[compiler-rt] 10070e3 - Fix DataFlowSanitizer implementation of strchr() so that strchr(..., '\0') returns a pointer to '\0'.

Matt Morehouse via llvm-commits llvm-commits at lists.llvm.org
Wed Apr 15 13:09:14 PDT 2020 

Author: Sam Kerner
Date: 2020-04-15T13:08:47-07:00
New Revision: 10070e31a55c26d8cf990a5a5d6b09b8f413f433

URL: https://github.com/llvm/llvm-project/commit/10070e31a55c26d8cf990a5a5d6b09b8f413f433
DIFF: https://github.com/llvm/llvm-project/commit/10070e31a55c26d8cf990a5a5d6b09b8f413f433.diff

LOG: Fix DataFlowSanitizer implementation of strchr() so that strchr(..., '\0') returns a pointer to '\0'.

Summary:

Fixes https://bugs.llvm.org/show_bug.cgi?id=22392

Reviewers: pcc, morehouse

Reviewed By: morehouse

Subscribers: morehouse, #sanitizers

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D77996

Added: 
    

Modified: 
    compiler-rt/lib/dfsan/dfsan_custom.cpp
    compiler-rt/test/dfsan/custom.cpp

Removed: 
    


################################################################################
diff  --git a/compiler-rt/lib/dfsan/dfsan_custom.cpp b/compiler-rt/lib/dfsan/dfsan_custom.cpp
index 84f0271b15e0..78790a8bd646 100644
--- a/compiler-rt/lib/dfsan/dfsan_custom.cpp
+++ b/compiler-rt/lib/dfsan/dfsan_custom.cpp
@@ -84,7 +84,13 @@ SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strchr(const char *s, int c,
         *ret_label = dfsan_union(dfsan_read_label(s, i + 1),
                                  dfsan_union(s_label, c_label));
       }
-      return s[i] == 0 ? nullptr : const_cast<char *>(s+i);
+
+      // If s[i] is the \0 at the end of the string, and \0 is not the
+      // character we are searching for, then return null.
+      if (s[i] == 0 && c != 0) {
+        return nullptr;
+      }
+      return const_cast<char *>(s + i);
     }
   }
 }

diff  --git a/compiler-rt/test/dfsan/custom.cpp b/compiler-rt/test/dfsan/custom.cpp
index 71422f7ce834..96c897acdb6a 100644
--- a/compiler-rt/test/dfsan/custom.cpp
+++ b/compiler-rt/test/dfsan/custom.cpp
@@ -250,6 +250,17 @@ void test_strchr() {
 #else
   ASSERT_LABEL(crv, i_label);
 #endif
+
+  // `man strchr` says:
+  // The terminating null byte is considered part of the string, so that if c
+  // is specified as '\0', these functions return a pointer to the terminator.
+  crv = strchr(str1, '\0');
+  assert(crv == &str1[4]);
+#ifdef STRICT_DATA_DEPENDENCIES
+  ASSERT_ZERO_LABEL(crv);
+#else
+  ASSERT_LABEL(crv, i_label);
+#endif
 }
 
 void test_calloc() {

More information about the llvm-commits mailing list