Revert "[msan] Check qsort input." and "[msan] Intercept qsort, qsort_r."
Temporarily revert the qsort changes because they fail to build on bots that build with modules: > error: thread-local storage is not supported for the current > target (iossim) http://green.lab.llvm.org/green/job/clang-stage2-Rthinlto/1820/console http://green.lab.llvm.org/green/view/LLDB/job/lldb-cmake/4983/console This reverts commitddf897fc80
. This reverts commit07861e955d
.
This commit is contained in:
parent
3fa39c3a79
commit
60236fedc9
|
@ -9639,93 +9639,6 @@ INTERCEPTOR(int, getentropy, void *buf, SIZE_T buflen) {
|
||||||
#define INIT_GETENTROPY
|
#define INIT_GETENTROPY
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if SANITIZER_INTERCEPT_QSORT
|
|
||||||
// Glibc qsort uses a temporary buffer allocated either on stack or on heap.
|
|
||||||
// Poisoned memory from there may get copied into the comparator arguments,
|
|
||||||
// where it needs to be dealt with. But even that is not enough - the results of
|
|
||||||
// the sort may be copied into the input/output array based on the results of
|
|
||||||
// the comparator calls, but directly from the temp memory, bypassing the
|
|
||||||
// unpoisoning done in wrapped_qsort_compar. We deal with this by, again,
|
|
||||||
// unpoisoning the entire array after the sort is done.
|
|
||||||
//
|
|
||||||
// We can not check that the entire array is initialized at the beginning. IMHO,
|
|
||||||
// it's fine for parts of the sorted objects to contain uninitialized memory,
|
|
||||||
// ex. as padding in structs.
|
|
||||||
typedef int (*qsort_compar_f)(const void *, const void *);
|
|
||||||
static THREADLOCAL qsort_compar_f qsort_compar;
|
|
||||||
static THREADLOCAL SIZE_T qsort_size;
|
|
||||||
int wrapped_qsort_compar(const void *a, const void *b) {
|
|
||||||
COMMON_INTERCEPTOR_UNPOISON_PARAM(2);
|
|
||||||
COMMON_INTERCEPTOR_INITIALIZE_RANGE(a, qsort_size);
|
|
||||||
COMMON_INTERCEPTOR_INITIALIZE_RANGE(b, qsort_size);
|
|
||||||
return qsort_compar(a, b);
|
|
||||||
}
|
|
||||||
|
|
||||||
INTERCEPTOR(void, qsort, void *base, SIZE_T nmemb, SIZE_T size,
|
|
||||||
qsort_compar_f compar) {
|
|
||||||
void *ctx;
|
|
||||||
COMMON_INTERCEPTOR_ENTER(ctx, qsort, base, nmemb, size, compar);
|
|
||||||
// Run the comparator over all array elements to detect any memory issues.
|
|
||||||
for (SIZE_T i = 0; i < nmemb; ++i) {
|
|
||||||
void *p = (void *)((char *)base + i * size);
|
|
||||||
COMMON_INTERCEPTOR_UNPOISON_PARAM(2);
|
|
||||||
// Compare each element with itself to trigger an equality check, which
|
|
||||||
// typically requires the comparator to look as many of the object fields as
|
|
||||||
// possible.
|
|
||||||
compar(p, p);
|
|
||||||
}
|
|
||||||
qsort_compar_f old_compar = qsort_compar;
|
|
||||||
qsort_compar = compar;
|
|
||||||
SIZE_T old_size = qsort_size;
|
|
||||||
qsort_size = size;
|
|
||||||
REAL(qsort)(base, nmemb, size, wrapped_qsort_compar);
|
|
||||||
qsort_compar = old_compar;
|
|
||||||
qsort_size = old_size;
|
|
||||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, base, nmemb * size);
|
|
||||||
}
|
|
||||||
#define INIT_QSORT COMMON_INTERCEPT_FUNCTION(qsort)
|
|
||||||
#else
|
|
||||||
#define INIT_QSORT
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if SANITIZER_INTERCEPT_QSORT_R
|
|
||||||
typedef int (*qsort_r_compar_f)(const void *, const void *, void *);
|
|
||||||
static THREADLOCAL qsort_r_compar_f qsort_r_compar;
|
|
||||||
static THREADLOCAL SIZE_T qsort_r_size;
|
|
||||||
int wrapped_qsort_r_compar(const void *a, const void *b, void *arg) {
|
|
||||||
COMMON_INTERCEPTOR_UNPOISON_PARAM(3);
|
|
||||||
COMMON_INTERCEPTOR_INITIALIZE_RANGE(a, qsort_r_size);
|
|
||||||
COMMON_INTERCEPTOR_INITIALIZE_RANGE(b, qsort_r_size);
|
|
||||||
return qsort_r_compar(a, b, arg);
|
|
||||||
}
|
|
||||||
|
|
||||||
INTERCEPTOR(void, qsort_r, void *base, SIZE_T nmemb, SIZE_T size,
|
|
||||||
qsort_r_compar_f compar, void *arg) {
|
|
||||||
void *ctx;
|
|
||||||
COMMON_INTERCEPTOR_ENTER(ctx, qsort_r, base, nmemb, size, compar, arg);
|
|
||||||
// Run the comparator over all array elements to detect any memory issues.
|
|
||||||
for (SIZE_T i = 0; i < nmemb; ++i) {
|
|
||||||
void *p = (void *)((char *)base + i * size);
|
|
||||||
COMMON_INTERCEPTOR_UNPOISON_PARAM(3);
|
|
||||||
// Compare each element with itself to trigger an equality check, which
|
|
||||||
// typically requires the comparator to look as many of the object fields as
|
|
||||||
// possible.
|
|
||||||
compar(p, p, arg);
|
|
||||||
}
|
|
||||||
qsort_r_compar_f old_compar = qsort_r_compar;
|
|
||||||
qsort_r_compar = compar;
|
|
||||||
SIZE_T old_size = qsort_r_size;
|
|
||||||
qsort_r_size = size;
|
|
||||||
REAL(qsort_r)(base, nmemb, size, wrapped_qsort_r_compar, arg);
|
|
||||||
qsort_r_compar = old_compar;
|
|
||||||
qsort_r_size = old_size;
|
|
||||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, base, nmemb * size);
|
|
||||||
}
|
|
||||||
#define INIT_QSORT_R COMMON_INTERCEPT_FUNCTION(qsort_r)
|
|
||||||
#else
|
|
||||||
#define INIT_QSORT_R
|
|
||||||
#endif
|
|
||||||
|
|
||||||
static void InitializeCommonInterceptors() {
|
static void InitializeCommonInterceptors() {
|
||||||
#if SI_POSIX
|
#if SI_POSIX
|
||||||
static u64 metadata_mem[sizeof(MetadataHashMap) / sizeof(u64) + 1];
|
static u64 metadata_mem[sizeof(MetadataHashMap) / sizeof(u64) + 1];
|
||||||
|
@ -10027,8 +9940,6 @@ static void InitializeCommonInterceptors() {
|
||||||
INIT_CRYPT;
|
INIT_CRYPT;
|
||||||
INIT_CRYPT_R;
|
INIT_CRYPT_R;
|
||||||
INIT_GETENTROPY;
|
INIT_GETENTROPY;
|
||||||
INIT_QSORT;
|
|
||||||
INIT_QSORT_R;
|
|
||||||
|
|
||||||
INIT___PRINTF_CHK;
|
INIT___PRINTF_CHK;
|
||||||
}
|
}
|
||||||
|
|
|
@ -575,7 +575,5 @@
|
||||||
#define SANITIZER_INTERCEPT_ATEXIT SI_NETBSD
|
#define SANITIZER_INTERCEPT_ATEXIT SI_NETBSD
|
||||||
#define SANITIZER_INTERCEPT_PTHREAD_ATFORK SI_NETBSD
|
#define SANITIZER_INTERCEPT_PTHREAD_ATFORK SI_NETBSD
|
||||||
#define SANITIZER_INTERCEPT_GETENTROPY SI_FREEBSD
|
#define SANITIZER_INTERCEPT_GETENTROPY SI_FREEBSD
|
||||||
#define SANITIZER_INTERCEPT_QSORT SI_POSIX
|
|
||||||
#define SANITIZER_INTERCEPT_QSORT_R (SI_LINUX && !SI_ANDROID)
|
|
||||||
|
|
||||||
#endif // #ifndef SANITIZER_PLATFORM_INTERCEPTORS_H
|
#endif // #ifndef SANITIZER_PLATFORM_INTERCEPTORS_H
|
||||||
|
|
|
@ -1,78 +0,0 @@
|
||||||
// RUN: %clangxx_msan -O0 -g %s -o %t && %run %t
|
|
||||||
// RUN: %clangxx_msan -DPOISON -O0 -g %s -o %t && not %run %t 2>&1 | FileCheck %s
|
|
||||||
|
|
||||||
#include <assert.h>
|
|
||||||
#include <errno.h>
|
|
||||||
#include <glob.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
#include <sanitizer/msan_interface.h>
|
|
||||||
|
|
||||||
constexpr size_t kSize1 = 27;
|
|
||||||
constexpr size_t kSize2 = 7;
|
|
||||||
|
|
||||||
bool seen2;
|
|
||||||
|
|
||||||
void dummy(long a, long b, long c, long d, long e) {}
|
|
||||||
|
|
||||||
void poison_stack_and_param() {
|
|
||||||
char x[10000];
|
|
||||||
int y;
|
|
||||||
dummy(y, y, y, y, y);
|
|
||||||
}
|
|
||||||
|
|
||||||
__attribute__((always_inline)) int cmp(long a, long b) {
|
|
||||||
if (a < b)
|
|
||||||
return -1;
|
|
||||||
else if (a > b)
|
|
||||||
return 1;
|
|
||||||
else
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int compar2(const void *a, const void *b) {
|
|
||||||
assert(a);
|
|
||||||
assert(b);
|
|
||||||
__msan_check_mem_is_initialized(a, sizeof(long));
|
|
||||||
__msan_check_mem_is_initialized(b, sizeof(long));
|
|
||||||
seen2 = true;
|
|
||||||
poison_stack_and_param();
|
|
||||||
return cmp(*(long *)a, *(long *)b);
|
|
||||||
}
|
|
||||||
|
|
||||||
int compar1(const void *a, const void *b) {
|
|
||||||
assert(a);
|
|
||||||
assert(b);
|
|
||||||
__msan_check_mem_is_initialized(a, sizeof(long));
|
|
||||||
__msan_check_mem_is_initialized(b, sizeof(long));
|
|
||||||
|
|
||||||
long *p = new long[kSize2];
|
|
||||||
// kind of random
|
|
||||||
for (int i = 0; i < kSize2; ++i)
|
|
||||||
p[i] = i * 2 + (i % 3 - 1) * 3;
|
|
||||||
qsort(p, kSize1, sizeof(long), compar2);
|
|
||||||
__msan_check_mem_is_initialized(p, sizeof(long) * kSize2);
|
|
||||||
delete[] p;
|
|
||||||
|
|
||||||
poison_stack_and_param();
|
|
||||||
return cmp(*(long *)a, *(long *)b);
|
|
||||||
}
|
|
||||||
|
|
||||||
int main(int argc, char *argv[]) {
|
|
||||||
long *p = new long[kSize1];
|
|
||||||
// kind of random
|
|
||||||
for (int i = 0; i < kSize1; ++i)
|
|
||||||
p[i] = i * 2 + (i % 3 - 1) * 3;
|
|
||||||
poison_stack_and_param();
|
|
||||||
#ifdef POISON
|
|
||||||
__msan_poison(p + 1, sizeof(long));
|
|
||||||
// CHECK: Uninitialized bytes in __msan_check_mem_is_initialized at offset 0 inside [{{.*}}, 8)
|
|
||||||
#endif
|
|
||||||
qsort(p, kSize1, sizeof(long), compar1);
|
|
||||||
__msan_check_mem_is_initialized(p, sizeof(long) * kSize1);
|
|
||||||
assert(seen2);
|
|
||||||
delete[] p;
|
|
||||||
return 0;
|
|
||||||
}
|
|
Loading…
Reference in New Issue