[compiler-rt] 3b947cc - [msan] unpoison_file from fclose and fflash
Vitaly Buka via llvm-commits
llvm-commits at lists.llvm.org
Fri Nov 20 13:09:12 PST 2020
Author: Vitaly Buka
Date: 2020-11-20T13:09:01-08:00
New Revision: 3b947cc8ce08f3f97436f375837ea35e646d9688
URL: https://github.com/llvm/llvm-project/commit/3b947cc8ce08f3f97436f375837ea35e646d9688
DIFF: https://github.com/llvm/llvm-project/commit/3b947cc8ce08f3f97436f375837ea35e646d9688.diff
LOG: [msan] unpoison_file from fclose and fflash
Also unpoison IO_write_base/_IO_write_end buffer
memcpy from fclose and fflash can copy internal bytes without metadata into user memory.
Reviewed By: eugenis
Differential Revision: https://reviews.llvm.org/D91858
Added:
compiler-rt/test/msan/Linux/file.cpp
Modified:
compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
Removed:
################################################################################
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
index 729eead43c04..d4b9ea5f7f06 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
@@ -5978,6 +5978,9 @@ void unpoison_file(__sanitizer_FILE *fp) {
if (fp->_IO_read_base && fp->_IO_read_base < fp->_IO_read_end)
COMMON_INTERCEPTOR_INITIALIZE_RANGE(fp->_IO_read_base,
fp->_IO_read_end - fp->_IO_read_base);
+ if (fp->_IO_write_base && fp->_IO_write_base < fp->_IO_write_end)
+ COMMON_INTERCEPTOR_INITIALIZE_RANGE(fp->_IO_write_base,
+ fp->_IO_write_end - fp->_IO_write_base);
#endif
#endif // SANITIZER_HAS_STRUCT_FILE
}
@@ -6204,6 +6207,8 @@ INTERCEPTOR(void, _obstack_newchunk, __sanitizer_obstack *obstack, int length) {
INTERCEPTOR(int, fflush, __sanitizer_FILE *fp) {
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, fflush, fp);
+ if (fp)
+ unpoison_file(fp);
int res = REAL(fflush)(fp);
// FIXME: handle fp == NULL
if (fp) {
@@ -6223,6 +6228,8 @@ INTERCEPTOR(int, fclose, __sanitizer_FILE *fp) {
COMMON_INTERCEPTOR_ENTER(ctx, fclose, fp);
COMMON_INTERCEPTOR_FILE_CLOSE(ctx, fp);
const FileMetadata *m = GetInterceptorMetadata(fp);
+ if (fp)
+ unpoison_file(fp);
int res = REAL(fclose)(fp);
if (m) {
COMMON_INTERCEPTOR_INITIALIZE_RANGE(*m->addr, *m->size);
diff --git a/compiler-rt/test/msan/Linux/file.cpp b/compiler-rt/test/msan/Linux/file.cpp
new file mode 100644
index 000000000000..ff1d334e8cbe
--- /dev/null
+++ b/compiler-rt/test/msan/Linux/file.cpp
@@ -0,0 +1,29 @@
+// RUN: %clangxx_msan -std=c++11 -O0 %s -o %t && %run %t
+// RUN: %clangxx_msan -std=c++11 -fsanitize-memory-track-origins -O0 %s -o %t && %run %t
+
+#include <assert.h>
+#include <stdio.h>
+
+#include <sanitizer/msan_interface.h>
+
+int main(int argc, char *argv[]) {
+ FILE *f = fopen(argv[0], "r");
+ assert(f);
+ char buf[50];
+ fread(buf, 1, 1, f);
+ fflush(f);
+
+ assert(f->_IO_read_end > f->_IO_read_base);
+ __msan_check_mem_is_initialized(f->_IO_read_end, f->_IO_read_end - f->_IO_read_base);
+
+ char tmp_file[1000];
+ sprintf(tmp_file, "%s.write.tmp", argv[0]);
+
+ f = fopen(tmp_file, "w+");
+ assert(f);
+ fwrite(buf, 1, 1, f);
+ fflush(f);
+
+ assert(f->_IO_write_end > f->_IO_write_base);
+ __msan_check_mem_is_initialized(f->_IO_write_end, f->_IO_write_end - f->_IO_write_base);
+}
More information about the llvm-commits
mailing list