[PATCH] D63877: Avoid infinite loop with asan interception

serge via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Tue Jul 2 14:38:04 PDT 2019 

serge-sans-paille updated this revision to Diff 207634.
serge-sans-paille added a comment.

Update test according to @kcc remark.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D63877/new/

https://reviews.llvm.org/D63877

Files:
  compiler-rt/lib/interception/interception_linux.cc
  compiler-rt/test/asan/TestCases/dlopen-mixed-c-cxx.c


Index: compiler-rt/test/asan/TestCases/dlopen-mixed-c-cxx.c
===================================================================
--- /dev/null
+++ compiler-rt/test/asan/TestCases/dlopen-mixed-c-cxx.c
@@ -0,0 +1,40 @@
+// REQUIRES: x86_64-target-arch
+// RUN: %clangxx_asan -fsanitize=address -xc++ -shared -fPIC -o %t.so - < %s
+// RUN: %clang_asan -fsanitize=address %s -o %t.out -ldl
+// RUN: ASAN_OPTIONS=verbosity=1 not %t.out %t.so 2>&1 | FileCheck %s
+//
+// CHECK: AddressSanitizer: failed to intercept '__cxa_throw'
+#ifdef __cplusplus
+
+static void foo(void) {
+  int i = 0;
+  throw(i);
+}
+
+extern "C" {
+int bar(void);
+};
+int bar(void) {
+  try {
+    foo();
+  } catch (int i) {
+    return i;
+  }
+  return -1;
+}
+
+#else
+
+#include <assert.h>
+#include <dlfcn.h>
+
+int main(int argc, char **argv) {
+  int (*bar)(void);
+  void *handle = dlopen(argv[1], RTLD_LAZY);
+  assert(handle);
+  bar = dlsym(handle, "bar");
+  assert(bar);
+  return bar();
+}
+
+#endif
Index: compiler-rt/lib/interception/interception_linux.cc
===================================================================
--- compiler-rt/lib/interception/interception_linux.cc
+++ compiler-rt/lib/interception/interception_linux.cc
@@ -33,7 +33,7 @@
 }
 #endif
 
-static void *GetFuncAddr(const char *name) {
+static void *GetFuncAddr(const char *name, uptr wrapper_addr) {
 #if SANITIZER_NETBSD
   // FIXME: Find a better way to handle renames
   if (StrCmp(name, "sigaction"))
@@ -47,13 +47,18 @@
     // want the address of the real definition, though, so look it up using
     // RTLD_DEFAULT.
     addr = dlsym(RTLD_DEFAULT, name);
+
+    // In case `name' is not loaded, dlsym ends up finding the actual wrapper.
+    // We don't want to intercept the wrapper and have it point to itself.
+    if ((uptr)addr == wrapper_addr)
+      addr = nullptr;
   }
   return addr;
 }
 
 bool InterceptFunction(const char *name, uptr *ptr_to_real, uptr func,
                        uptr wrapper) {
-  void *addr = GetFuncAddr(name);
+  void *addr = GetFuncAddr(name, wrapper);
   *ptr_to_real = (uptr)addr;
   return addr && (func == wrapper);
 }


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D63877.207634.patch
Type: text/x-patch
Size: 2130 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20190702/8cdbee46/attachment.bin>

More information about the llvm-commits mailing list