[compiler-rt] 04fd535 - ASan: add backtrace_symbols test and clarify code is correct
Thurston Dang via llvm-commits
llvm-commits at lists.llvm.org
Fri May 12 22:39:45 PDT 2023
Author: Thurston Dang
Date: 2023-05-13T05:26:45Z
New Revision: 04fd535409ddc601a4654e38ff28db3f13c10713
URL: https://github.com/llvm/llvm-project/commit/04fd535409ddc601a4654e38ff28db3f13c10713
DIFF: https://github.com/llvm/llvm-project/commit/04fd535409ddc601a4654e38ff28db3f13c10713.diff
LOG: ASan: add backtrace_symbols test and clarify code is correct
This is another patch for https://github.com/google/sanitizers/issues/321
(sanitizer interceptors can write to freed memory, causing corruption),
in this case for backtrace_symbols.
backtrace_symbols is already correct, hence this patch removes the
TODO note. Additionally, this patch adds a test case for it.
Differential Revision: https://reviews.llvm.org/D150498
Added:
compiler-rt/test/asan/TestCases/backtrace_symbols_interceptor.cpp
Modified:
compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
Removed:
################################################################################
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
index 490a8b12d8b1..1c315a5183c6 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
@@ -4418,9 +4418,8 @@ INTERCEPTOR(char **, backtrace_symbols, void **buffer, int size) {
COMMON_INTERCEPTOR_ENTER(ctx, backtrace_symbols, buffer, size);
if (buffer && size)
COMMON_INTERCEPTOR_READ_RANGE(ctx, buffer, size * sizeof(*buffer));
- // FIXME: under ASan the call below may write to freed memory and corrupt
- // its metadata. See
- // https://github.com/google/sanitizers/issues/321.
+ // The COMMON_INTERCEPTOR_READ_RANGE above ensures that 'buffer' is
+ // valid for reading.
char **res = REAL(backtrace_symbols)(buffer, size);
if (res && size) {
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, res, size * sizeof(*res));
diff --git a/compiler-rt/test/asan/TestCases/backtrace_symbols_interceptor.cpp b/compiler-rt/test/asan/TestCases/backtrace_symbols_interceptor.cpp
new file mode 100644
index 000000000000..a78969408a7f
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/backtrace_symbols_interceptor.cpp
@@ -0,0 +1,36 @@
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// Test the backtrace_symbols() interceptor.
+
+#include <assert.h>
+#include <execinfo.h>
+#include <math.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#define MAX_BT 100
+
+int main() {
+ void **buffer = (void **)malloc(sizeof(void *) * MAX_BT);
+ assert(buffer != NULL);
+
+ int numEntries = backtrace(buffer, MAX_BT);
+ printf("backtrace returned %d entries\n", numEntries);
+
+ free(buffer);
+
+ // Deliberate use-after-free of 'buffer'. We expect ASan to
+ // catch this, without triggering internal sanitizer errors.
+ char **strings = backtrace_symbols(buffer, numEntries);
+ assert(strings != NULL);
+
+ for (int i = 0; i < numEntries; i++) {
+ printf("%s\n", strings[i]);
+ }
+
+ free(strings);
+
+ // CHECK: use-after-free
+ // CHECK: SUMMARY
+ return 0;
+}
More information about the llvm-commits
mailing list