[llvm-dev] dataflow sanitizer does not track the label of the data obtained through va_arg
bird song via llvm-dev
llvm-dev at lists.llvm.org
Thu Oct 22 23:30:23 PDT 2020
Example:
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <sanitizer/dfsan_interface.h>
dfsan_label global_labels[2048];
int test1(const char *format, int data)
{
printf("label1:%hu\n", dfsan_get_label(data));
printf(format, data);
return 0;
}
int test2(const char *format, ...)
{
va_list ap;
int data;
va_start(ap, format);
data = va_arg(ap, int);
printf("label2:%hu\n", dfsan_get_label(data));
printf(format, data);
va_end(ap);
return 0;
}
int main(int argc, char **argv)
{
char buf[0x20] = {0};
*(int *)buf = 0x41414141;
char tmp[16] = {0};
for (size_t i = 0; i < sizeof(buf); i++)
{
snprintf(tmp, sizeof(tmp), "%zu", i);
global_labels[i] = dfsan_create_label(tmp, NULL);
}
for (size_t i = 0; i < sizeof(buf); i++)
{
dfsan_set_label(global_labels[i], buf + i, 1);
}
int data = *(int *)buf;
printf("label0:%hu\n", dfsan_get_label(data));
test1("test1 %x\n", data);
test2("test2 %x\n", data);
}
$ clang -fsanitize=dataflow test.cc
$ ./a.out
label0:35
label1:35
test1 41414141
label2:0
test2 41414141
The data in the test2 function does not get the label.
More information about the llvm-dev
mailing list