[compiler-rt] 33d9b7b - [sanitizer] Mark before deref in PosixSpawnImpl

Haowei Wu via llvm-commits llvm-commits at lists.llvm.org
Wed Nov 3 10:18:40 PDT 2021 

Author: Tamir Duberstein
Date: 2021-11-03T10:18:06-07:00
New Revision: 33d9b7b4b26d56b9cdc479bfd444e448d61fa978

URL: https://github.com/llvm/llvm-project/commit/33d9b7b4b26d56b9cdc479bfd444e448d61fa978
DIFF: https://github.com/llvm/llvm-project/commit/33d9b7b4b26d56b9cdc479bfd444e448d61fa978.diff

LOG: [sanitizer] Mark before deref in PosixSpawnImpl

Read each pointer in the argv and envp arrays before dereferencing
it; this correctly marks an error when these pointers point into
memory that has been freed.

Differential Revision: https://reviews.llvm.org/D113046

Added: 
    

Modified: 
    compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc

Removed: 
    


################################################################################
diff  --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
index 3ff1e7b94ead3..a6a5230cdadc3 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
@@ -2431,14 +2431,20 @@ static int PosixSpawnImpl(void *ctx, RealSpawnPtr *real_posix_spawn, pid_t *pid,
                           char *const envp[]) {
   COMMON_INTERCEPTOR_READ_RANGE(ctx, file_or_path,
                                 internal_strlen(file_or_path) + 1);
-  char *const *s = argv;
-  for (; *s; ++s)
-    COMMON_INTERCEPTOR_READ_RANGE(ctx, *s, internal_strlen(*s) + 1);
-  COMMON_INTERCEPTOR_READ_RANGE(ctx, argv, (s - argv + 1) * sizeof(*s));
-  s = envp;
-  for (; *s; ++s)
-    COMMON_INTERCEPTOR_READ_RANGE(ctx, *s, internal_strlen(*s) + 1);
-  COMMON_INTERCEPTOR_READ_RANGE(ctx, envp, (s - envp + 1) * sizeof(*s));
+  if (argv) {
+    for (char *const *s = argv; ; ++s) {
+      COMMON_INTERCEPTOR_READ_RANGE(ctx, s, sizeof(*s));
+      if (!*s) break;
+      COMMON_INTERCEPTOR_READ_RANGE(ctx, *s, internal_strlen(*s) + 1);
+    }
+  }
+  if (envp) {
+    for (char *const *s = envp; ; ++s) {
+      COMMON_INTERCEPTOR_READ_RANGE(ctx, s, sizeof(*s));
+      if (!*s) break;
+      COMMON_INTERCEPTOR_READ_RANGE(ctx, *s, internal_strlen(*s) + 1);
+    }
+  }
   int res =
       real_posix_spawn(pid, file_or_path, file_actions, attrp, argv, envp);
   if (res == 0)

More information about the llvm-commits mailing list