[compiler-rt] a4232dc - [rtsan][tsan] Fix va_args handling in open functions (#108291)
via llvm-commits
llvm-commits at lists.llvm.org
Mon Sep 23 06:55:18 PDT 2024
Author: Chris Apple
Date: 2024-09-23T06:55:14-07:00
New Revision: a4232dc676908548afa36d4f4ad740131ce385e2
URL: https://github.com/llvm/llvm-project/commit/a4232dc676908548afa36d4f4ad740131ce385e2
DIFF: https://github.com/llvm/llvm-project/commit/a4232dc676908548afa36d4f4ad740131ce385e2.diff
LOG: [rtsan][tsan] Fix va_args handling in open functions (#108291)
Check oflag to see if it contains O_CREAT / O_TMPFILE before unpacking parameters to avoid UB
Added:
Modified:
compiler-rt/lib/rtsan/rtsan_interceptors.cpp
compiler-rt/lib/sanitizer_common/sanitizer_posix.cpp
compiler-rt/lib/sanitizer_common/sanitizer_posix.h
compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp
Removed:
################################################################################
diff --git a/compiler-rt/lib/rtsan/rtsan_interceptors.cpp b/compiler-rt/lib/rtsan/rtsan_interceptors.cpp
index d186d1aaa8d93e..9cc7214aef85c7 100644
--- a/compiler-rt/lib/rtsan/rtsan_interceptors.cpp
+++ b/compiler-rt/lib/rtsan/rtsan_interceptors.cpp
@@ -64,13 +64,15 @@ INTERCEPTOR(int, open, const char *path, int oflag, ...) {
// O_NONBLOCK
__rtsan_notify_intercepted_call("open");
- va_list args;
- va_start(args, oflag);
- const mode_t mode = va_arg(args, int);
- va_end(args);
+ if (OpenReadsVaArgs(oflag)) {
+ va_list args;
+ va_start(args, oflag);
+ const mode_t mode = va_arg(args, int);
+ va_end(args);
+ return REAL(open)(path, oflag, mode);
+ }
- const int result = REAL(open)(path, oflag, mode);
- return result;
+ return REAL(open)(path, oflag);
}
#if SANITIZER_INTERCEPT_OPEN64
@@ -79,13 +81,15 @@ INTERCEPTOR(int, open64, const char *path, int oflag, ...) {
// O_NONBLOCK
__rtsan_notify_intercepted_call("open64");
- va_list args;
- va_start(args, oflag);
- const mode_t mode = va_arg(args, int);
- va_end(args);
+ if (OpenReadsVaArgs(oflag)) {
+ va_list args;
+ va_start(args, oflag);
+ const mode_t mode = va_arg(args, int);
+ va_end(args);
+ return REAL(open64)(path, oflag, mode);
+ }
- const int result = REAL(open64)(path, oflag, mode);
- return result;
+ return REAL(open64)(path, oflag);
}
#define RTSAN_MAYBE_INTERCEPT_OPEN64 INTERCEPT_FUNCTION(open64)
#else
@@ -97,13 +101,15 @@ INTERCEPTOR(int, openat, int fd, const char *path, int oflag, ...) {
// O_NONBLOCK
__rtsan_notify_intercepted_call("openat");
- va_list args;
- va_start(args, oflag);
- mode_t mode = va_arg(args, int);
- va_end(args);
+ if (OpenReadsVaArgs(oflag)) {
+ va_list args;
+ va_start(args, oflag);
+ const mode_t mode = va_arg(args, int);
+ va_end(args);
+ return REAL(openat)(fd, path, oflag, mode);
+ }
- const int result = REAL(openat)(fd, path, oflag, mode);
- return result;
+ return REAL(openat)(fd, path, oflag);
}
#if SANITIZER_INTERCEPT_OPENAT64
@@ -112,13 +118,15 @@ INTERCEPTOR(int, openat64, int fd, const char *path, int oflag, ...) {
// O_NONBLOCK
__rtsan_notify_intercepted_call("openat64");
- va_list args;
- va_start(args, oflag);
- mode_t mode = va_arg(args, int);
- va_end(args);
+ if (OpenReadsVaArgs(oflag)) {
+ va_list args;
+ va_start(args, oflag);
+ const mode_t mode = va_arg(args, int);
+ va_end(args);
+ return REAL(openat64)(fd, path, oflag, mode);
+ }
- const int result = REAL(openat64)(fd, path, oflag, mode);
- return result;
+ return REAL(openat64)(fd, path, oflag);
}
#define RTSAN_MAYBE_INTERCEPT_OPENAT64 INTERCEPT_FUNCTION(openat64)
#else
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_posix.cpp b/compiler-rt/lib/sanitizer_common/sanitizer_posix.cpp
index 7d7d5754319947..69af6465a62c2d 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_posix.cpp
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_posix.cpp
@@ -353,7 +353,15 @@ bool ShouldMockFailureToOpen(const char *path) {
internal_strncmp(path, "/proc/", 6) == 0;
}
-#if SANITIZER_LINUX && !SANITIZER_ANDROID && !SANITIZER_GO
+bool OpenReadsVaArgs(int oflag) {
+# ifdef O_TMPFILE
+ return (oflag & (O_CREAT | O_TMPFILE)) != 0;
+# else
+ return (oflag & O_CREAT) != 0;
+# endif
+}
+
+# if SANITIZER_LINUX && !SANITIZER_ANDROID && !SANITIZER_GO
int GetNamedMappingFd(const char *name, uptr size, int *flags) {
if (!common_flags()->decorate_proc_maps || !name)
return -1;
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_posix.h b/compiler-rt/lib/sanitizer_common/sanitizer_posix.h
index d0954f77e97136..1f0795caa420c7 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_posix.h
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_posix.h
@@ -108,6 +108,7 @@ bool IsStateDetached(int state);
fd_t ReserveStandardFds(fd_t fd);
bool ShouldMockFailureToOpen(const char *path);
+bool OpenReadsVaArgs(int oflag);
// Create a non-file mapping with a given /proc/self/maps name.
uptr MmapNamed(void *addr, uptr length, int prot, int flags, const char *name);
diff --git a/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp b/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp
index 53c876f4f9175f..423d97e94d81ae 100644
--- a/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp
+++ b/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp
@@ -1680,13 +1680,23 @@ TSAN_INTERCEPTOR(int, fstat64, int fd, void *buf) {
#endif
TSAN_INTERCEPTOR(int, open, const char *name, int oflag, ...) {
- va_list ap;
- va_start(ap, oflag);
- mode_t mode = va_arg(ap, int);
- va_end(ap);
+ mode_t mode = 0;
+ if (OpenReadsVaArgs(oflag)) {
+ va_list ap;
+ va_start(ap, oflag);
+ mode = va_arg(ap, int);
+ va_end(ap);
+ }
+
SCOPED_TSAN_INTERCEPTOR(open, name, oflag, mode);
READ_STRING(thr, pc, name, 0);
- int fd = REAL(open)(name, oflag, mode);
+
+ int fd;
+ if (OpenReadsVaArgs(oflag))
+ fd = REAL(open)(name, oflag, mode);
+ else
+ fd = REAL(open)(name, oflag);
+
if (fd >= 0)
FdFileCreate(thr, pc, fd);
return fd;
More information about the llvm-commits
mailing list