 @@
+// RUN: %clang -fPIC -shared -O2 -D_FORTIFY_SOURCE=2 -D_DSO %s -o %t.so
+// RUN: %clang_asan -o %t %t.so %s
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) int foo() {
+ char *read_buffer = (char *)malloc(1);
+ // CHECK: AddressSanitizer: heap-buffer-overflow
+ fprintf(stderr, read_buffer, 4096);
+ return read_buffer[0];
+}
+#else
+extern int foo();
+int main() { return foo(); }
+#endif
More information about the llvm-commits
mailing list