[compiler-rt] r323278 - [scudo] Allow for weak hooks, gated by a define

Kostya Kortchinsky via llvm-commits llvm-commits at lists.llvm.org
Tue Jan 23 15:07:42 PST 2018 

Author: cryptoad
Date: Tue Jan 23 15:07:42 2018
New Revision: 323278

URL: http://llvm.org/viewvc/llvm-project?rev=323278&view=rev
Log:
[scudo] Allow for weak hooks, gated by a define

Summary:
Hooks in the allocation & deallocation paths can be a security risk (see for an
example https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html
which used the glibc's __free_hook to complete exploitation).

But some users have expressed a need for them, even if only for tests and
memory benchmarks. So allow for `__sanitizer_malloc_hook` &
`__sanitizer_free_hook` to be called if defined, and gate them behind a global
define `SCUDO_CAN_USE_HOOKS` defaulting to 0.

Reviewers: alekseyshl

Reviewed By: alekseyshl

Subscribers: #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D42430

Modified:
    compiler-rt/trunk/lib/scudo/scudo_allocator.cpp
    compiler-rt/trunk/lib/scudo/scudo_platform.h

Modified: compiler-rt/trunk/lib/scudo/scudo_allocator.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/scudo/scudo_allocator.cpp?rev=323278&r1=323277&r2=323278&view=diff
==============================================================================
--- compiler-rt/trunk/lib/scudo/scudo_allocator.cpp (original)
+++ compiler-rt/trunk/lib/scudo/scudo_allocator.cpp Tue Jan 23 15:07:42 2018
@@ -430,7 +430,8 @@ struct ScudoAllocator {
     }
     void *Ptr = reinterpret_cast<void *>(UserPtr);
     Chunk::storeHeader(Ptr, &Header);
-    // if (&__sanitizer_malloc_hook) __sanitizer_malloc_hook(Ptr, Size);
+    if (SCUDO_CAN_USE_HOOKS && &__sanitizer_malloc_hook)
+      __sanitizer_malloc_hook(Ptr, Size);
     return Ptr;
   }
 
@@ -480,7 +481,8 @@ struct ScudoAllocator {
     // the TLS destructors, ending up in initialized thread specific data never
     // being destroyed properly. Any other heap operation will do a full init.
     initThreadMaybe(/*MinimalInit=*/true);
-    // if (&__sanitizer_free_hook) __sanitizer_free_hook(Ptr);
+    if (SCUDO_CAN_USE_HOOKS && &__sanitizer_free_hook)
+      __sanitizer_free_hook(Ptr);
     if (UNLIKELY(!Ptr))
       return;
     if (UNLIKELY(!Chunk::isAligned(Ptr))) {

Modified: compiler-rt/trunk/lib/scudo/scudo_platform.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/scudo/scudo_platform.h?rev=323278&r1=323277&r2=323278&view=diff
==============================================================================
--- compiler-rt/trunk/lib/scudo/scudo_platform.h (original)
+++ compiler-rt/trunk/lib/scudo/scudo_platform.h Tue Jan 23 15:07:42 2018
@@ -55,6 +55,12 @@
 # define SCUDO_CAN_USE_PUBLIC_INTERFACE 1
 #endif
 
+// Hooks in the allocation & deallocation paths can become a security concern if
+// implemented improperly, or if overwritten by an attacker. Use with caution.
+#ifndef SCUDO_CAN_USE_HOOKS
+# define SCUDO_CAN_USE_HOOKS 0
+#endif
+
 namespace __scudo {
 
 #if SANITIZER_CAN_USE_ALLOCATOR64

More information about the llvm-commits mailing list