1*490215a3Smrg //===-- asan_interceptors.cc ----------------------------------------------===//
2*490215a3Smrg //
3*490215a3Smrg // This file is distributed under the University of Illinois Open Source
4*490215a3Smrg // License. See LICENSE.TXT for details.
5*490215a3Smrg //
6*490215a3Smrg //===----------------------------------------------------------------------===//
7*490215a3Smrg //
8*490215a3Smrg // This file is a part of AddressSanitizer, an address sanity checker.
9*490215a3Smrg //
10*490215a3Smrg // Intercept various libc functions.
11*490215a3Smrg //===----------------------------------------------------------------------===//
12*490215a3Smrg
13*490215a3Smrg #include "asan_interceptors.h"
14*490215a3Smrg #include "asan_allocator.h"
15*490215a3Smrg #include "asan_internal.h"
16*490215a3Smrg #include "asan_mapping.h"
17*490215a3Smrg #include "asan_poisoning.h"
18*490215a3Smrg #include "asan_report.h"
19*490215a3Smrg #include "asan_stack.h"
20*490215a3Smrg #include "asan_stats.h"
21*490215a3Smrg #include "asan_suppressions.h"
22*490215a3Smrg #include "lsan/lsan_common.h"
23*490215a3Smrg #include "sanitizer_common/sanitizer_libc.h"
24*490215a3Smrg
25*490215a3Smrg // There is no general interception at all on Fuchsia and RTEMS.
26*490215a3Smrg // Only the functions in asan_interceptors_memintrinsics.cc are
27*490215a3Smrg // really defined to replace libc functions.
28*490215a3Smrg #if !SANITIZER_FUCHSIA && !SANITIZER_RTEMS
29*490215a3Smrg
30*490215a3Smrg #if SANITIZER_POSIX
31*490215a3Smrg #include "sanitizer_common/sanitizer_posix.h"
32*490215a3Smrg #endif
33*490215a3Smrg
34*490215a3Smrg #if ASAN_INTERCEPT__UNWIND_RAISEEXCEPTION || \
35*490215a3Smrg ASAN_INTERCEPT__SJLJ_UNWIND_RAISEEXCEPTION
36*490215a3Smrg #include <unwind.h>
37*490215a3Smrg #endif
38*490215a3Smrg
39*490215a3Smrg #if defined(__i386) && SANITIZER_LINUX
40*490215a3Smrg #define ASAN_PTHREAD_CREATE_VERSION "GLIBC_2.1"
41*490215a3Smrg #elif defined(__mips__) && SANITIZER_LINUX
42*490215a3Smrg #define ASAN_PTHREAD_CREATE_VERSION "GLIBC_2.2"
43*490215a3Smrg #endif
44*490215a3Smrg
45*490215a3Smrg namespace __asan {
46*490215a3Smrg
47*490215a3Smrg #define ASAN_READ_STRING_OF_LEN(ctx, s, len, n) \
48*490215a3Smrg ASAN_READ_RANGE((ctx), (s), \
49*490215a3Smrg common_flags()->strict_string_checks ? (len) + 1 : (n))
50*490215a3Smrg
51*490215a3Smrg #define ASAN_READ_STRING(ctx, s, n) \
52*490215a3Smrg ASAN_READ_STRING_OF_LEN((ctx), (s), REAL(strlen)(s), (n))
53*490215a3Smrg
MaybeRealStrnlen(const char * s,uptr maxlen)54*490215a3Smrg static inline uptr MaybeRealStrnlen(const char *s, uptr maxlen) {
55*490215a3Smrg #if SANITIZER_INTERCEPT_STRNLEN
56*490215a3Smrg if (REAL(strnlen)) {
57*490215a3Smrg return REAL(strnlen)(s, maxlen);
58*490215a3Smrg }
59*490215a3Smrg #endif
60*490215a3Smrg return internal_strnlen(s, maxlen);
61*490215a3Smrg }
62*490215a3Smrg
SetThreadName(const char * name)63*490215a3Smrg void SetThreadName(const char *name) {
64*490215a3Smrg AsanThread *t = GetCurrentThread();
65*490215a3Smrg if (t)
66*490215a3Smrg asanThreadRegistry().SetThreadName(t->tid(), name);
67*490215a3Smrg }
68*490215a3Smrg
OnExit()69*490215a3Smrg int OnExit() {
70*490215a3Smrg if (CAN_SANITIZE_LEAKS && common_flags()->detect_leaks &&
71*490215a3Smrg __lsan::HasReportedLeaks()) {
72*490215a3Smrg return common_flags()->exitcode;
73*490215a3Smrg }
74*490215a3Smrg // FIXME: ask frontend whether we need to return failure.
75*490215a3Smrg return 0;
76*490215a3Smrg }
77*490215a3Smrg
78*490215a3Smrg } // namespace __asan
79*490215a3Smrg
80*490215a3Smrg // ---------------------- Wrappers ---------------- {{{1
81*490215a3Smrg using namespace __asan; // NOLINT
82*490215a3Smrg
83*490215a3Smrg DECLARE_REAL_AND_INTERCEPTOR(void *, malloc, uptr)
84*490215a3Smrg DECLARE_REAL_AND_INTERCEPTOR(void, free, void *)
85*490215a3Smrg
86*490215a3Smrg #define ASAN_INTERCEPTOR_ENTER(ctx, func) \
87*490215a3Smrg AsanInterceptorContext _ctx = {#func}; \
88*490215a3Smrg ctx = (void *)&_ctx; \
89*490215a3Smrg (void) ctx; \
90*490215a3Smrg
91*490215a3Smrg #define COMMON_INTERCEPT_FUNCTION(name) ASAN_INTERCEPT_FUNC(name)
92*490215a3Smrg #define COMMON_INTERCEPT_FUNCTION_VER(name, ver) \
93*490215a3Smrg ASAN_INTERCEPT_FUNC_VER(name, ver)
94*490215a3Smrg #define COMMON_INTERCEPTOR_WRITE_RANGE(ctx, ptr, size) \
95*490215a3Smrg ASAN_WRITE_RANGE(ctx, ptr, size)
96*490215a3Smrg #define COMMON_INTERCEPTOR_READ_RANGE(ctx, ptr, size) \
97*490215a3Smrg ASAN_READ_RANGE(ctx, ptr, size)
98*490215a3Smrg #define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \
99*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, func); \
100*490215a3Smrg do { \
101*490215a3Smrg if (asan_init_is_running) \
102*490215a3Smrg return REAL(func)(__VA_ARGS__); \
103*490215a3Smrg if (SANITIZER_MAC && UNLIKELY(!asan_inited)) \
104*490215a3Smrg return REAL(func)(__VA_ARGS__); \
105*490215a3Smrg ENSURE_ASAN_INITED(); \
106*490215a3Smrg } while (false)
107*490215a3Smrg #define COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path) \
108*490215a3Smrg do { \
109*490215a3Smrg } while (false)
110*490215a3Smrg #define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \
111*490215a3Smrg do { \
112*490215a3Smrg } while (false)
113*490215a3Smrg #define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \
114*490215a3Smrg do { \
115*490215a3Smrg } while (false)
116*490215a3Smrg #define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \
117*490215a3Smrg do { \
118*490215a3Smrg } while (false)
119*490215a3Smrg #define COMMON_INTERCEPTOR_SET_THREAD_NAME(ctx, name) SetThreadName(name)
120*490215a3Smrg // Should be asanThreadRegistry().SetThreadNameByUserId(thread, name)
121*490215a3Smrg // But asan does not remember UserId's for threads (pthread_t);
122*490215a3Smrg // and remembers all ever existed threads, so the linear search by UserId
123*490215a3Smrg // can be slow.
124*490215a3Smrg #define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \
125*490215a3Smrg do { \
126*490215a3Smrg } while (false)
127*490215a3Smrg #define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name)
128*490215a3Smrg // Strict init-order checking is dlopen-hostile:
129*490215a3Smrg // https://github.com/google/sanitizers/issues/178
130*490215a3Smrg #define COMMON_INTERCEPTOR_ON_DLOPEN(filename, flag) \
131*490215a3Smrg do { \
132*490215a3Smrg if (flags()->strict_init_order) \
133*490215a3Smrg StopInitOrderChecking(); \
134*490215a3Smrg CheckNoDeepBind(filename, flag); \
135*490215a3Smrg } while (false)
136*490215a3Smrg #define COMMON_INTERCEPTOR_ON_EXIT(ctx) OnExit()
137*490215a3Smrg #define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle)
138*490215a3Smrg #define COMMON_INTERCEPTOR_LIBRARY_UNLOADED()
139*490215a3Smrg #define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED (!asan_inited)
140*490215a3Smrg #define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) \
141*490215a3Smrg if (AsanThread *t = GetCurrentThread()) { \
142*490215a3Smrg *begin = t->tls_begin(); \
143*490215a3Smrg *end = t->tls_end(); \
144*490215a3Smrg } else { \
145*490215a3Smrg *begin = *end = 0; \
146*490215a3Smrg }
147*490215a3Smrg
148*490215a3Smrg #define COMMON_INTERCEPTOR_MEMMOVE_IMPL(ctx, to, from, size) \
149*490215a3Smrg do { \
150*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, memmove); \
151*490215a3Smrg ASAN_MEMMOVE_IMPL(ctx, to, from, size); \
152*490215a3Smrg } while (false)
153*490215a3Smrg
154*490215a3Smrg #define COMMON_INTERCEPTOR_MEMCPY_IMPL(ctx, to, from, size) \
155*490215a3Smrg do { \
156*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, memcpy); \
157*490215a3Smrg ASAN_MEMCPY_IMPL(ctx, to, from, size); \
158*490215a3Smrg } while (false)
159*490215a3Smrg
160*490215a3Smrg #define COMMON_INTERCEPTOR_MEMSET_IMPL(ctx, block, c, size) \
161*490215a3Smrg do { \
162*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, memset); \
163*490215a3Smrg ASAN_MEMSET_IMPL(ctx, block, c, size); \
164*490215a3Smrg } while (false)
165*490215a3Smrg
166*490215a3Smrg #if CAN_SANITIZE_LEAKS
167*490215a3Smrg #define COMMON_INTERCEPTOR_STRERROR() \
168*490215a3Smrg __lsan::ScopedInterceptorDisabler disabler
169*490215a3Smrg #endif
170*490215a3Smrg
171*490215a3Smrg #include "sanitizer_common/sanitizer_common_interceptors.inc"
172*490215a3Smrg #include "sanitizer_common/sanitizer_signal_interceptors.inc"
173*490215a3Smrg
174*490215a3Smrg // Syscall interceptors don't have contexts, we don't support suppressions
175*490215a3Smrg // for them.
176*490215a3Smrg #define COMMON_SYSCALL_PRE_READ_RANGE(p, s) ASAN_READ_RANGE(nullptr, p, s)
177*490215a3Smrg #define COMMON_SYSCALL_PRE_WRITE_RANGE(p, s) ASAN_WRITE_RANGE(nullptr, p, s)
178*490215a3Smrg #define COMMON_SYSCALL_POST_READ_RANGE(p, s) \
179*490215a3Smrg do { \
180*490215a3Smrg (void)(p); \
181*490215a3Smrg (void)(s); \
182*490215a3Smrg } while (false)
183*490215a3Smrg #define COMMON_SYSCALL_POST_WRITE_RANGE(p, s) \
184*490215a3Smrg do { \
185*490215a3Smrg (void)(p); \
186*490215a3Smrg (void)(s); \
187*490215a3Smrg } while (false)
188*490215a3Smrg #include "sanitizer_common/sanitizer_common_syscalls.inc"
189*490215a3Smrg #include "sanitizer_common/sanitizer_syscalls_netbsd.inc"
190*490215a3Smrg
191*490215a3Smrg struct ThreadStartParam {
192*490215a3Smrg atomic_uintptr_t t;
193*490215a3Smrg atomic_uintptr_t is_registered;
194*490215a3Smrg };
195*490215a3Smrg
196*490215a3Smrg #if ASAN_INTERCEPT_PTHREAD_CREATE
asan_thread_start(void * arg)197*490215a3Smrg static thread_return_t THREAD_CALLING_CONV asan_thread_start(void *arg) {
198*490215a3Smrg ThreadStartParam *param = reinterpret_cast<ThreadStartParam *>(arg);
199*490215a3Smrg AsanThread *t = nullptr;
200*490215a3Smrg while ((t = reinterpret_cast<AsanThread *>(
201*490215a3Smrg atomic_load(¶m->t, memory_order_acquire))) == nullptr)
202*490215a3Smrg internal_sched_yield();
203*490215a3Smrg SetCurrentThread(t);
204*490215a3Smrg return t->ThreadStart(GetTid(), ¶m->is_registered);
205*490215a3Smrg }
206*490215a3Smrg
INTERCEPTOR(int,pthread_create,void * thread,void * attr,void * (* start_routine)(void *),void * arg)207*490215a3Smrg INTERCEPTOR(int, pthread_create, void *thread,
208*490215a3Smrg void *attr, void *(*start_routine)(void*), void *arg) {
209*490215a3Smrg EnsureMainThreadIDIsCorrect();
210*490215a3Smrg // Strict init-order checking is thread-hostile.
211*490215a3Smrg if (flags()->strict_init_order)
212*490215a3Smrg StopInitOrderChecking();
213*490215a3Smrg GET_STACK_TRACE_THREAD;
214*490215a3Smrg int detached = 0;
215*490215a3Smrg if (attr)
216*490215a3Smrg REAL(pthread_attr_getdetachstate)(attr, &detached);
217*490215a3Smrg ThreadStartParam param;
218*490215a3Smrg atomic_store(¶m.t, 0, memory_order_relaxed);
219*490215a3Smrg atomic_store(¶m.is_registered, 0, memory_order_relaxed);
220*490215a3Smrg int result;
221*490215a3Smrg {
222*490215a3Smrg // Ignore all allocations made by pthread_create: thread stack/TLS may be
223*490215a3Smrg // stored by pthread for future reuse even after thread destruction, and
224*490215a3Smrg // the linked list it's stored in doesn't even hold valid pointers to the
225*490215a3Smrg // objects, the latter are calculated by obscure pointer arithmetic.
226*490215a3Smrg #if CAN_SANITIZE_LEAKS
227*490215a3Smrg __lsan::ScopedInterceptorDisabler disabler;
228*490215a3Smrg #endif
229*490215a3Smrg result = REAL(pthread_create)(thread, attr, asan_thread_start, ¶m);
230*490215a3Smrg }
231*490215a3Smrg if (result == 0) {
232*490215a3Smrg u32 current_tid = GetCurrentTidOrInvalid();
233*490215a3Smrg AsanThread *t =
234*490215a3Smrg AsanThread::Create(start_routine, arg, current_tid, &stack, detached);
235*490215a3Smrg atomic_store(¶m.t, reinterpret_cast<uptr>(t), memory_order_release);
236*490215a3Smrg // Wait until the AsanThread object is initialized and the ThreadRegistry
237*490215a3Smrg // entry is in "started" state. One reason for this is that after this
238*490215a3Smrg // interceptor exits, the child thread's stack may be the only thing holding
239*490215a3Smrg // the |arg| pointer. This may cause LSan to report a leak if leak checking
240*490215a3Smrg // happens at a point when the interceptor has already exited, but the stack
241*490215a3Smrg // range for the child thread is not yet known.
242*490215a3Smrg while (atomic_load(¶m.is_registered, memory_order_acquire) == 0)
243*490215a3Smrg internal_sched_yield();
244*490215a3Smrg }
245*490215a3Smrg return result;
246*490215a3Smrg }
247*490215a3Smrg
INTERCEPTOR(int,pthread_join,void * t,void ** arg)248*490215a3Smrg INTERCEPTOR(int, pthread_join, void *t, void **arg) {
249*490215a3Smrg return real_pthread_join(t, arg);
250*490215a3Smrg }
251*490215a3Smrg
252*490215a3Smrg DEFINE_REAL_PTHREAD_FUNCTIONS
253*490215a3Smrg #endif // ASAN_INTERCEPT_PTHREAD_CREATE
254*490215a3Smrg
255*490215a3Smrg #if ASAN_INTERCEPT_SWAPCONTEXT
ClearShadowMemoryForContextStack(uptr stack,uptr ssize)256*490215a3Smrg static void ClearShadowMemoryForContextStack(uptr stack, uptr ssize) {
257*490215a3Smrg // Align to page size.
258*490215a3Smrg uptr PageSize = GetPageSizeCached();
259*490215a3Smrg uptr bottom = stack & ~(PageSize - 1);
260*490215a3Smrg ssize += stack - bottom;
261*490215a3Smrg ssize = RoundUpTo(ssize, PageSize);
262*490215a3Smrg static const uptr kMaxSaneContextStackSize = 1 << 22; // 4 Mb
263*490215a3Smrg if (AddrIsInMem(bottom) && ssize && ssize <= kMaxSaneContextStackSize) {
264*490215a3Smrg PoisonShadow(bottom, ssize, 0);
265*490215a3Smrg }
266*490215a3Smrg }
267*490215a3Smrg
INTERCEPTOR(int,swapcontext,struct ucontext_t * oucp,struct ucontext_t * ucp)268*490215a3Smrg INTERCEPTOR(int, swapcontext, struct ucontext_t *oucp,
269*490215a3Smrg struct ucontext_t *ucp) {
270*490215a3Smrg static bool reported_warning = false;
271*490215a3Smrg if (!reported_warning) {
272*490215a3Smrg Report("WARNING: ASan doesn't fully support makecontext/swapcontext "
273*490215a3Smrg "functions and may produce false positives in some cases!\n");
274*490215a3Smrg reported_warning = true;
275*490215a3Smrg }
276*490215a3Smrg // Clear shadow memory for new context (it may share stack
277*490215a3Smrg // with current context).
278*490215a3Smrg uptr stack, ssize;
279*490215a3Smrg ReadContextStack(ucp, &stack, &ssize);
280*490215a3Smrg ClearShadowMemoryForContextStack(stack, ssize);
281*490215a3Smrg #if __has_attribute(__indirect_return__) && \
282*490215a3Smrg (defined(__x86_64__) || defined(__i386__))
283*490215a3Smrg int (*real_swapcontext)(struct ucontext_t *, struct ucontext_t *)
284*490215a3Smrg __attribute__((__indirect_return__))
285*490215a3Smrg = REAL(swapcontext);
286*490215a3Smrg int res = real_swapcontext(oucp, ucp);
287*490215a3Smrg #else
288*490215a3Smrg int res = REAL(swapcontext)(oucp, ucp);
289*490215a3Smrg #endif
290*490215a3Smrg // swapcontext technically does not return, but program may swap context to
291*490215a3Smrg // "oucp" later, that would look as if swapcontext() returned 0.
292*490215a3Smrg // We need to clear shadow for ucp once again, as it may be in arbitrary
293*490215a3Smrg // state.
294*490215a3Smrg ClearShadowMemoryForContextStack(stack, ssize);
295*490215a3Smrg return res;
296*490215a3Smrg }
297*490215a3Smrg #endif // ASAN_INTERCEPT_SWAPCONTEXT
298*490215a3Smrg
299*490215a3Smrg #if SANITIZER_NETBSD
300*490215a3Smrg #define longjmp __longjmp14
301*490215a3Smrg #define siglongjmp __siglongjmp14
302*490215a3Smrg #endif
303*490215a3Smrg
INTERCEPTOR(void,longjmp,void * env,int val)304*490215a3Smrg INTERCEPTOR(void, longjmp, void *env, int val) {
305*490215a3Smrg __asan_handle_no_return();
306*490215a3Smrg REAL(longjmp)(env, val);
307*490215a3Smrg }
308*490215a3Smrg
309*490215a3Smrg #if ASAN_INTERCEPT__LONGJMP
INTERCEPTOR(void,_longjmp,void * env,int val)310*490215a3Smrg INTERCEPTOR(void, _longjmp, void *env, int val) {
311*490215a3Smrg __asan_handle_no_return();
312*490215a3Smrg REAL(_longjmp)(env, val);
313*490215a3Smrg }
314*490215a3Smrg #endif
315*490215a3Smrg
316*490215a3Smrg #if ASAN_INTERCEPT___LONGJMP_CHK
INTERCEPTOR(void,__longjmp_chk,void * env,int val)317*490215a3Smrg INTERCEPTOR(void, __longjmp_chk, void *env, int val) {
318*490215a3Smrg __asan_handle_no_return();
319*490215a3Smrg REAL(__longjmp_chk)(env, val);
320*490215a3Smrg }
321*490215a3Smrg #endif
322*490215a3Smrg
323*490215a3Smrg #if ASAN_INTERCEPT_SIGLONGJMP
INTERCEPTOR(void,siglongjmp,void * env,int val)324*490215a3Smrg INTERCEPTOR(void, siglongjmp, void *env, int val) {
325*490215a3Smrg __asan_handle_no_return();
326*490215a3Smrg REAL(siglongjmp)(env, val);
327*490215a3Smrg }
328*490215a3Smrg #endif
329*490215a3Smrg
330*490215a3Smrg #if ASAN_INTERCEPT___CXA_THROW
INTERCEPTOR(void,__cxa_throw,void * a,void * b,void * c)331*490215a3Smrg INTERCEPTOR(void, __cxa_throw, void *a, void *b, void *c) {
332*490215a3Smrg CHECK(REAL(__cxa_throw));
333*490215a3Smrg __asan_handle_no_return();
334*490215a3Smrg REAL(__cxa_throw)(a, b, c);
335*490215a3Smrg }
336*490215a3Smrg #endif
337*490215a3Smrg
338*490215a3Smrg #if ASAN_INTERCEPT___CXA_RETHROW_PRIMARY_EXCEPTION
INTERCEPTOR(void,__cxa_rethrow_primary_exception,void * a)339*490215a3Smrg INTERCEPTOR(void, __cxa_rethrow_primary_exception, void *a) {
340*490215a3Smrg CHECK(REAL(__cxa_rethrow_primary_exception));
341*490215a3Smrg __asan_handle_no_return();
342*490215a3Smrg REAL(__cxa_rethrow_primary_exception)(a);
343*490215a3Smrg }
344*490215a3Smrg #endif
345*490215a3Smrg
346*490215a3Smrg #if ASAN_INTERCEPT__UNWIND_RAISEEXCEPTION
INTERCEPTOR(_Unwind_Reason_Code,_Unwind_RaiseException,_Unwind_Exception * object)347*490215a3Smrg INTERCEPTOR(_Unwind_Reason_Code, _Unwind_RaiseException,
348*490215a3Smrg _Unwind_Exception *object) {
349*490215a3Smrg CHECK(REAL(_Unwind_RaiseException));
350*490215a3Smrg __asan_handle_no_return();
351*490215a3Smrg return REAL(_Unwind_RaiseException)(object);
352*490215a3Smrg }
353*490215a3Smrg #endif
354*490215a3Smrg
355*490215a3Smrg #if ASAN_INTERCEPT__SJLJ_UNWIND_RAISEEXCEPTION
INTERCEPTOR(_Unwind_Reason_Code,_Unwind_SjLj_RaiseException,_Unwind_Exception * object)356*490215a3Smrg INTERCEPTOR(_Unwind_Reason_Code, _Unwind_SjLj_RaiseException,
357*490215a3Smrg _Unwind_Exception *object) {
358*490215a3Smrg CHECK(REAL(_Unwind_SjLj_RaiseException));
359*490215a3Smrg __asan_handle_no_return();
360*490215a3Smrg return REAL(_Unwind_SjLj_RaiseException)(object);
361*490215a3Smrg }
362*490215a3Smrg #endif
363*490215a3Smrg
364*490215a3Smrg #if ASAN_INTERCEPT_INDEX
365*490215a3Smrg # if ASAN_USE_ALIAS_ATTRIBUTE_FOR_INDEX
366*490215a3Smrg INTERCEPTOR(char*, index, const char *string, int c)
367*490215a3Smrg ALIAS(WRAPPER_NAME(strchr));
368*490215a3Smrg # else
369*490215a3Smrg # if SANITIZER_MAC
370*490215a3Smrg DECLARE_REAL(char*, index, const char *string, int c)
371*490215a3Smrg OVERRIDE_FUNCTION(index, strchr);
372*490215a3Smrg # else
DEFINE_REAL(char *,index,const char * string,int c)373*490215a3Smrg DEFINE_REAL(char*, index, const char *string, int c)
374*490215a3Smrg # endif
375*490215a3Smrg # endif
376*490215a3Smrg #endif // ASAN_INTERCEPT_INDEX
377*490215a3Smrg
378*490215a3Smrg // For both strcat() and strncat() we need to check the validity of |to|
379*490215a3Smrg // argument irrespective of the |from| length.
380*490215a3Smrg INTERCEPTOR(char*, strcat, char *to, const char *from) { // NOLINT
381*490215a3Smrg void *ctx;
382*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, strcat); // NOLINT
383*490215a3Smrg ENSURE_ASAN_INITED();
384*490215a3Smrg if (flags()->replace_str) {
385*490215a3Smrg uptr from_length = REAL(strlen)(from);
386*490215a3Smrg ASAN_READ_RANGE(ctx, from, from_length + 1);
387*490215a3Smrg uptr to_length = REAL(strlen)(to);
388*490215a3Smrg ASAN_READ_STRING_OF_LEN(ctx, to, to_length, to_length);
389*490215a3Smrg ASAN_WRITE_RANGE(ctx, to + to_length, from_length + 1);
390*490215a3Smrg // If the copying actually happens, the |from| string should not overlap
391*490215a3Smrg // with the resulting string starting at |to|, which has a length of
392*490215a3Smrg // to_length + from_length + 1.
393*490215a3Smrg if (from_length > 0) {
394*490215a3Smrg CHECK_RANGES_OVERLAP("strcat", to, from_length + to_length + 1,
395*490215a3Smrg from, from_length + 1);
396*490215a3Smrg }
397*490215a3Smrg }
398*490215a3Smrg return REAL(strcat)(to, from); // NOLINT
399*490215a3Smrg }
400*490215a3Smrg
INTERCEPTOR(char *,strncat,char * to,const char * from,uptr size)401*490215a3Smrg INTERCEPTOR(char*, strncat, char *to, const char *from, uptr size) {
402*490215a3Smrg void *ctx;
403*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, strncat);
404*490215a3Smrg ENSURE_ASAN_INITED();
405*490215a3Smrg if (flags()->replace_str) {
406*490215a3Smrg uptr from_length = MaybeRealStrnlen(from, size);
407*490215a3Smrg uptr copy_length = Min(size, from_length + 1);
408*490215a3Smrg ASAN_READ_RANGE(ctx, from, copy_length);
409*490215a3Smrg uptr to_length = REAL(strlen)(to);
410*490215a3Smrg ASAN_READ_STRING_OF_LEN(ctx, to, to_length, to_length);
411*490215a3Smrg ASAN_WRITE_RANGE(ctx, to + to_length, from_length + 1);
412*490215a3Smrg if (from_length > 0) {
413*490215a3Smrg CHECK_RANGES_OVERLAP("strncat", to, to_length + copy_length + 1,
414*490215a3Smrg from, copy_length);
415*490215a3Smrg }
416*490215a3Smrg }
417*490215a3Smrg return REAL(strncat)(to, from, size);
418*490215a3Smrg }
419*490215a3Smrg
INTERCEPTOR(char *,strcpy,char * to,const char * from)420*490215a3Smrg INTERCEPTOR(char*, strcpy, char *to, const char *from) { // NOLINT
421*490215a3Smrg void *ctx;
422*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, strcpy); // NOLINT
423*490215a3Smrg #if SANITIZER_MAC
424*490215a3Smrg if (UNLIKELY(!asan_inited)) return REAL(strcpy)(to, from); // NOLINT
425*490215a3Smrg #endif
426*490215a3Smrg // strcpy is called from malloc_default_purgeable_zone()
427*490215a3Smrg // in __asan::ReplaceSystemAlloc() on Mac.
428*490215a3Smrg if (asan_init_is_running) {
429*490215a3Smrg return REAL(strcpy)(to, from); // NOLINT
430*490215a3Smrg }
431*490215a3Smrg ENSURE_ASAN_INITED();
432*490215a3Smrg if (flags()->replace_str) {
433*490215a3Smrg uptr from_size = REAL(strlen)(from) + 1;
434*490215a3Smrg CHECK_RANGES_OVERLAP("strcpy", to, from_size, from, from_size);
435*490215a3Smrg ASAN_READ_RANGE(ctx, from, from_size);
436*490215a3Smrg ASAN_WRITE_RANGE(ctx, to, from_size);
437*490215a3Smrg }
438*490215a3Smrg return REAL(strcpy)(to, from); // NOLINT
439*490215a3Smrg }
440*490215a3Smrg
INTERCEPTOR(char *,strdup,const char * s)441*490215a3Smrg INTERCEPTOR(char*, strdup, const char *s) {
442*490215a3Smrg void *ctx;
443*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, strdup);
444*490215a3Smrg if (UNLIKELY(!asan_inited)) return internal_strdup(s);
445*490215a3Smrg ENSURE_ASAN_INITED();
446*490215a3Smrg uptr length = REAL(strlen)(s);
447*490215a3Smrg if (flags()->replace_str) {
448*490215a3Smrg ASAN_READ_RANGE(ctx, s, length + 1);
449*490215a3Smrg }
450*490215a3Smrg GET_STACK_TRACE_MALLOC;
451*490215a3Smrg void *new_mem = asan_malloc(length + 1, &stack);
452*490215a3Smrg REAL(memcpy)(new_mem, s, length + 1);
453*490215a3Smrg return reinterpret_cast<char*>(new_mem);
454*490215a3Smrg }
455*490215a3Smrg
456*490215a3Smrg #if ASAN_INTERCEPT___STRDUP
INTERCEPTOR(char *,__strdup,const char * s)457*490215a3Smrg INTERCEPTOR(char*, __strdup, const char *s) {
458*490215a3Smrg void *ctx;
459*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, strdup);
460*490215a3Smrg if (UNLIKELY(!asan_inited)) return internal_strdup(s);
461*490215a3Smrg ENSURE_ASAN_INITED();
462*490215a3Smrg uptr length = REAL(strlen)(s);
463*490215a3Smrg if (flags()->replace_str) {
464*490215a3Smrg ASAN_READ_RANGE(ctx, s, length + 1);
465*490215a3Smrg }
466*490215a3Smrg GET_STACK_TRACE_MALLOC;
467*490215a3Smrg void *new_mem = asan_malloc(length + 1, &stack);
468*490215a3Smrg REAL(memcpy)(new_mem, s, length + 1);
469*490215a3Smrg return reinterpret_cast<char*>(new_mem);
470*490215a3Smrg }
471*490215a3Smrg #endif // ASAN_INTERCEPT___STRDUP
472*490215a3Smrg
INTERCEPTOR(char *,strncpy,char * to,const char * from,uptr size)473*490215a3Smrg INTERCEPTOR(char*, strncpy, char *to, const char *from, uptr size) {
474*490215a3Smrg void *ctx;
475*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, strncpy);
476*490215a3Smrg ENSURE_ASAN_INITED();
477*490215a3Smrg if (flags()->replace_str) {
478*490215a3Smrg uptr from_size = Min(size, MaybeRealStrnlen(from, size) + 1);
479*490215a3Smrg CHECK_RANGES_OVERLAP("strncpy", to, from_size, from, from_size);
480*490215a3Smrg ASAN_READ_RANGE(ctx, from, from_size);
481*490215a3Smrg ASAN_WRITE_RANGE(ctx, to, size);
482*490215a3Smrg }
483*490215a3Smrg return REAL(strncpy)(to, from, size);
484*490215a3Smrg }
485*490215a3Smrg
INTERCEPTOR(long,strtol,const char * nptr,char ** endptr,int base)486*490215a3Smrg INTERCEPTOR(long, strtol, const char *nptr, // NOLINT
487*490215a3Smrg char **endptr, int base) {
488*490215a3Smrg void *ctx;
489*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, strtol);
490*490215a3Smrg ENSURE_ASAN_INITED();
491*490215a3Smrg if (!flags()->replace_str) {
492*490215a3Smrg return REAL(strtol)(nptr, endptr, base);
493*490215a3Smrg }
494*490215a3Smrg char *real_endptr;
495*490215a3Smrg long result = REAL(strtol)(nptr, &real_endptr, base); // NOLINT
496*490215a3Smrg StrtolFixAndCheck(ctx, nptr, endptr, real_endptr, base);
497*490215a3Smrg return result;
498*490215a3Smrg }
499*490215a3Smrg
INTERCEPTOR(int,atoi,const char * nptr)500*490215a3Smrg INTERCEPTOR(int, atoi, const char *nptr) {
501*490215a3Smrg void *ctx;
502*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, atoi);
503*490215a3Smrg #if SANITIZER_MAC
504*490215a3Smrg if (UNLIKELY(!asan_inited)) return REAL(atoi)(nptr);
505*490215a3Smrg #endif
506*490215a3Smrg ENSURE_ASAN_INITED();
507*490215a3Smrg if (!flags()->replace_str) {
508*490215a3Smrg return REAL(atoi)(nptr);
509*490215a3Smrg }
510*490215a3Smrg char *real_endptr;
511*490215a3Smrg // "man atoi" tells that behavior of atoi(nptr) is the same as
512*490215a3Smrg // strtol(nptr, 0, 10), i.e. it sets errno to ERANGE if the
513*490215a3Smrg // parsed integer can't be stored in *long* type (even if it's
514*490215a3Smrg // different from int). So, we just imitate this behavior.
515*490215a3Smrg int result = REAL(strtol)(nptr, &real_endptr, 10);
516*490215a3Smrg FixRealStrtolEndptr(nptr, &real_endptr);
517*490215a3Smrg ASAN_READ_STRING(ctx, nptr, (real_endptr - nptr) + 1);
518*490215a3Smrg return result;
519*490215a3Smrg }
520*490215a3Smrg
INTERCEPTOR(long,atol,const char * nptr)521*490215a3Smrg INTERCEPTOR(long, atol, const char *nptr) { // NOLINT
522*490215a3Smrg void *ctx;
523*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, atol);
524*490215a3Smrg #if SANITIZER_MAC
525*490215a3Smrg if (UNLIKELY(!asan_inited)) return REAL(atol)(nptr);
526*490215a3Smrg #endif
527*490215a3Smrg ENSURE_ASAN_INITED();
528*490215a3Smrg if (!flags()->replace_str) {
529*490215a3Smrg return REAL(atol)(nptr);
530*490215a3Smrg }
531*490215a3Smrg char *real_endptr;
532*490215a3Smrg long result = REAL(strtol)(nptr, &real_endptr, 10); // NOLINT
533*490215a3Smrg FixRealStrtolEndptr(nptr, &real_endptr);
534*490215a3Smrg ASAN_READ_STRING(ctx, nptr, (real_endptr - nptr) + 1);
535*490215a3Smrg return result;
536*490215a3Smrg }
537*490215a3Smrg
538*490215a3Smrg #if ASAN_INTERCEPT_ATOLL_AND_STRTOLL
INTERCEPTOR(long long,strtoll,const char * nptr,char ** endptr,int base)539*490215a3Smrg INTERCEPTOR(long long, strtoll, const char *nptr, // NOLINT
540*490215a3Smrg char **endptr, int base) {
541*490215a3Smrg void *ctx;
542*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, strtoll);
543*490215a3Smrg ENSURE_ASAN_INITED();
544*490215a3Smrg if (!flags()->replace_str) {
545*490215a3Smrg return REAL(strtoll)(nptr, endptr, base);
546*490215a3Smrg }
547*490215a3Smrg char *real_endptr;
548*490215a3Smrg long long result = REAL(strtoll)(nptr, &real_endptr, base); // NOLINT
549*490215a3Smrg StrtolFixAndCheck(ctx, nptr, endptr, real_endptr, base);
550*490215a3Smrg return result;
551*490215a3Smrg }
552*490215a3Smrg
INTERCEPTOR(long long,atoll,const char * nptr)553*490215a3Smrg INTERCEPTOR(long long, atoll, const char *nptr) { // NOLINT
554*490215a3Smrg void *ctx;
555*490215a3Smrg ASAN_INTERCEPTOR_ENTER(ctx, atoll);
556*490215a3Smrg ENSURE_ASAN_INITED();
557*490215a3Smrg if (!flags()->replace_str) {
558*490215a3Smrg return REAL(atoll)(nptr);
559*490215a3Smrg }
560*490215a3Smrg char *real_endptr;
561*490215a3Smrg long long result = REAL(strtoll)(nptr, &real_endptr, 10); // NOLINT
562*490215a3Smrg FixRealStrtolEndptr(nptr, &real_endptr);
563*490215a3Smrg ASAN_READ_STRING(ctx, nptr, (real_endptr - nptr) + 1);
564*490215a3Smrg return result;
565*490215a3Smrg }
566*490215a3Smrg #endif // ASAN_INTERCEPT_ATOLL_AND_STRTOLL
567*490215a3Smrg
568*490215a3Smrg #ifdef SANITIZER_NETBSD
569*490215a3Smrg extern "C" void atexit(void (*)(void));
Atexit(void)570*490215a3Smrg static void Atexit(void) {
571*490215a3Smrg StopInitOrderChecking();
572*490215a3Smrg }
573*490215a3Smrg #endif
574*490215a3Smrg
575*490215a3Smrg #if ASAN_INTERCEPT___CXA_ATEXIT
576*490215a3Smrg #if !SANITIZER_NETBSD
AtCxaAtexit(void * unused)577*490215a3Smrg static void AtCxaAtexit(void *unused) {
578*490215a3Smrg (void)unused;
579*490215a3Smrg StopInitOrderChecking();
580*490215a3Smrg }
581*490215a3Smrg #endif
582*490215a3Smrg
INTERCEPTOR(int,__cxa_atexit,void (* func)(void *),void * arg,void * dso_handle)583*490215a3Smrg INTERCEPTOR(int, __cxa_atexit, void (*func)(void *), void *arg,
584*490215a3Smrg void *dso_handle) {
585*490215a3Smrg #if SANITIZER_MAC
586*490215a3Smrg if (UNLIKELY(!asan_inited)) return REAL(__cxa_atexit)(func, arg, dso_handle);
587*490215a3Smrg #endif
588*490215a3Smrg ENSURE_ASAN_INITED();
589*490215a3Smrg int res = REAL(__cxa_atexit)(func, arg, dso_handle);
590*490215a3Smrg #ifdef SANITIZER_NETBSD
591*490215a3Smrg ::atexit(Atexit);
592*490215a3Smrg #else
593*490215a3Smrg REAL(__cxa_atexit)(AtCxaAtexit, nullptr, nullptr);
594*490215a3Smrg #endif
595*490215a3Smrg return res;
596*490215a3Smrg }
597*490215a3Smrg #endif // ASAN_INTERCEPT___CXA_ATEXIT
598*490215a3Smrg
599*490215a3Smrg // ---------------------- InitializeAsanInterceptors ---------------- {{{1
600*490215a3Smrg namespace __asan {
InitializeAsanInterceptors()601*490215a3Smrg void InitializeAsanInterceptors() {
602*490215a3Smrg static bool was_called_once;
603*490215a3Smrg CHECK(!was_called_once);
604*490215a3Smrg was_called_once = true;
605*490215a3Smrg InitializeCommonInterceptors();
606*490215a3Smrg InitializeSignalInterceptors();
607*490215a3Smrg
608*490215a3Smrg // Intercept str* functions.
609*490215a3Smrg ASAN_INTERCEPT_FUNC(strcat); // NOLINT
610*490215a3Smrg ASAN_INTERCEPT_FUNC(strcpy); // NOLINT
611*490215a3Smrg ASAN_INTERCEPT_FUNC(strncat);
612*490215a3Smrg ASAN_INTERCEPT_FUNC(strncpy);
613*490215a3Smrg ASAN_INTERCEPT_FUNC(strdup);
614*490215a3Smrg #if ASAN_INTERCEPT___STRDUP
615*490215a3Smrg ASAN_INTERCEPT_FUNC(__strdup);
616*490215a3Smrg #endif
617*490215a3Smrg #if ASAN_INTERCEPT_INDEX && ASAN_USE_ALIAS_ATTRIBUTE_FOR_INDEX
618*490215a3Smrg ASAN_INTERCEPT_FUNC(index);
619*490215a3Smrg #endif
620*490215a3Smrg
621*490215a3Smrg ASAN_INTERCEPT_FUNC(atoi);
622*490215a3Smrg ASAN_INTERCEPT_FUNC(atol);
623*490215a3Smrg ASAN_INTERCEPT_FUNC(strtol);
624*490215a3Smrg #if ASAN_INTERCEPT_ATOLL_AND_STRTOLL
625*490215a3Smrg ASAN_INTERCEPT_FUNC(atoll);
626*490215a3Smrg ASAN_INTERCEPT_FUNC(strtoll);
627*490215a3Smrg #endif
628*490215a3Smrg
629*490215a3Smrg // Intecept jump-related functions.
630*490215a3Smrg ASAN_INTERCEPT_FUNC(longjmp);
631*490215a3Smrg
632*490215a3Smrg #if ASAN_INTERCEPT_SWAPCONTEXT
633*490215a3Smrg ASAN_INTERCEPT_FUNC(swapcontext);
634*490215a3Smrg #endif
635*490215a3Smrg #if ASAN_INTERCEPT__LONGJMP
636*490215a3Smrg ASAN_INTERCEPT_FUNC(_longjmp);
637*490215a3Smrg #endif
638*490215a3Smrg #if ASAN_INTERCEPT___LONGJMP_CHK
639*490215a3Smrg ASAN_INTERCEPT_FUNC(__longjmp_chk);
640*490215a3Smrg #endif
641*490215a3Smrg #if ASAN_INTERCEPT_SIGLONGJMP
642*490215a3Smrg ASAN_INTERCEPT_FUNC(siglongjmp);
643*490215a3Smrg #endif
644*490215a3Smrg
645*490215a3Smrg // Intercept exception handling functions.
646*490215a3Smrg #if ASAN_INTERCEPT___CXA_THROW
647*490215a3Smrg ASAN_INTERCEPT_FUNC(__cxa_throw);
648*490215a3Smrg #endif
649*490215a3Smrg #if ASAN_INTERCEPT___CXA_RETHROW_PRIMARY_EXCEPTION
650*490215a3Smrg ASAN_INTERCEPT_FUNC(__cxa_rethrow_primary_exception);
651*490215a3Smrg #endif
652*490215a3Smrg // Indirectly intercept std::rethrow_exception.
653*490215a3Smrg #if ASAN_INTERCEPT__UNWIND_RAISEEXCEPTION
654*490215a3Smrg INTERCEPT_FUNCTION(_Unwind_RaiseException);
655*490215a3Smrg #endif
656*490215a3Smrg // Indirectly intercept std::rethrow_exception.
657*490215a3Smrg #if ASAN_INTERCEPT__UNWIND_SJLJ_RAISEEXCEPTION
658*490215a3Smrg INTERCEPT_FUNCTION(_Unwind_SjLj_RaiseException);
659*490215a3Smrg #endif
660*490215a3Smrg
661*490215a3Smrg // Intercept threading-related functions
662*490215a3Smrg #if ASAN_INTERCEPT_PTHREAD_CREATE
663*490215a3Smrg #if defined(ASAN_PTHREAD_CREATE_VERSION)
664*490215a3Smrg ASAN_INTERCEPT_FUNC_VER(pthread_create, ASAN_PTHREAD_CREATE_VERSION);
665*490215a3Smrg #else
666*490215a3Smrg ASAN_INTERCEPT_FUNC(pthread_create);
667*490215a3Smrg #endif
668*490215a3Smrg ASAN_INTERCEPT_FUNC(pthread_join);
669*490215a3Smrg #endif
670*490215a3Smrg
671*490215a3Smrg // Intercept atexit function.
672*490215a3Smrg #if ASAN_INTERCEPT___CXA_ATEXIT
673*490215a3Smrg ASAN_INTERCEPT_FUNC(__cxa_atexit);
674*490215a3Smrg #endif
675*490215a3Smrg
676*490215a3Smrg InitializePlatformInterceptors();
677*490215a3Smrg
678*490215a3Smrg VReport(1, "AddressSanitizer: libc interceptors initialized\n");
679*490215a3Smrg }
680*490215a3Smrg
681*490215a3Smrg } // namespace __asan
682*490215a3Smrg
683*490215a3Smrg #endif // !SANITIZER_FUCHSIA
684