OSchip
/
llvm-project
mirror of https://github.com/THU-DSP-LAB/llvm-project.git
13
0
Fork 6
Code Issues Packages Projects Releases Wiki Activity

[asan] Fix strncmp and strncasecmp interceptors 

Summary:
In non-strict mode we will check memory access for both strings from beginning
to either:
  1. 0-char
  2. size
  3. different chars

In strict mode we will check from beginning to either:
  1. 0-char
  2. size

Previously in strict mode we always checked up to the 0-char.

Reviewers: kcc, eugenis

Subscribers: llvm-commits, kubabrecka

Differential Revision: https://reviews.llvm.org/D26574

llvm-svn: 286708
This commit is contained in:
Vitaly Buka 2016-11-12 04:32:31 +00:00
parent c1f8e1f35c
commit c557191b21
2 changed files with 90 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
View File

@ -304,8 +304,14 @@ INTERCEPTOR(int, strncmp, const char *s1, const char *s2, uptr size) {
c2 = (unsigned char)s2[i]; c2 = (unsigned char)s2[i];
if (c1 != c2 || c1 == '\0') break; if (c1 != c2 || c1 == '\0') break;
} }
COMMON_INTERCEPTOR_READ_STRING(ctx, s1, Min(i + 1, size)); uptr i1 = i;
COMMON_INTERCEPTOR_READ_STRING(ctx, s2, Min(i + 1, size)); uptr i2 = i;
if (common_flags()->strict_string_checks) {
for (; i1 < size && s1[i1]; i1++) {}
for (; i2 < size && s2[i2]; i2++) {}
}
COMMON_INTERCEPTOR_READ_RANGE((ctx), (s1), Min(i1 + 1, size));
COMMON_INTERCEPTOR_READ_RANGE((ctx), (s2), Min(i2 + 1, size));
int result = CharCmpX(c1, c2); int result = CharCmpX(c1, c2);
CALL_WEAK_INTERCEPTOR_HOOK(__sanitizer_weak_hook_strncmp, GET_CALLER_PC(), s1, CALL_WEAK_INTERCEPTOR_HOOK(__sanitizer_weak_hook_strncmp, GET_CALLER_PC(), s1,
s2, size, result); s2, size, result);
@ -348,24 +354,30 @@ INTERCEPTOR(int, strcasecmp, const char *s1, const char *s2) {
} }
DECLARE_WEAK_INTERCEPTOR_HOOK(__sanitizer_weak_hook_strncasecmp, uptr called_pc, DECLARE_WEAK_INTERCEPTOR_HOOK(__sanitizer_weak_hook_strncasecmp, uptr called_pc,
const char *s1, const char *s2, uptr n, const char *s1, const char *s2, uptr size,
int result) int result)
INTERCEPTOR(int, strncasecmp, const char *s1, const char *s2, SIZE_T n) { INTERCEPTOR(int, strncasecmp, const char *s1, const char *s2, SIZE_T size) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strncasecmp, s1, s2, n); COMMON_INTERCEPTOR_ENTER(ctx, strncasecmp, s1, s2, size);
unsigned char c1 = 0, c2 = 0; unsigned char c1 = 0, c2 = 0;
uptr i; uptr i;
for (i = 0; i < n; i++) { for (i = 0; i < size; i++) {
c1 = (unsigned char)s1[i]; c1 = (unsigned char)s1[i];
c2 = (unsigned char)s2[i]; c2 = (unsigned char)s2[i];
if (CharCaseCmp(c1, c2) != 0 || c1 == '\0') break; if (CharCaseCmp(c1, c2) != 0 || c1 == '\0') break;
} }
COMMON_INTERCEPTOR_READ_RANGE(ctx, s1, Min(i + 1, n)); uptr i1 = i;
COMMON_INTERCEPTOR_READ_RANGE(ctx, s2, Min(i + 1, n)); uptr i2 = i;
if (common_flags()->strict_string_checks) {
for (; i1 < size && s1[i1]; i1++) {}
for (; i2 < size && s2[i2]; i2++) {}
}
COMMON_INTERCEPTOR_READ_RANGE((ctx), (s1), Min(i1 + 1, size));
COMMON_INTERCEPTOR_READ_RANGE((ctx), (s2), Min(i2 + 1, size));
int result = CharCaseCmp(c1, c2); int result = CharCaseCmp(c1, c2);
CALL_WEAK_INTERCEPTOR_HOOK(__sanitizer_weak_hook_strncasecmp, GET_CALLER_PC(), CALL_WEAK_INTERCEPTOR_HOOK(__sanitizer_weak_hook_strncasecmp, GET_CALLER_PC(),
s1, s2, n, result); s1, s2, size, result);
return result; return result;
} }

83
compiler-rt/test/asan/TestCases/strncmp_strict.c
View File

@ -1,26 +1,81 @@
// Test strict_string_checks option in strncmp function // Test strict_string_checks option in strncmp function
// RUN: %clang_asan %s -o %t && %run %t 2>&1 // RUN: %clang_asan %s -o %t
// RUN: %env_asan_opts=strict_string_checks=false %run %t 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t 2>&1 | FileCheck %s // RUN: %env_asan_opts=strict_string_checks=false %run %t a 2>&1
// RUN: %env_asan_opts=strict_string_checks=true %run %t a 2>&1
// RUN: not %run %t b 2>&1 | FileCheck %s
// RUN: not %run %t c 2>&1 | FileCheck %s
// RUN: not %run %t d 2>&1 | FileCheck %s
// RUN: not %run %t e 2>&1 | FileCheck %s
// RUN: not %run %t f 2>&1 | FileCheck %s
// RUN: not %run %t g 2>&1 | FileCheck %s
// RUN: %env_asan_opts=strict_string_checks=false %run %t h 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t h 2>&1 | FileCheck %s
// RUN: %env_asan_opts=strict_string_checks=false %run %t i 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t i 2>&1 | FileCheck %s
// RUN: %env_asan_opts=strict_string_checks=false %run %t A 2>&1
// RUN: %env_asan_opts=strict_string_checks=true %run %t A 2>&1
// RUN: not %run %t B 2>&1 | FileCheck %s
// RUN: not %run %t C 2>&1 | FileCheck %s
// RUN: not %run %t D 2>&1 | FileCheck %s
// RUN: not %run %t E 2>&1 | FileCheck %s
// RUN: not %run %t F 2>&1 | FileCheck %s
// RUN: not %run %t G 2>&1 | FileCheck %s
// RUN: %env_asan_opts=strict_string_checks=false %run %t H 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t H 2>&1 | FileCheck %s
// RUN: %env_asan_opts=strict_string_checks=false %run %t I 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t I 2>&1 | FileCheck %s
#include <assert.h> #include <assert.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h>
#include <string.h> #include <string.h>
#include <ctype.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
size_t size = 100; assert(argc >= 2);
const size_t size = 100;
char fill = 'o'; char fill = 'o';
char *s1 = (char*)malloc(size); char s1[size];
char s2[size];
memset(s1, fill, size); memset(s1, fill, size);
char *s2 = (char*)malloc(size);
memset(s2, fill, size); memset(s2, fill, size);
s1[size - 1] = 'z';
s2[size - 1] = 'x'; int (*cmp_fn)(const char *, const char *, size_t);
int r = strncmp(s1, s2, size + 1); cmp_fn = islower(argv[1][0]) ? &strncmp : &strncasecmp;
// CHECK: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
// CHECK: READ of size 101 switch(tolower(argv[1][0])) {
assert(r == 1); case 'a':
free(s1); s1[size - 1] = 'z';
free(s2); s2[size - 1] = 'x';
for (int i = 0; i <= size; ++i)
assert((cmp_fn(s1, s2, i) == 0) == (i < size));
s1[size - 1] = '\0';
s2[size - 1] = '\0';
assert(cmp_fn(s1, s2, 2*size) == 0);
break;
case 'b':
return cmp_fn(s1-1, s2, 1);
case 'c':
return cmp_fn(s1, s2-1, 1);
case 'd':
return cmp_fn(s1+size, s2, 1);
case 'e':
return cmp_fn(s1, s2+size, 1);
case 'f':
return cmp_fn(s1+1, s2, size);
case 'g':
return cmp_fn(s1, s2+1, size);
case 'h':
s1[size - 1] = '\0';
assert(cmp_fn(s1, s2, 2*size) != 0);
break;
case 'i':
s2[size - 1] = '\0';
assert(cmp_fn(s1, s2, 2*size) != 0);
break;
// CHECK: {{.*}}ERROR: AddressSanitizer: stack-buffer-{{ov|und}}erflow on address
}
return 0; return 0;
} }