1 //===-- asan_interceptors_memintrinsics.h -----------------------*- C++ -*-===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===---------------------------------------------------------------------===// 8 // 9 // This file is a part of AddressSanitizer, an address sanity checker. 10 // 11 // ASan-private header for asan_interceptors_memintrinsics.cpp 12 //===---------------------------------------------------------------------===// 13 #ifndef ASAN_MEMINTRIN_H 14 #define ASAN_MEMINTRIN_H 15 16 #include "asan_interface_internal.h" 17 #include "asan_internal.h" 18 #include "asan_mapping.h" 19 #include "interception/interception.h" 20 21 DECLARE_REAL(void *, memcpy, void *to, const void *from, uptr size) 22 DECLARE_REAL(void *, memset, void *block, int c, uptr size) 23 24 namespace __asan { 25 26 // Return true if we can quickly decide that the region is unpoisoned. 27 // We assume that a redzone is at least 16 bytes. 28 static inline bool QuickCheckForUnpoisonedRegion(uptr beg, uptr size) { 29 if (UNLIKELY(size == 0 || size > sizeof(uptr) * ASAN_SHADOW_GRANULARITY)) 30 return !size; 31 32 uptr last = beg + size - 1; 33 uptr shadow_first = MEM_TO_SHADOW(beg); 34 uptr shadow_last = MEM_TO_SHADOW(last); 35 uptr uptr_first = RoundDownTo(shadow_first, sizeof(uptr)); 36 uptr uptr_last = RoundDownTo(shadow_last, sizeof(uptr)); 37 if (LIKELY(((*reinterpret_cast<const uptr *>(uptr_first) | 38 *reinterpret_cast<const uptr *>(uptr_last)) == 0))) 39 return true; 40 u8 shadow = AddressIsPoisoned(last); 41 for (; shadow_first < shadow_last; ++shadow_first) 42 shadow |= *((u8 *)shadow_first); 43 return !shadow; 44 } 45 46 struct AsanInterceptorContext { 47 const char *interceptor_name; 48 }; 49 50 // We implement ACCESS_MEMORY_RANGE, ASAN_READ_RANGE, 51 // and ASAN_WRITE_RANGE as macro instead of function so 52 // that no extra frames are created, and stack trace contains 53 // relevant information only. 54 // We check all shadow bytes. 55 #define ACCESS_MEMORY_RANGE(ctx, offset, size, isWrite) \ 56 do { \ 57 uptr __offset = (uptr)(offset); \ 58 uptr __size = (uptr)(size); \ 59 uptr __bad = 0; \ 60 if (UNLIKELY(__offset > __offset + __size)) { \ 61 GET_STACK_TRACE_FATAL_HERE; \ 62 ReportStringFunctionSizeOverflow(__offset, __size, &stack); \ 63 } \ 64 if (UNLIKELY(!QuickCheckForUnpoisonedRegion(__offset, __size)) && \ 65 (__bad = __asan_region_is_poisoned(__offset, __size))) { \ 66 AsanInterceptorContext *_ctx = (AsanInterceptorContext *)ctx; \ 67 bool suppressed = false; \ 68 if (_ctx) { \ 69 suppressed = IsInterceptorSuppressed(_ctx->interceptor_name); \ 70 if (!suppressed && HaveStackTraceBasedSuppressions()) { \ 71 GET_STACK_TRACE_FATAL_HERE; \ 72 suppressed = IsStackTraceSuppressed(&stack); \ 73 } \ 74 } \ 75 if (!suppressed) { \ 76 GET_CURRENT_PC_BP_SP; \ 77 ReportGenericError(pc, bp, sp, __bad, isWrite, __size, 0, false); \ 78 } \ 79 } \ 80 } while (0) 81 82 // memcpy is called during __asan_init() from the internals of printf(...). 83 // We do not treat memcpy with to==from as a bug. 84 // See http://llvm.org/bugs/show_bug.cgi?id=11763. 85 #define ASAN_MEMCPY_IMPL(ctx, to, from, size) \ 86 do { \ 87 if (LIKELY(replace_intrin_cached)) { \ 88 if (LIKELY(to != from)) { \ 89 CHECK_RANGES_OVERLAP("memcpy", to, size, from, size); \ 90 } \ 91 ASAN_READ_RANGE(ctx, from, size); \ 92 ASAN_WRITE_RANGE(ctx, to, size); \ 93 } else if (UNLIKELY(!asan_inited)) { \ 94 return internal_memcpy(to, from, size); \ 95 } \ 96 return REAL(memcpy)(to, from, size); \ 97 } while (0) 98 99 // memset is called inside Printf. 100 #define ASAN_MEMSET_IMPL(ctx, block, c, size) \ 101 do { \ 102 if (LIKELY(replace_intrin_cached)) { \ 103 ASAN_WRITE_RANGE(ctx, block, size); \ 104 } else if (UNLIKELY(!asan_inited)) { \ 105 return internal_memset(block, c, size); \ 106 } \ 107 return REAL(memset)(block, c, size); \ 108 } while (0) 109 110 #define ASAN_MEMMOVE_IMPL(ctx, to, from, size) \ 111 do { \ 112 if (LIKELY(replace_intrin_cached)) { \ 113 ASAN_READ_RANGE(ctx, from, size); \ 114 ASAN_WRITE_RANGE(ctx, to, size); \ 115 } \ 116 return internal_memmove(to, from, size); \ 117 } while (0) 118 119 #define ASAN_READ_RANGE(ctx, offset, size) \ 120 ACCESS_MEMORY_RANGE(ctx, offset, size, false) 121 #define ASAN_WRITE_RANGE(ctx, offset, size) \ 122 ACCESS_MEMORY_RANGE(ctx, offset, size, true) 123 124 // Behavior of functions like "memcpy" or "strcpy" is undefined 125 // if memory intervals overlap. We report error in this case. 126 // Macro is used to avoid creation of new frames. 127 static inline bool RangesOverlap(const char *offset1, uptr length1, 128 const char *offset2, uptr length2) { 129 return !((offset1 + length1 <= offset2) || (offset2 + length2 <= offset1)); 130 } 131 #define CHECK_RANGES_OVERLAP(name, _offset1, length1, _offset2, length2) \ 132 do { \ 133 const char *offset1 = (const char *)_offset1; \ 134 const char *offset2 = (const char *)_offset2; \ 135 if (UNLIKELY(RangesOverlap(offset1, length1, offset2, length2))) { \ 136 GET_STACK_TRACE_FATAL_HERE; \ 137 bool suppressed = IsInterceptorSuppressed(name); \ 138 if (!suppressed && HaveStackTraceBasedSuppressions()) { \ 139 suppressed = IsStackTraceSuppressed(&stack); \ 140 } \ 141 if (!suppressed) { \ 142 ReportStringFunctionMemoryRangesOverlap(name, offset1, length1, \ 143 offset2, length2, &stack); \ 144 } \ 145 } \ 146 } while (0) 147 148 } // namespace __asan 149 150 #endif // ASAN_MEMINTRIN_H 151