[compiler-rt] r320990 - [asan] Add interceptor for printf_chk

Maxim Ostapenko via llvm-commits llvm-commits at lists.llvm.org
Mon Dec 18 07:31:26 PST 2017 

Author: chefmax
Date: Mon Dec 18 07:31:26 2017
New Revision: 320990

URL: http://llvm.org/viewvc/llvm-project?rev=320990&view=rev
Log:
[asan] Add interceptor for printf_chk

There could be a situation when a specific DSO was built with FORTIFY_SOURCE option. In case asan-ed binary link against that DSO,
libasan can't handle the possible memory error because it does not have interceptors for spinrtf_chk, snprintf_chk, vprintf_chk,
vsnprintf_chk, __fprintf_chk functions. Let's interceptors for them.

Patch by Denis Khalikov.

Differential Revision: https://reviews.llvm.org/D40951

Added:
    compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-1.c
    compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-2.c
    compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-3.c
    compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-4.c
    compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-5.c
Modified:
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h

Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc?rev=320990&r1=320989&r2=320990&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc Mon Dec 18 07:31:26 2017
@@ -1552,6 +1552,12 @@ INTERCEPTOR(int, vsnprintf, char *str, S
             va_list ap)
 VSNPRINTF_INTERCEPTOR_IMPL(vsnprintf, str, size, format, ap)
 
+#if SANITIZER_INTERCEPT___PRINTF_CHK
+INTERCEPTOR(int, __vsnprintf_chk, char *str, SIZE_T size, int flag,
+            SIZE_T size_to, const char *format, va_list ap)
+VSNPRINTF_INTERCEPTOR_IMPL(vsnprintf, str, size, format, ap)
+#endif
+
 #if SANITIZER_INTERCEPT_PRINTF_L
 INTERCEPTOR(int, vsnprintf_l, char *str, SIZE_T size, void *loc,
             const char *format, va_list ap)
@@ -1565,6 +1571,12 @@ FORMAT_INTERCEPTOR_IMPL(snprintf_l, vsnp
 INTERCEPTOR(int, vsprintf, char *str, const char *format, va_list ap)
 VSPRINTF_INTERCEPTOR_IMPL(vsprintf, str, format, ap)
 
+#if SANITIZER_INTERCEPT___PRINTF_CHK
+INTERCEPTOR(int, __vsprintf_chk, char *str, int flag, SIZE_T size_to,
+            const char *format, va_list ap)
+VSPRINTF_INTERCEPTOR_IMPL(vsprintf, str, format, ap)
+#endif
+
 INTERCEPTOR(int, vasprintf, char **strp, const char *format, va_list ap)
 VASPRINTF_INTERCEPTOR_IMPL(vasprintf, strp, format, ap)
 
@@ -1593,12 +1605,30 @@ FORMAT_INTERCEPTOR_IMPL(printf, vprintf,
 INTERCEPTOR(int, fprintf, __sanitizer_FILE *stream, const char *format, ...)
 FORMAT_INTERCEPTOR_IMPL(fprintf, vfprintf, stream, format)
 
+#if SANITIZER_INTERCEPT___PRINTF_CHK
+INTERCEPTOR(int, __fprintf_chk, __sanitizer_FILE *stream, SIZE_T size,
+            const char *format, ...)
+FORMAT_INTERCEPTOR_IMPL(__fprintf_chk, vfprintf, stream, format)
+#endif
+
 INTERCEPTOR(int, sprintf, char *str, const char *format, ...) // NOLINT
 FORMAT_INTERCEPTOR_IMPL(sprintf, vsprintf, str, format) // NOLINT
 
+#if SANITIZER_INTERCEPT___PRINTF_CHK
+INTERCEPTOR(int, __sprintf_chk, char *str, int flag, SIZE_T size_to,
+            const char *format, ...) // NOLINT
+FORMAT_INTERCEPTOR_IMPL(__sprintf_chk, vsprintf, str, format) // NOLINT
+#endif
+
 INTERCEPTOR(int, snprintf, char *str, SIZE_T size, const char *format, ...)
 FORMAT_INTERCEPTOR_IMPL(snprintf, vsnprintf, str, size, format)
 
+#if SANITIZER_INTERCEPT___PRINTF_CHK
+INTERCEPTOR(int, __snprintf_chk, char *str, SIZE_T size, int flag,
+            SIZE_T size_to, const char *format, ...) // NOLINT
+FORMAT_INTERCEPTOR_IMPL(__snprintf_chk, vsnprintf, str, size, format) // NOLINT
+#endif
+
 INTERCEPTOR(int, asprintf, char **strp, const char *format, ...)
 FORMAT_INTERCEPTOR_IMPL(asprintf, vasprintf, strp, format)
 
@@ -1638,6 +1668,17 @@ FORMAT_INTERCEPTOR_IMPL(__isoc99_snprint
 #define INIT_PRINTF
 #endif
 
+#if SANITIZER_INTERCEPT___PRINTF_CHK
+#define INIT___PRINTF_CHK                     \
+  COMMON_INTERCEPT_FUNCTION(__sprintf_chk);   \
+  COMMON_INTERCEPT_FUNCTION(__snprintf_chk);  \
+  COMMON_INTERCEPT_FUNCTION(__vsprintf_chk);  \
+  COMMON_INTERCEPT_FUNCTION(__vsnprintf_chk); \
+  COMMON_INTERCEPT_FUNCTION(__fprintf_chk);
+#else
+#define INIT___PRINTF_CHK
+#endif
+
 #if SANITIZER_INTERCEPT_PRINTF_L
 #define INIT_PRINTF_L                     \
   COMMON_INTERCEPT_FUNCTION(snprintf_l);  \
@@ -6560,4 +6601,6 @@ static void InitializeCommonInterceptors
   COMMON_INTERCEPT_FUNCTION(__libc_mutex_unlock);
   COMMON_INTERCEPT_FUNCTION(__libc_thr_setcancelstate);
 #endif
+
+  INIT___PRINTF_CHK;
 }

Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h?rev=320990&r1=320989&r2=320990&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h Mon Dec 18 07:31:26 2017
@@ -177,6 +177,9 @@
 # define SANITIZER_INTERCEPT_ISOC99_PRINTF SI_LINUX_NOT_ANDROID
 #endif
 
+#define SANITIZER_INTERCEPT___PRINTF_CHK \
+  (SANITIZER_INTERCEPT_PRINTF && SI_LINUX_NOT_ANDROID)
+
 #define SANITIZER_INTERCEPT_FREXP SI_NOT_FUCHSIA
 #define SANITIZER_INTERCEPT_FREXPF_FREXPL SI_POSIX
 

Added: compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-1.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-1.c?rev=320990&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-1.c (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-1.c Mon Dec 18 07:31:26 2017
@@ -0,0 +1,18 @@
+// RUN: %clang -fPIC -shared -O2 -D_FORTIFY_SOURCE=2 -D_DSO %s -o %t.so
+// RUN: %clang_asan -o %t %t.so %s
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) int foo() {
+  char *write_buffer = (char *)malloc(1);
+  // CHECK: AddressSanitizer: heap-buffer-overflow
+  sprintf(write_buffer, "%s_%s", "one", "two");
+  return write_buffer[0];
+}
+#else
+extern int foo();
+int main() { return foo(); }
+#endif

Added: compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-2.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-2.c?rev=320990&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-2.c (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-2.c Mon Dec 18 07:31:26 2017
@@ -0,0 +1,18 @@
+// RUN: %clang -fPIC -shared -O2 -D_FORTIFY_SOURCE=2 -D_DSO %s -o %t.so
+// RUN: %clang_asan %s -o %t %t.so
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) int foo() {
+  char *write_buffer = (char *)malloc(1);
+  // CHECK: AddressSanitizer: heap-buffer-overflow
+  snprintf(write_buffer, 4096, "%s_%s", "one", "two");
+  return write_buffer[0];
+}
+#else
+extern int foo();
+int main() { return foo(); }
+#endif

Added: compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-3.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-3.c?rev=320990&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-3.c (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-3.c Mon Dec 18 07:31:26 2017
@@ -0,0 +1,22 @@
+// RUN: %clang -shared -fPIC -D_DSO -O2 -D_FORTIFY_SOURCE=2 %s -o %t.so
+// RUN: %clang_asan %s -o %t %t.so
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) char foo(const char *format, ...) {
+  char *write_buffer = (char *)malloc(1);
+  va_list ap;
+  va_start(ap, format);
+  // CHECK: AddressSanitizer: heap-buffer-overflow
+  vsprintf(write_buffer, format, ap);
+  va_end(ap);
+  return write_buffer[0];
+}
+#else
+extern int foo(const char *format, ...);
+int main() { return foo("%s_%s", "one", "two"); }
+#endif

Added: compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-4.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-4.c?rev=320990&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-4.c (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-4.c Mon Dec 18 07:31:26 2017
@@ -0,0 +1,22 @@
+// RUN: %clang -fPIC -shared -O2 -D_FORTIFY_SOURCE=2 -D_DSO %s -o %t.so
+// RUN: %clang_asan %s -o %t %t.so
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) char foo(const char *format, ...) {
+  char *write_buffer = (char *)malloc(1);
+  va_list ap;
+  va_start(ap, format);
+  // CHECK: AddressSanitizer: heap-buffer-overflow
+  vsnprintf(write_buffer, 4096, format, ap);
+  va_end(ap);
+  return write_buffer[0];
+}
+#else
+extern int foo(const char *format, ...);
+int main() { return foo("%s_%s", "one", "two"); }
+#endif

Added: compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-5.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-5.c?rev=320990&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-5.c (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/printf-fortify-5.c Mon Dec 18 07:31:26 2017
@@ -0,0 +1,18 @@
+// RUN: %clang -fPIC -shared -O2 -D_FORTIFY_SOURCE=2 -D_DSO %s -o %t.so
+// RUN: %clang_asan -o %t %t.so %s
+// RUN: not %run %t 2>&1 | FileCheck %s
+// UNSUPPORTED: android
+#ifdef _DSO
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+__attribute__((noinline)) int foo() {
+  char *read_buffer = (char *)malloc(1);
+  // CHECK: AddressSanitizer: heap-buffer-overflow
+  fprintf(stderr, read_buffer, 4096);
+  return read_buffer[0];
+}
+#else
+extern int foo();
+int main() { return foo(); }
+#endif

More information about the llvm-commits mailing list