[llvm-dev] LLVM Call Graph may not cover all calls
cszide via llvm-dev
llvm-dev at lists.llvm.org
Fri Nov 16 17:38:02 PST 2018
Hi,
I also have the same problem and I wrote some codes to mitigate this problem.
You can find it on github https://github.com/coffezhou/OverCG. I try it on the IR you
provided and it can get the call relationship from fsdither -> TIFFWriteScanLine.
I hope it can help you.
Best,
Zhide
At 2018-11-09 00:44:18, "changze cui via llvm-dev" <llvm-dev at lists.llvm.org> wrote:
Hi there,
I am working with opt-6.0 and try to generate a call graph of libsndfile, but it seems the call graph doesn't cover all call relationship.
Actually, I am doing static analysis on CVE-2014-8130, which is a zero division on libtiff/tif_write.c TIFFWriteScanline. (see https://security-tracker.debian.org/tracker/CVE-2014-8130)
Theoretically, the main function in tiffdither.c will call fsdither, and fsdither will call TIFFWriteScanLine. main (tiffdither.c) -> fsdither (tiffdither.c) -> TIFFWriteScanLine (tif_write.c)
I want to get a call graph of the buggy program tiffdither but I find the call graph generated doesn't cover the call relationship from fsdither -> TIFFWriteScanLine.
For short, the call graph now shows TIFFWriteScanLine is only called by an external node.
I already compile tiffdither, and I upload it as an attached file. I also write a small python to help analyze the dot file.
Actually, I do opt-6.0 -analyze -dot-callgraph tiffdither.bc to generate the dot file. And then modify the dotPath in dotHandle.py. You can modify the python code to help analyze.
I can't figure out why this happens, and I will be very appreciate if you can help!
Thanks & Regards,
Chaz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20181117/0b6f5545/attachment.html>
More information about the llvm-dev
mailing list