1 //===-- asan_interceptors_memintrinsics.h -----------------------*- C++ -*-===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===---------------------------------------------------------------------===// 8 // 9 // This file is a part of AddressSanitizer, an address sanity checker. 10 // 11 // ASan-private header for asan_interceptors_memintrinsics.cpp 12 //===---------------------------------------------------------------------===// 13 #ifndef ASAN_MEMINTRIN_H 14 #define ASAN_MEMINTRIN_H 15 16 #include "asan_interface_internal.h" 17 #include "asan_internal.h" 18 #include "asan_mapping.h" 19 #include "interception/interception.h" 20 21 DECLARE_REAL(void*, memcpy, void *to, const void *from, uptr size) 22 DECLARE_REAL(void*, memset, void *block, int c, uptr size) 23 24 namespace __asan { 25 26 // Return true if we can quickly decide that the region is unpoisoned. 27 // We assume that a redzone is at least 16 bytes. 28 static inline bool QuickCheckForUnpoisonedRegion(uptr beg, uptr size) { 29 if (size == 0) return true; 30 if (size <= 32) 31 return !AddressIsPoisoned(beg) && 32 !AddressIsPoisoned(beg + size - 1) && 33 !AddressIsPoisoned(beg + size / 2); 34 if (size <= 64) 35 return !AddressIsPoisoned(beg) && 36 !AddressIsPoisoned(beg + size / 4) && 37 !AddressIsPoisoned(beg + size - 1) && 38 !AddressIsPoisoned(beg + 3 * size / 4) && 39 !AddressIsPoisoned(beg + size / 2); 40 return false; 41 } 42 43 struct AsanInterceptorContext { 44 const char *interceptor_name; 45 }; 46 47 // We implement ACCESS_MEMORY_RANGE, ASAN_READ_RANGE, 48 // and ASAN_WRITE_RANGE as macro instead of function so 49 // that no extra frames are created, and stack trace contains 50 // relevant information only. 51 // We check all shadow bytes. 52 #define ACCESS_MEMORY_RANGE(ctx, offset, size, isWrite) do { \ 53 uptr __offset = (uptr)(offset); \ 54 uptr __size = (uptr)(size); \ 55 uptr __bad = 0; \ 56 if (__offset > __offset + __size) { \ 57 GET_STACK_TRACE_FATAL_HERE; \ 58 ReportStringFunctionSizeOverflow(__offset, __size, &stack); \ 59 } \ 60 if (!QuickCheckForUnpoisonedRegion(__offset, __size) && \ 61 (__bad = __asan_region_is_poisoned(__offset, __size))) { \ 62 AsanInterceptorContext *_ctx = (AsanInterceptorContext *)ctx; \ 63 bool suppressed = false; \ 64 if (_ctx) { \ 65 suppressed = IsInterceptorSuppressed(_ctx->interceptor_name); \ 66 if (!suppressed && HaveStackTraceBasedSuppressions()) { \ 67 GET_STACK_TRACE_FATAL_HERE; \ 68 suppressed = IsStackTraceSuppressed(&stack); \ 69 } \ 70 } \ 71 if (!suppressed) { \ 72 GET_CURRENT_PC_BP_SP; \ 73 ReportGenericError(pc, bp, sp, __bad, isWrite, __size, 0, false);\ 74 } \ 75 } \ 76 } while (0) 77 78 // memcpy is called during __asan_init() from the internals of printf(...). 79 // We do not treat memcpy with to==from as a bug. 80 // See http://llvm.org/bugs/show_bug.cgi?id=11763. 81 #define ASAN_MEMCPY_IMPL(ctx, to, from, size) \ 82 do { \ 83 if (UNLIKELY(!asan_inited)) return internal_memcpy(to, from, size); \ 84 if (asan_init_is_running) { \ 85 return REAL(memcpy)(to, from, size); \ 86 } \ 87 ENSURE_ASAN_INITED(); \ 88 if (flags()->replace_intrin) { \ 89 if (to != from) { \ 90 CHECK_RANGES_OVERLAP("memcpy", to, size, from, size); \ 91 } \ 92 ASAN_READ_RANGE(ctx, from, size); \ 93 ASAN_WRITE_RANGE(ctx, to, size); \ 94 } \ 95 return REAL(memcpy)(to, from, size); \ 96 } while (0) 97 98 // memset is called inside Printf. 99 #define ASAN_MEMSET_IMPL(ctx, block, c, size) \ 100 do { \ 101 if (UNLIKELY(!asan_inited)) return internal_memset(block, c, size); \ 102 if (asan_init_is_running) { \ 103 return REAL(memset)(block, c, size); \ 104 } \ 105 ENSURE_ASAN_INITED(); \ 106 if (flags()->replace_intrin) { \ 107 ASAN_WRITE_RANGE(ctx, block, size); \ 108 } \ 109 return REAL(memset)(block, c, size); \ 110 } while (0) 111 112 #define ASAN_MEMMOVE_IMPL(ctx, to, from, size) \ 113 do { \ 114 if (UNLIKELY(!asan_inited)) return internal_memmove(to, from, size); \ 115 ENSURE_ASAN_INITED(); \ 116 if (flags()->replace_intrin) { \ 117 ASAN_READ_RANGE(ctx, from, size); \ 118 ASAN_WRITE_RANGE(ctx, to, size); \ 119 } \ 120 return internal_memmove(to, from, size); \ 121 } while (0) 122 123 #define ASAN_READ_RANGE(ctx, offset, size) \ 124 ACCESS_MEMORY_RANGE(ctx, offset, size, false) 125 #define ASAN_WRITE_RANGE(ctx, offset, size) \ 126 ACCESS_MEMORY_RANGE(ctx, offset, size, true) 127 128 // Behavior of functions like "memcpy" or "strcpy" is undefined 129 // if memory intervals overlap. We report error in this case. 130 // Macro is used to avoid creation of new frames. 131 static inline bool RangesOverlap(const char *offset1, uptr length1, 132 const char *offset2, uptr length2) { 133 return !((offset1 + length1 <= offset2) || (offset2 + length2 <= offset1)); 134 } 135 #define CHECK_RANGES_OVERLAP(name, _offset1, length1, _offset2, length2) \ 136 do { \ 137 const char *offset1 = (const char *)_offset1; \ 138 const char *offset2 = (const char *)_offset2; \ 139 if (RangesOverlap(offset1, length1, offset2, length2)) { \ 140 GET_STACK_TRACE_FATAL_HERE; \ 141 bool suppressed = IsInterceptorSuppressed(name); \ 142 if (!suppressed && HaveStackTraceBasedSuppressions()) { \ 143 suppressed = IsStackTraceSuppressed(&stack); \ 144 } \ 145 if (!suppressed) { \ 146 ReportStringFunctionMemoryRangesOverlap(name, offset1, length1, \ 147 offset2, length2, &stack); \ 148 } \ 149 } \ 150 } while (0) 151 152 } // namespace __asan 153 154 #endif // ASAN_MEMINTRIN_H 155