1 //===-- msan_interceptors.cpp ---------------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file is a part of MemorySanitizer. 10 // 11 // Interceptors for standard library functions. 12 // 13 // FIXME: move as many interceptors as possible into 14 // sanitizer_common/sanitizer_common_interceptors.h 15 //===----------------------------------------------------------------------===// 16 17 #include "interception/interception.h" 18 #include "msan.h" 19 #include "msan_chained_origin_depot.h" 20 #include "msan_origin.h" 21 #include "msan_poisoning.h" 22 #include "msan_report.h" 23 #include "msan_thread.h" 24 #include "sanitizer_common/sanitizer_allocator.h" 25 #include "sanitizer_common/sanitizer_allocator_dlsym.h" 26 #include "sanitizer_common/sanitizer_allocator_interface.h" 27 #include "sanitizer_common/sanitizer_atomic.h" 28 #include "sanitizer_common/sanitizer_common.h" 29 #include "sanitizer_common/sanitizer_errno.h" 30 #include "sanitizer_common/sanitizer_errno_codes.h" 31 #include "sanitizer_common/sanitizer_glibc_version.h" 32 #include "sanitizer_common/sanitizer_libc.h" 33 #include "sanitizer_common/sanitizer_linux.h" 34 #include "sanitizer_common/sanitizer_platform_limits_netbsd.h" 35 #include "sanitizer_common/sanitizer_platform_limits_posix.h" 36 #include "sanitizer_common/sanitizer_stackdepot.h" 37 #include "sanitizer_common/sanitizer_tls_get_addr.h" 38 #include "sanitizer_common/sanitizer_vector.h" 39 40 #if SANITIZER_NETBSD 41 #define fstat __fstat50 42 #define gettimeofday __gettimeofday50 43 #define getrusage __getrusage50 44 #define tzset __tzset50 45 #endif 46 47 #include <stdarg.h> 48 // ACHTUNG! No other system header includes in this file. 49 // Ideally, we should get rid of stdarg.h as well. 50 51 using namespace __msan; 52 53 using __sanitizer::memory_order; 54 using __sanitizer::atomic_load; 55 using __sanitizer::atomic_store; 56 using __sanitizer::atomic_uintptr_t; 57 58 DECLARE_REAL(SIZE_T, strlen, const char *s) 59 DECLARE_REAL(SIZE_T, strnlen, const char *s, SIZE_T maxlen) 60 DECLARE_REAL(void *, memcpy, void *dest, const void *src, uptr n) 61 DECLARE_REAL(void *, memset, void *dest, int c, uptr n) 62 63 // True if this is a nested interceptor. 64 static THREADLOCAL int in_interceptor_scope; 65 66 void __msan_scoped_disable_interceptor_checks() { ++in_interceptor_scope; } 67 void __msan_scoped_enable_interceptor_checks() { --in_interceptor_scope; } 68 69 struct InterceptorScope { 70 InterceptorScope() { ++in_interceptor_scope; } 71 ~InterceptorScope() { --in_interceptor_scope; } 72 }; 73 74 bool IsInInterceptorScope() { 75 return in_interceptor_scope; 76 } 77 78 struct DlsymAlloc : public DlSymAllocator<DlsymAlloc> { 79 static bool UseImpl() { return !msan_inited; } 80 }; 81 82 #define ENSURE_MSAN_INITED() do { \ 83 CHECK(!msan_init_is_running); \ 84 if (!msan_inited) { \ 85 __msan_init(); \ 86 } \ 87 } while (0) 88 89 // Check that [x, x+n) range is unpoisoned. 90 #define CHECK_UNPOISONED_0(x, n) \ 91 do { \ 92 sptr __offset = __msan_test_shadow(x, n); \ 93 if (__msan::IsInSymbolizer()) break; \ 94 if (__offset >= 0 && __msan::flags()->report_umrs) { \ 95 GET_CALLER_PC_BP_SP; \ 96 (void)sp; \ 97 ReportUMRInsideAddressRange(__func__, x, n, __offset); \ 98 __msan::PrintWarningWithOrigin( \ 99 pc, bp, __msan_get_origin((const char *)x + __offset)); \ 100 if (__msan::flags()->halt_on_error) { \ 101 Printf("Exiting\n"); \ 102 Die(); \ 103 } \ 104 } \ 105 } while (0) 106 107 // Check that [x, x+n) range is unpoisoned unless we are in a nested 108 // interceptor. 109 #define CHECK_UNPOISONED(x, n) \ 110 do { \ 111 if (!IsInInterceptorScope()) CHECK_UNPOISONED_0(x, n); \ 112 } while (0) 113 114 #define CHECK_UNPOISONED_STRING_OF_LEN(x, len, n) \ 115 CHECK_UNPOISONED((x), \ 116 common_flags()->strict_string_checks ? (len) + 1 : (n) ) 117 118 #define CHECK_UNPOISONED_STRING(x, n) \ 119 CHECK_UNPOISONED_STRING_OF_LEN((x), internal_strlen(x), (n)) 120 121 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 122 INTERCEPTOR(SIZE_T, fread_unlocked, void *ptr, SIZE_T size, SIZE_T nmemb, 123 void *file) { 124 ENSURE_MSAN_INITED(); 125 SIZE_T res = REAL(fread_unlocked)(ptr, size, nmemb, file); 126 if (res > 0) 127 __msan_unpoison(ptr, res *size); 128 return res; 129 } 130 #define MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED INTERCEPT_FUNCTION(fread_unlocked) 131 #else 132 #define MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED 133 #endif 134 135 #if !SANITIZER_NETBSD 136 INTERCEPTOR(void *, mempcpy, void *dest, const void *src, SIZE_T n) { 137 return (char *)__msan_memcpy(dest, src, n) + n; 138 } 139 #define MSAN_MAYBE_INTERCEPT_MEMPCPY INTERCEPT_FUNCTION(mempcpy) 140 #else 141 #define MSAN_MAYBE_INTERCEPT_MEMPCPY 142 #endif 143 144 INTERCEPTOR(void *, memccpy, void *dest, const void *src, int c, SIZE_T n) { 145 ENSURE_MSAN_INITED(); 146 void *res = REAL(memccpy)(dest, src, c, n); 147 CHECK(!res || (res >= dest && res <= (char *)dest + n)); 148 SIZE_T sz = res ? (char *)res - (char *)dest : n; 149 CHECK_UNPOISONED(src, sz); 150 __msan_unpoison(dest, sz); 151 return res; 152 } 153 154 INTERCEPTOR(void *, bcopy, const void *src, void *dest, SIZE_T n) { 155 return __msan_memmove(dest, src, n); 156 } 157 158 INTERCEPTOR(int, posix_memalign, void **memptr, SIZE_T alignment, SIZE_T size) { 159 GET_MALLOC_STACK_TRACE; 160 CHECK_NE(memptr, 0); 161 int res = msan_posix_memalign(memptr, alignment, size, &stack); 162 if (!res) 163 __msan_unpoison(memptr, sizeof(*memptr)); 164 return res; 165 } 166 167 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 168 INTERCEPTOR(void *, memalign, SIZE_T alignment, SIZE_T size) { 169 GET_MALLOC_STACK_TRACE; 170 return msan_memalign(alignment, size, &stack); 171 } 172 #define MSAN_MAYBE_INTERCEPT_MEMALIGN INTERCEPT_FUNCTION(memalign) 173 #else 174 #define MSAN_MAYBE_INTERCEPT_MEMALIGN 175 #endif 176 177 INTERCEPTOR(void *, aligned_alloc, SIZE_T alignment, SIZE_T size) { 178 GET_MALLOC_STACK_TRACE; 179 return msan_aligned_alloc(alignment, size, &stack); 180 } 181 182 #if !SANITIZER_NETBSD 183 INTERCEPTOR(void *, __libc_memalign, SIZE_T alignment, SIZE_T size) { 184 GET_MALLOC_STACK_TRACE; 185 void *ptr = msan_memalign(alignment, size, &stack); 186 if (ptr) 187 DTLS_on_libc_memalign(ptr, size); 188 return ptr; 189 } 190 #define MSAN_MAYBE_INTERCEPT___LIBC_MEMALIGN INTERCEPT_FUNCTION(__libc_memalign) 191 #else 192 #define MSAN_MAYBE_INTERCEPT___LIBC_MEMALIGN 193 #endif 194 195 INTERCEPTOR(void *, valloc, SIZE_T size) { 196 GET_MALLOC_STACK_TRACE; 197 return msan_valloc(size, &stack); 198 } 199 200 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 201 INTERCEPTOR(void *, pvalloc, SIZE_T size) { 202 GET_MALLOC_STACK_TRACE; 203 return msan_pvalloc(size, &stack); 204 } 205 #define MSAN_MAYBE_INTERCEPT_PVALLOC INTERCEPT_FUNCTION(pvalloc) 206 #else 207 #define MSAN_MAYBE_INTERCEPT_PVALLOC 208 #endif 209 210 INTERCEPTOR(void, free, void *ptr) { 211 if (UNLIKELY(!ptr)) 212 return; 213 if (DlsymAlloc::PointerIsMine(ptr)) 214 return DlsymAlloc::Free(ptr); 215 GET_MALLOC_STACK_TRACE; 216 MsanDeallocate(&stack, ptr); 217 } 218 219 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 220 INTERCEPTOR(void, cfree, void *ptr) { 221 if (UNLIKELY(!ptr)) 222 return; 223 if (DlsymAlloc::PointerIsMine(ptr)) 224 return DlsymAlloc::Free(ptr); 225 GET_MALLOC_STACK_TRACE; 226 MsanDeallocate(&stack, ptr); 227 } 228 # define MSAN_MAYBE_INTERCEPT_CFREE INTERCEPT_FUNCTION(cfree) 229 #else 230 #define MSAN_MAYBE_INTERCEPT_CFREE 231 #endif 232 233 #if !SANITIZER_NETBSD 234 INTERCEPTOR(uptr, malloc_usable_size, void *ptr) { 235 return __sanitizer_get_allocated_size(ptr); 236 } 237 #define MSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE \ 238 INTERCEPT_FUNCTION(malloc_usable_size) 239 #else 240 #define MSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE 241 #endif 242 243 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 244 // This function actually returns a struct by value, but we can't unpoison a 245 // temporary! The following is equivalent on all supported platforms but 246 // aarch64 (which uses a different register for sret value). We have a test 247 // to confirm that. 248 INTERCEPTOR(void, mallinfo, __sanitizer_struct_mallinfo *sret) { 249 #ifdef __aarch64__ 250 uptr r8; 251 asm volatile("mov %0,x8" : "=r" (r8)); 252 sret = reinterpret_cast<__sanitizer_struct_mallinfo*>(r8); 253 #endif 254 REAL(memset)(sret, 0, sizeof(*sret)); 255 __msan_unpoison(sret, sizeof(*sret)); 256 } 257 #define MSAN_MAYBE_INTERCEPT_MALLINFO INTERCEPT_FUNCTION(mallinfo) 258 #else 259 #define MSAN_MAYBE_INTERCEPT_MALLINFO 260 #endif 261 262 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 263 INTERCEPTOR(int, mallopt, int cmd, int value) { 264 return 0; 265 } 266 #define MSAN_MAYBE_INTERCEPT_MALLOPT INTERCEPT_FUNCTION(mallopt) 267 #else 268 #define MSAN_MAYBE_INTERCEPT_MALLOPT 269 #endif 270 271 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 272 INTERCEPTOR(void, malloc_stats, void) { 273 // FIXME: implement, but don't call REAL(malloc_stats)! 274 } 275 #define MSAN_MAYBE_INTERCEPT_MALLOC_STATS INTERCEPT_FUNCTION(malloc_stats) 276 #else 277 #define MSAN_MAYBE_INTERCEPT_MALLOC_STATS 278 #endif 279 280 INTERCEPTOR(char *, strcpy, char *dest, const char *src) { 281 ENSURE_MSAN_INITED(); 282 GET_STORE_STACK_TRACE; 283 SIZE_T n = internal_strlen(src); 284 CHECK_UNPOISONED_STRING(src + n, 0); 285 char *res = REAL(strcpy)(dest, src); 286 CopyShadowAndOrigin(dest, src, n + 1, &stack); 287 return res; 288 } 289 290 INTERCEPTOR(char *, strncpy, char *dest, const char *src, SIZE_T n) { 291 ENSURE_MSAN_INITED(); 292 GET_STORE_STACK_TRACE; 293 SIZE_T copy_size = internal_strnlen(src, n); 294 if (copy_size < n) 295 copy_size++; // trailing \0 296 char *res = REAL(strncpy)(dest, src, n); 297 CopyShadowAndOrigin(dest, src, copy_size, &stack); 298 __msan_unpoison(dest + copy_size, n - copy_size); 299 return res; 300 } 301 302 #if !SANITIZER_NETBSD 303 INTERCEPTOR(char *, stpcpy, char *dest, const char *src) { 304 ENSURE_MSAN_INITED(); 305 GET_STORE_STACK_TRACE; 306 SIZE_T n = internal_strlen(src); 307 CHECK_UNPOISONED_STRING(src + n, 0); 308 char *res = REAL(stpcpy)(dest, src); 309 CopyShadowAndOrigin(dest, src, n + 1, &stack); 310 return res; 311 } 312 #define MSAN_MAYBE_INTERCEPT_STPCPY INTERCEPT_FUNCTION(stpcpy) 313 #else 314 #define MSAN_MAYBE_INTERCEPT_STPCPY 315 #endif 316 317 INTERCEPTOR(char *, strdup, char *src) { 318 ENSURE_MSAN_INITED(); 319 GET_STORE_STACK_TRACE; 320 // On FreeBSD strdup() leverages strlen(). 321 InterceptorScope interceptor_scope; 322 SIZE_T n = internal_strlen(src); 323 CHECK_UNPOISONED_STRING(src + n, 0); 324 char *res = REAL(strdup)(src); 325 CopyShadowAndOrigin(res, src, n + 1, &stack); 326 return res; 327 } 328 329 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 330 INTERCEPTOR(char *, __strdup, char *src) { 331 ENSURE_MSAN_INITED(); 332 GET_STORE_STACK_TRACE; 333 SIZE_T n = internal_strlen(src); 334 CHECK_UNPOISONED_STRING(src + n, 0); 335 char *res = REAL(__strdup)(src); 336 CopyShadowAndOrigin(res, src, n + 1, &stack); 337 return res; 338 } 339 #define MSAN_MAYBE_INTERCEPT___STRDUP INTERCEPT_FUNCTION(__strdup) 340 #else 341 #define MSAN_MAYBE_INTERCEPT___STRDUP 342 #endif 343 344 #if !SANITIZER_NETBSD 345 INTERCEPTOR(char *, gcvt, double number, SIZE_T ndigit, char *buf) { 346 ENSURE_MSAN_INITED(); 347 char *res = REAL(gcvt)(number, ndigit, buf); 348 SIZE_T n = internal_strlen(buf); 349 __msan_unpoison(buf, n + 1); 350 return res; 351 } 352 #define MSAN_MAYBE_INTERCEPT_GCVT INTERCEPT_FUNCTION(gcvt) 353 #else 354 #define MSAN_MAYBE_INTERCEPT_GCVT 355 #endif 356 357 INTERCEPTOR(char *, strcat, char *dest, const char *src) { 358 ENSURE_MSAN_INITED(); 359 GET_STORE_STACK_TRACE; 360 SIZE_T src_size = internal_strlen(src); 361 SIZE_T dest_size = internal_strlen(dest); 362 CHECK_UNPOISONED_STRING(src + src_size, 0); 363 CHECK_UNPOISONED_STRING(dest + dest_size, 0); 364 char *res = REAL(strcat)(dest, src); 365 CopyShadowAndOrigin(dest + dest_size, src, src_size + 1, &stack); 366 return res; 367 } 368 369 INTERCEPTOR(char *, strncat, char *dest, const char *src, SIZE_T n) { 370 ENSURE_MSAN_INITED(); 371 GET_STORE_STACK_TRACE; 372 SIZE_T dest_size = internal_strlen(dest); 373 SIZE_T copy_size = internal_strnlen(src, n); 374 CHECK_UNPOISONED_STRING(dest + dest_size, 0); 375 char *res = REAL(strncat)(dest, src, n); 376 CopyShadowAndOrigin(dest + dest_size, src, copy_size, &stack); 377 __msan_unpoison(dest + dest_size + copy_size, 1); // \0 378 return res; 379 } 380 381 // Hack: always pass nptr and endptr as part of __VA_ARGS_ to avoid having to 382 // deal with empty __VA_ARGS__ in the case of INTERCEPTOR_STRTO. 383 #define INTERCEPTOR_STRTO_BODY(ret_type, func, ...) \ 384 ENSURE_MSAN_INITED(); \ 385 ret_type res = REAL(func)(__VA_ARGS__); \ 386 __msan_unpoison(endptr, sizeof(*endptr)); \ 387 return res; 388 389 #define INTERCEPTOR_STRTO(ret_type, func, char_type) \ 390 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr) { \ 391 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr); \ 392 } 393 394 #define INTERCEPTOR_STRTO_BASE(ret_type, func, char_type) \ 395 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr, \ 396 int base) { \ 397 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr, base); \ 398 } 399 400 #define INTERCEPTOR_STRTO_LOC(ret_type, func, char_type) \ 401 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr, \ 402 void *loc) { \ 403 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr, loc); \ 404 } 405 406 #define INTERCEPTOR_STRTO_BASE_LOC(ret_type, func, char_type) \ 407 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr, \ 408 int base, void *loc) { \ 409 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr, base, loc); \ 410 } 411 412 #if SANITIZER_NETBSD 413 #define INTERCEPTORS_STRTO(ret_type, func, char_type) \ 414 INTERCEPTOR_STRTO(ret_type, func, char_type) \ 415 INTERCEPTOR_STRTO_LOC(ret_type, func##_l, char_type) 416 417 #define INTERCEPTORS_STRTO_BASE(ret_type, func, char_type) \ 418 INTERCEPTOR_STRTO_BASE(ret_type, func, char_type) \ 419 INTERCEPTOR_STRTO_BASE_LOC(ret_type, func##_l, char_type) 420 421 #else 422 #define INTERCEPTORS_STRTO(ret_type, func, char_type) \ 423 INTERCEPTOR_STRTO(ret_type, func, char_type) \ 424 INTERCEPTOR_STRTO_LOC(ret_type, func##_l, char_type) \ 425 INTERCEPTOR_STRTO_LOC(ret_type, __##func##_l, char_type) \ 426 INTERCEPTOR_STRTO_LOC(ret_type, __##func##_internal, char_type) 427 428 #define INTERCEPTORS_STRTO_BASE(ret_type, func, char_type) \ 429 INTERCEPTOR_STRTO_BASE(ret_type, func, char_type) \ 430 INTERCEPTOR_STRTO_BASE_LOC(ret_type, func##_l, char_type) \ 431 INTERCEPTOR_STRTO_BASE_LOC(ret_type, __##func##_l, char_type) \ 432 INTERCEPTOR_STRTO_BASE_LOC(ret_type, __##func##_internal, char_type) 433 #endif 434 435 INTERCEPTORS_STRTO(double, strtod, char) 436 INTERCEPTORS_STRTO(float, strtof, char) 437 INTERCEPTORS_STRTO(long double, strtold, char) 438 INTERCEPTORS_STRTO_BASE(long, strtol, char) 439 INTERCEPTORS_STRTO_BASE(long long, strtoll, char) 440 INTERCEPTORS_STRTO_BASE(unsigned long, strtoul, char) 441 INTERCEPTORS_STRTO_BASE(unsigned long long, strtoull, char) 442 INTERCEPTORS_STRTO_BASE(u64, strtouq, char) 443 444 INTERCEPTORS_STRTO(double, wcstod, wchar_t) 445 INTERCEPTORS_STRTO(float, wcstof, wchar_t) 446 INTERCEPTORS_STRTO(long double, wcstold, wchar_t) 447 INTERCEPTORS_STRTO_BASE(long, wcstol, wchar_t) 448 INTERCEPTORS_STRTO_BASE(long long, wcstoll, wchar_t) 449 INTERCEPTORS_STRTO_BASE(unsigned long, wcstoul, wchar_t) 450 INTERCEPTORS_STRTO_BASE(unsigned long long, wcstoull, wchar_t) 451 452 #if SANITIZER_NETBSD 453 #define INTERCEPT_STRTO(func) \ 454 INTERCEPT_FUNCTION(func); \ 455 INTERCEPT_FUNCTION(func##_l); 456 #else 457 #define INTERCEPT_STRTO(func) \ 458 INTERCEPT_FUNCTION(func); \ 459 INTERCEPT_FUNCTION(func##_l); \ 460 INTERCEPT_FUNCTION(__##func##_l); \ 461 INTERCEPT_FUNCTION(__##func##_internal); 462 #endif 463 464 465 // FIXME: support *wprintf in common format interceptors. 466 INTERCEPTOR(int, vswprintf, void *str, uptr size, void *format, va_list ap) { 467 ENSURE_MSAN_INITED(); 468 int res = REAL(vswprintf)(str, size, format, ap); 469 if (res >= 0) { 470 __msan_unpoison(str, 4 * (res + 1)); 471 } 472 return res; 473 } 474 475 INTERCEPTOR(int, swprintf, void *str, uptr size, void *format, ...) { 476 ENSURE_MSAN_INITED(); 477 va_list ap; 478 va_start(ap, format); 479 int res = vswprintf(str, size, format, ap); 480 va_end(ap); 481 return res; 482 } 483 484 #define INTERCEPTOR_STRFTIME_BODY(char_type, ret_type, func, s, ...) \ 485 ENSURE_MSAN_INITED(); \ 486 InterceptorScope interceptor_scope; \ 487 ret_type res = REAL(func)(s, __VA_ARGS__); \ 488 if (s) __msan_unpoison(s, sizeof(char_type) * (res + 1)); \ 489 return res; 490 491 INTERCEPTOR(SIZE_T, strftime, char *s, SIZE_T max, const char *format, 492 __sanitizer_tm *tm) { 493 INTERCEPTOR_STRFTIME_BODY(char, SIZE_T, strftime, s, max, format, tm); 494 } 495 496 INTERCEPTOR(SIZE_T, strftime_l, char *s, SIZE_T max, const char *format, 497 __sanitizer_tm *tm, void *loc) { 498 INTERCEPTOR_STRFTIME_BODY(char, SIZE_T, strftime_l, s, max, format, tm, loc); 499 } 500 501 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 502 INTERCEPTOR(SIZE_T, __strftime_l, char *s, SIZE_T max, const char *format, 503 __sanitizer_tm *tm, void *loc) { 504 INTERCEPTOR_STRFTIME_BODY(char, SIZE_T, __strftime_l, s, max, format, tm, 505 loc); 506 } 507 #define MSAN_MAYBE_INTERCEPT___STRFTIME_L INTERCEPT_FUNCTION(__strftime_l) 508 #else 509 #define MSAN_MAYBE_INTERCEPT___STRFTIME_L 510 #endif 511 512 INTERCEPTOR(SIZE_T, wcsftime, wchar_t *s, SIZE_T max, const wchar_t *format, 513 __sanitizer_tm *tm) { 514 INTERCEPTOR_STRFTIME_BODY(wchar_t, SIZE_T, wcsftime, s, max, format, tm); 515 } 516 517 INTERCEPTOR(SIZE_T, wcsftime_l, wchar_t *s, SIZE_T max, const wchar_t *format, 518 __sanitizer_tm *tm, void *loc) { 519 INTERCEPTOR_STRFTIME_BODY(wchar_t, SIZE_T, wcsftime_l, s, max, format, tm, 520 loc); 521 } 522 523 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 524 INTERCEPTOR(SIZE_T, __wcsftime_l, wchar_t *s, SIZE_T max, const wchar_t *format, 525 __sanitizer_tm *tm, void *loc) { 526 INTERCEPTOR_STRFTIME_BODY(wchar_t, SIZE_T, __wcsftime_l, s, max, format, tm, 527 loc); 528 } 529 #define MSAN_MAYBE_INTERCEPT___WCSFTIME_L INTERCEPT_FUNCTION(__wcsftime_l) 530 #else 531 #define MSAN_MAYBE_INTERCEPT___WCSFTIME_L 532 #endif 533 534 INTERCEPTOR(int, mbtowc, wchar_t *dest, const char *src, SIZE_T n) { 535 ENSURE_MSAN_INITED(); 536 int res = REAL(mbtowc)(dest, src, n); 537 if (res != -1 && dest) __msan_unpoison(dest, sizeof(wchar_t)); 538 return res; 539 } 540 541 INTERCEPTOR(SIZE_T, mbrtowc, wchar_t *dest, const char *src, SIZE_T n, 542 void *ps) { 543 ENSURE_MSAN_INITED(); 544 SIZE_T res = REAL(mbrtowc)(dest, src, n, ps); 545 if (res != (SIZE_T)-1 && dest) __msan_unpoison(dest, sizeof(wchar_t)); 546 return res; 547 } 548 549 // wchar_t *wmemcpy(wchar_t *dest, const wchar_t *src, SIZE_T n); 550 INTERCEPTOR(wchar_t *, wmemcpy, wchar_t *dest, const wchar_t *src, SIZE_T n) { 551 ENSURE_MSAN_INITED(); 552 GET_STORE_STACK_TRACE; 553 wchar_t *res = REAL(wmemcpy)(dest, src, n); 554 CopyShadowAndOrigin(dest, src, n * sizeof(wchar_t), &stack); 555 return res; 556 } 557 558 #if !SANITIZER_NETBSD 559 INTERCEPTOR(wchar_t *, wmempcpy, wchar_t *dest, const wchar_t *src, SIZE_T n) { 560 ENSURE_MSAN_INITED(); 561 GET_STORE_STACK_TRACE; 562 wchar_t *res = REAL(wmempcpy)(dest, src, n); 563 CopyShadowAndOrigin(dest, src, n * sizeof(wchar_t), &stack); 564 return res; 565 } 566 #define MSAN_MAYBE_INTERCEPT_WMEMPCPY INTERCEPT_FUNCTION(wmempcpy) 567 #else 568 #define MSAN_MAYBE_INTERCEPT_WMEMPCPY 569 #endif 570 571 INTERCEPTOR(wchar_t *, wmemset, wchar_t *s, wchar_t c, SIZE_T n) { 572 CHECK(MEM_IS_APP(s)); 573 ENSURE_MSAN_INITED(); 574 wchar_t *res = REAL(wmemset)(s, c, n); 575 __msan_unpoison(s, n * sizeof(wchar_t)); 576 return res; 577 } 578 579 INTERCEPTOR(wchar_t *, wmemmove, wchar_t *dest, const wchar_t *src, SIZE_T n) { 580 ENSURE_MSAN_INITED(); 581 GET_STORE_STACK_TRACE; 582 wchar_t *res = REAL(wmemmove)(dest, src, n); 583 MoveShadowAndOrigin(dest, src, n * sizeof(wchar_t), &stack); 584 return res; 585 } 586 587 INTERCEPTOR(int, wcscmp, const wchar_t *s1, const wchar_t *s2) { 588 ENSURE_MSAN_INITED(); 589 int res = REAL(wcscmp)(s1, s2); 590 return res; 591 } 592 593 INTERCEPTOR(int, gettimeofday, void *tv, void *tz) { 594 ENSURE_MSAN_INITED(); 595 int res = REAL(gettimeofday)(tv, tz); 596 if (tv) 597 __msan_unpoison(tv, 16); 598 if (tz) 599 __msan_unpoison(tz, 8); 600 return res; 601 } 602 603 #if !SANITIZER_NETBSD 604 INTERCEPTOR(char *, fcvt, double x, int a, int *b, int *c) { 605 ENSURE_MSAN_INITED(); 606 char *res = REAL(fcvt)(x, a, b, c); 607 __msan_unpoison(b, sizeof(*b)); 608 __msan_unpoison(c, sizeof(*c)); 609 if (res) 610 __msan_unpoison(res, internal_strlen(res) + 1); 611 return res; 612 } 613 #define MSAN_MAYBE_INTERCEPT_FCVT INTERCEPT_FUNCTION(fcvt) 614 #else 615 #define MSAN_MAYBE_INTERCEPT_FCVT 616 #endif 617 618 INTERCEPTOR(char *, getenv, char *name) { 619 if (msan_init_is_running) 620 return REAL(getenv)(name); 621 ENSURE_MSAN_INITED(); 622 char *res = REAL(getenv)(name); 623 if (res) 624 __msan_unpoison(res, internal_strlen(res) + 1); 625 return res; 626 } 627 628 extern char **environ; 629 630 static void UnpoisonEnviron() { 631 char **envp = environ; 632 for (; *envp; ++envp) { 633 __msan_unpoison(envp, sizeof(*envp)); 634 __msan_unpoison(*envp, internal_strlen(*envp) + 1); 635 } 636 // Trailing NULL pointer. 637 __msan_unpoison(envp, sizeof(*envp)); 638 } 639 640 INTERCEPTOR(int, setenv, const char *name, const char *value, int overwrite) { 641 ENSURE_MSAN_INITED(); 642 CHECK_UNPOISONED_STRING(name, 0); 643 int res = REAL(setenv)(name, value, overwrite); 644 if (!res) UnpoisonEnviron(); 645 return res; 646 } 647 648 INTERCEPTOR(int, putenv, char *string) { 649 ENSURE_MSAN_INITED(); 650 int res = REAL(putenv)(string); 651 if (!res) UnpoisonEnviron(); 652 return res; 653 } 654 655 #define SANITIZER_STAT_LINUX (SANITIZER_LINUX && __GLIBC_PREREQ(2, 33)) 656 #if SANITIZER_FREEBSD || SANITIZER_NETBSD || SANITIZER_STAT_LINUX 657 INTERCEPTOR(int, fstat, int fd, void *buf) { 658 ENSURE_MSAN_INITED(); 659 int res = REAL(fstat)(fd, buf); 660 if (!res) 661 __msan_unpoison(buf, __sanitizer::struct_stat_sz); 662 return res; 663 } 664 # define MSAN_MAYBE_INTERCEPT_FSTAT MSAN_INTERCEPT_FUNC(fstat) 665 #else 666 #define MSAN_MAYBE_INTERCEPT_FSTAT 667 #endif 668 669 #if SANITIZER_GLIBC 670 INTERCEPTOR(int, __fxstat, int magic, int fd, void *buf) { 671 ENSURE_MSAN_INITED(); 672 int res = REAL(__fxstat)(magic, fd, buf); 673 if (!res) 674 __msan_unpoison(buf, __sanitizer::struct_stat_sz); 675 return res; 676 } 677 # define MSAN_MAYBE_INTERCEPT___FXSTAT MSAN_INTERCEPT_FUNC(__fxstat) 678 #else 679 #define MSAN_MAYBE_INTERCEPT___FXSTAT 680 #endif 681 682 #if SANITIZER_GLIBC 683 INTERCEPTOR(int, __fxstat64, int magic, int fd, void *buf) { 684 ENSURE_MSAN_INITED(); 685 int res = REAL(__fxstat64)(magic, fd, buf); 686 if (!res) 687 __msan_unpoison(buf, __sanitizer::struct_stat64_sz); 688 return res; 689 } 690 # define MSAN_MAYBE_INTERCEPT___FXSTAT64 MSAN_INTERCEPT_FUNC(__fxstat64) 691 #else 692 # define MSAN_MAYBE_INTERCEPT___FXSTAT64 693 #endif 694 695 #if SANITIZER_FREEBSD || SANITIZER_NETBSD || SANITIZER_STAT_LINUX 696 INTERCEPTOR(int, fstatat, int fd, char *pathname, void *buf, int flags) { 697 ENSURE_MSAN_INITED(); 698 int res = REAL(fstatat)(fd, pathname, buf, flags); 699 if (!res) __msan_unpoison(buf, __sanitizer::struct_stat_sz); 700 return res; 701 } 702 # define MSAN_MAYBE_INTERCEPT_FSTATAT MSAN_INTERCEPT_FUNC(fstatat) 703 #else 704 # define MSAN_MAYBE_INTERCEPT_FSTATAT 705 #endif 706 707 #if SANITIZER_GLIBC 708 INTERCEPTOR(int, __fxstatat, int magic, int fd, char *pathname, void *buf, 709 int flags) { 710 ENSURE_MSAN_INITED(); 711 int res = REAL(__fxstatat)(magic, fd, pathname, buf, flags); 712 if (!res) __msan_unpoison(buf, __sanitizer::struct_stat_sz); 713 return res; 714 } 715 # define MSAN_MAYBE_INTERCEPT___FXSTATAT MSAN_INTERCEPT_FUNC(__fxstatat) 716 #else 717 # define MSAN_MAYBE_INTERCEPT___FXSTATAT 718 #endif 719 720 #if SANITIZER_GLIBC 721 INTERCEPTOR(int, __fxstatat64, int magic, int fd, char *pathname, void *buf, 722 int flags) { 723 ENSURE_MSAN_INITED(); 724 int res = REAL(__fxstatat64)(magic, fd, pathname, buf, flags); 725 if (!res) __msan_unpoison(buf, __sanitizer::struct_stat64_sz); 726 return res; 727 } 728 # define MSAN_MAYBE_INTERCEPT___FXSTATAT64 MSAN_INTERCEPT_FUNC(__fxstatat64) 729 #else 730 # define MSAN_MAYBE_INTERCEPT___FXSTATAT64 731 #endif 732 733 INTERCEPTOR(int, pipe, int pipefd[2]) { 734 if (msan_init_is_running) 735 return REAL(pipe)(pipefd); 736 ENSURE_MSAN_INITED(); 737 int res = REAL(pipe)(pipefd); 738 if (!res) 739 __msan_unpoison(pipefd, sizeof(int[2])); 740 return res; 741 } 742 743 INTERCEPTOR(int, pipe2, int pipefd[2], int flags) { 744 ENSURE_MSAN_INITED(); 745 int res = REAL(pipe2)(pipefd, flags); 746 if (!res) 747 __msan_unpoison(pipefd, sizeof(int[2])); 748 return res; 749 } 750 751 INTERCEPTOR(int, socketpair, int domain, int type, int protocol, int sv[2]) { 752 ENSURE_MSAN_INITED(); 753 int res = REAL(socketpair)(domain, type, protocol, sv); 754 if (!res) 755 __msan_unpoison(sv, sizeof(int[2])); 756 return res; 757 } 758 759 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 760 INTERCEPTOR(char *, fgets_unlocked, char *s, int size, void *stream) { 761 ENSURE_MSAN_INITED(); 762 char *res = REAL(fgets_unlocked)(s, size, stream); 763 if (res) 764 __msan_unpoison(s, internal_strlen(s) + 1); 765 return res; 766 } 767 #define MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED INTERCEPT_FUNCTION(fgets_unlocked) 768 #else 769 #define MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED 770 #endif 771 772 #define INTERCEPTOR_GETRLIMIT_BODY(func, resource, rlim) \ 773 if (msan_init_is_running) \ 774 return REAL(getrlimit)(resource, rlim); \ 775 ENSURE_MSAN_INITED(); \ 776 int res = REAL(func)(resource, rlim); \ 777 if (!res) \ 778 __msan_unpoison(rlim, __sanitizer::struct_rlimit_sz); \ 779 return res 780 781 INTERCEPTOR(int, getrlimit, int resource, void *rlim) { 782 INTERCEPTOR_GETRLIMIT_BODY(getrlimit, resource, rlim); 783 } 784 785 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 786 INTERCEPTOR(int, __getrlimit, int resource, void *rlim) { 787 INTERCEPTOR_GETRLIMIT_BODY(__getrlimit, resource, rlim); 788 } 789 790 INTERCEPTOR(int, getrlimit64, int resource, void *rlim) { 791 if (msan_init_is_running) return REAL(getrlimit64)(resource, rlim); 792 ENSURE_MSAN_INITED(); 793 int res = REAL(getrlimit64)(resource, rlim); 794 if (!res) __msan_unpoison(rlim, __sanitizer::struct_rlimit64_sz); 795 return res; 796 } 797 798 INTERCEPTOR(int, prlimit, int pid, int resource, void *new_rlimit, 799 void *old_rlimit) { 800 if (msan_init_is_running) 801 return REAL(prlimit)(pid, resource, new_rlimit, old_rlimit); 802 ENSURE_MSAN_INITED(); 803 CHECK_UNPOISONED(new_rlimit, __sanitizer::struct_rlimit_sz); 804 int res = REAL(prlimit)(pid, resource, new_rlimit, old_rlimit); 805 if (!res) __msan_unpoison(old_rlimit, __sanitizer::struct_rlimit_sz); 806 return res; 807 } 808 809 INTERCEPTOR(int, prlimit64, int pid, int resource, void *new_rlimit, 810 void *old_rlimit) { 811 if (msan_init_is_running) 812 return REAL(prlimit64)(pid, resource, new_rlimit, old_rlimit); 813 ENSURE_MSAN_INITED(); 814 CHECK_UNPOISONED(new_rlimit, __sanitizer::struct_rlimit64_sz); 815 int res = REAL(prlimit64)(pid, resource, new_rlimit, old_rlimit); 816 if (!res) __msan_unpoison(old_rlimit, __sanitizer::struct_rlimit64_sz); 817 return res; 818 } 819 820 #define MSAN_MAYBE_INTERCEPT___GETRLIMIT INTERCEPT_FUNCTION(__getrlimit) 821 #define MSAN_MAYBE_INTERCEPT_GETRLIMIT64 INTERCEPT_FUNCTION(getrlimit64) 822 #define MSAN_MAYBE_INTERCEPT_PRLIMIT INTERCEPT_FUNCTION(prlimit) 823 #define MSAN_MAYBE_INTERCEPT_PRLIMIT64 INTERCEPT_FUNCTION(prlimit64) 824 #else 825 #define MSAN_MAYBE_INTERCEPT___GETRLIMIT 826 #define MSAN_MAYBE_INTERCEPT_GETRLIMIT64 827 #define MSAN_MAYBE_INTERCEPT_PRLIMIT 828 #define MSAN_MAYBE_INTERCEPT_PRLIMIT64 829 #endif 830 831 INTERCEPTOR(int, gethostname, char *name, SIZE_T len) { 832 ENSURE_MSAN_INITED(); 833 int res = REAL(gethostname)(name, len); 834 if (!res || (res == -1 && errno == errno_ENAMETOOLONG)) { 835 SIZE_T real_len = internal_strnlen(name, len); 836 if (real_len < len) 837 ++real_len; 838 __msan_unpoison(name, real_len); 839 } 840 return res; 841 } 842 843 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 844 INTERCEPTOR(int, epoll_wait, int epfd, void *events, int maxevents, 845 int timeout) { 846 ENSURE_MSAN_INITED(); 847 int res = REAL(epoll_wait)(epfd, events, maxevents, timeout); 848 if (res > 0) { 849 __msan_unpoison(events, __sanitizer::struct_epoll_event_sz * res); 850 } 851 return res; 852 } 853 #define MSAN_MAYBE_INTERCEPT_EPOLL_WAIT INTERCEPT_FUNCTION(epoll_wait) 854 #else 855 #define MSAN_MAYBE_INTERCEPT_EPOLL_WAIT 856 #endif 857 858 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 859 INTERCEPTOR(int, epoll_pwait, int epfd, void *events, int maxevents, 860 int timeout, void *sigmask) { 861 ENSURE_MSAN_INITED(); 862 int res = REAL(epoll_pwait)(epfd, events, maxevents, timeout, sigmask); 863 if (res > 0) { 864 __msan_unpoison(events, __sanitizer::struct_epoll_event_sz * res); 865 } 866 return res; 867 } 868 #define MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT INTERCEPT_FUNCTION(epoll_pwait) 869 #else 870 #define MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT 871 #endif 872 873 INTERCEPTOR(void *, calloc, SIZE_T nmemb, SIZE_T size) { 874 GET_MALLOC_STACK_TRACE; 875 if (DlsymAlloc::Use()) 876 return DlsymAlloc::Callocate(nmemb, size); 877 return msan_calloc(nmemb, size, &stack); 878 } 879 880 INTERCEPTOR(void *, realloc, void *ptr, SIZE_T size) { 881 if (DlsymAlloc::Use() || DlsymAlloc::PointerIsMine(ptr)) 882 return DlsymAlloc::Realloc(ptr, size); 883 GET_MALLOC_STACK_TRACE; 884 return msan_realloc(ptr, size, &stack); 885 } 886 887 INTERCEPTOR(void *, reallocarray, void *ptr, SIZE_T nmemb, SIZE_T size) { 888 GET_MALLOC_STACK_TRACE; 889 return msan_reallocarray(ptr, nmemb, size, &stack); 890 } 891 892 INTERCEPTOR(void *, malloc, SIZE_T size) { 893 if (DlsymAlloc::Use()) 894 return DlsymAlloc::Allocate(size); 895 GET_MALLOC_STACK_TRACE; 896 return msan_malloc(size, &stack); 897 } 898 899 void __msan_allocated_memory(const void *data, uptr size) { 900 if (flags()->poison_in_malloc) { 901 GET_MALLOC_STACK_TRACE; 902 stack.tag = STACK_TRACE_TAG_POISON; 903 PoisonMemory(data, size, &stack); 904 } 905 } 906 907 void __msan_copy_shadow(void *dest, const void *src, uptr n) { 908 GET_STORE_STACK_TRACE; 909 MoveShadowAndOrigin(dest, src, n, &stack); 910 } 911 912 void __sanitizer_dtor_callback(const void *data, uptr size) { 913 if (flags()->poison_in_dtor) { 914 GET_MALLOC_STACK_TRACE; 915 stack.tag = STACK_TRACE_TAG_POISON; 916 PoisonMemory(data, size, &stack); 917 } 918 } 919 920 template <class Mmap> 921 static void *mmap_interceptor(Mmap real_mmap, void *addr, SIZE_T length, 922 int prot, int flags, int fd, OFF64_T offset) { 923 SIZE_T rounded_length = RoundUpTo(length, GetPageSize()); 924 void *end_addr = (char *)addr + (rounded_length - 1); 925 if (addr && (!MEM_IS_APP(addr) || !MEM_IS_APP(end_addr))) { 926 if (flags & map_fixed) { 927 errno = errno_EINVAL; 928 return (void *)-1; 929 } else { 930 addr = nullptr; 931 } 932 } 933 void *res = real_mmap(addr, length, prot, flags, fd, offset); 934 if (res != (void *)-1) { 935 void *end_res = (char *)res + (rounded_length - 1); 936 if (MEM_IS_APP(res) && MEM_IS_APP(end_res)) { 937 __msan_unpoison(res, rounded_length); 938 } else { 939 // Application has attempted to map more memory than is supported by 940 // MSAN. Act as if we ran out of memory. 941 internal_munmap(res, length); 942 errno = errno_ENOMEM; 943 return (void *)-1; 944 } 945 } 946 return res; 947 } 948 949 INTERCEPTOR(int, getrusage, int who, void *usage) { 950 ENSURE_MSAN_INITED(); 951 int res = REAL(getrusage)(who, usage); 952 if (res == 0) { 953 __msan_unpoison(usage, __sanitizer::struct_rusage_sz); 954 } 955 return res; 956 } 957 958 class SignalHandlerScope { 959 public: 960 SignalHandlerScope() { 961 if (MsanThread *t = GetCurrentThread()) 962 t->EnterSignalHandler(); 963 } 964 ~SignalHandlerScope() { 965 if (MsanThread *t = GetCurrentThread()) 966 t->LeaveSignalHandler(); 967 } 968 }; 969 970 // sigactions_mu guarantees atomicity of sigaction() and signal() calls. 971 // Access to sigactions[] is gone with relaxed atomics to avoid data race with 972 // the signal handler. 973 const int kMaxSignals = 1024; 974 static atomic_uintptr_t sigactions[kMaxSignals]; 975 static StaticSpinMutex sigactions_mu; 976 977 static void SignalHandler(int signo) { 978 SignalHandlerScope signal_handler_scope; 979 ScopedThreadLocalStateBackup stlsb; 980 UnpoisonParam(1); 981 982 typedef void (*signal_cb)(int x); 983 signal_cb cb = 984 (signal_cb)atomic_load(&sigactions[signo], memory_order_relaxed); 985 cb(signo); 986 } 987 988 static void SignalAction(int signo, void *si, void *uc) { 989 SignalHandlerScope signal_handler_scope; 990 ScopedThreadLocalStateBackup stlsb; 991 UnpoisonParam(3); 992 __msan_unpoison(si, sizeof(__sanitizer_sigaction)); 993 __msan_unpoison(uc, ucontext_t_sz(uc)); 994 995 typedef void (*sigaction_cb)(int, void *, void *); 996 sigaction_cb cb = 997 (sigaction_cb)atomic_load(&sigactions[signo], memory_order_relaxed); 998 cb(signo, si, uc); 999 CHECK_UNPOISONED(uc, ucontext_t_sz(uc)); 1000 } 1001 1002 static void read_sigaction(const __sanitizer_sigaction *act) { 1003 CHECK_UNPOISONED(&act->sa_flags, sizeof(act->sa_flags)); 1004 if (act->sa_flags & __sanitizer::sa_siginfo) 1005 CHECK_UNPOISONED(&act->sigaction, sizeof(act->sigaction)); 1006 else 1007 CHECK_UNPOISONED(&act->handler, sizeof(act->handler)); 1008 CHECK_UNPOISONED(&act->sa_mask, sizeof(act->sa_mask)); 1009 } 1010 1011 extern "C" int pthread_attr_init(void *attr); 1012 extern "C" int pthread_attr_destroy(void *attr); 1013 1014 static void *MsanThreadStartFunc(void *arg) { 1015 MsanThread *t = (MsanThread *)arg; 1016 SetCurrentThread(t); 1017 t->Init(); 1018 SetSigProcMask(&t->starting_sigset_, nullptr); 1019 return t->ThreadStart(); 1020 } 1021 1022 INTERCEPTOR(int, pthread_create, void *th, void *attr, void *(*callback)(void*), 1023 void * param) { 1024 ENSURE_MSAN_INITED(); // for GetTlsSize() 1025 __sanitizer_pthread_attr_t myattr; 1026 if (!attr) { 1027 pthread_attr_init(&myattr); 1028 attr = &myattr; 1029 } 1030 1031 AdjustStackSize(attr); 1032 1033 MsanThread *t = MsanThread::Create(callback, param); 1034 ScopedBlockSignals block(&t->starting_sigset_); 1035 int res = REAL(pthread_create)(th, attr, MsanThreadStartFunc, t); 1036 1037 if (attr == &myattr) 1038 pthread_attr_destroy(&myattr); 1039 if (!res) { 1040 __msan_unpoison(th, __sanitizer::pthread_t_sz); 1041 } 1042 return res; 1043 } 1044 1045 INTERCEPTOR(int, pthread_key_create, __sanitizer_pthread_key_t *key, 1046 void (*dtor)(void *value)) { 1047 if (msan_init_is_running) return REAL(pthread_key_create)(key, dtor); 1048 ENSURE_MSAN_INITED(); 1049 int res = REAL(pthread_key_create)(key, dtor); 1050 if (!res && key) 1051 __msan_unpoison(key, sizeof(*key)); 1052 return res; 1053 } 1054 1055 #if SANITIZER_NETBSD 1056 INTERCEPTOR(int, __libc_thr_keycreate, __sanitizer_pthread_key_t *m, 1057 void (*dtor)(void *value)) 1058 ALIAS(WRAPPER_NAME(pthread_key_create)); 1059 #endif 1060 1061 INTERCEPTOR(int, pthread_join, void *th, void **retval) { 1062 ENSURE_MSAN_INITED(); 1063 int res = REAL(pthread_join)(th, retval); 1064 if (!res && retval) 1065 __msan_unpoison(retval, sizeof(*retval)); 1066 return res; 1067 } 1068 1069 DEFINE_REAL_PTHREAD_FUNCTIONS 1070 1071 extern char *tzname[2]; 1072 1073 INTERCEPTOR(void, tzset, int fake) { 1074 ENSURE_MSAN_INITED(); 1075 InterceptorScope interceptor_scope; 1076 REAL(tzset)(fake); 1077 if (tzname[0]) 1078 __msan_unpoison(tzname[0], internal_strlen(tzname[0]) + 1); 1079 if (tzname[1]) 1080 __msan_unpoison(tzname[1], internal_strlen(tzname[1]) + 1); 1081 return; 1082 } 1083 1084 struct MSanAtExitRecord { 1085 void (*func)(void *arg); 1086 void *arg; 1087 }; 1088 1089 struct InterceptorContext { 1090 Mutex atexit_mu; 1091 Vector<struct MSanAtExitRecord *> AtExitStack; 1092 1093 InterceptorContext() 1094 : AtExitStack() { 1095 } 1096 }; 1097 1098 static ALIGNED(64) char interceptor_placeholder[sizeof(InterceptorContext)]; 1099 InterceptorContext *interceptor_ctx() { 1100 return reinterpret_cast<InterceptorContext*>(&interceptor_placeholder[0]); 1101 } 1102 1103 void MSanAtExitWrapper() { 1104 MSanAtExitRecord *r; 1105 { 1106 Lock l(&interceptor_ctx()->atexit_mu); 1107 1108 uptr element = interceptor_ctx()->AtExitStack.Size() - 1; 1109 r = interceptor_ctx()->AtExitStack[element]; 1110 interceptor_ctx()->AtExitStack.PopBack(); 1111 } 1112 1113 UnpoisonParam(1); 1114 ((void(*)())r->func)(); 1115 InternalFree(r); 1116 } 1117 1118 void MSanCxaAtExitWrapper(void *arg) { 1119 UnpoisonParam(1); 1120 MSanAtExitRecord *r = (MSanAtExitRecord *)arg; 1121 // libc before 2.27 had race which caused occasional double handler execution 1122 // https://sourceware.org/ml/libc-alpha/2017-08/msg01204.html 1123 if (!r->func) 1124 return; 1125 r->func(r->arg); 1126 r->func = nullptr; 1127 } 1128 1129 static int setup_at_exit_wrapper(void(*f)(), void *arg, void *dso); 1130 1131 // Unpoison argument shadow for C++ module destructors. 1132 INTERCEPTOR(int, __cxa_atexit, void (*func)(void *), void *arg, 1133 void *dso_handle) { 1134 if (msan_init_is_running) return REAL(__cxa_atexit)(func, arg, dso_handle); 1135 return setup_at_exit_wrapper((void(*)())func, arg, dso_handle); 1136 } 1137 1138 // Unpoison argument shadow for C++ module destructors. 1139 INTERCEPTOR(int, atexit, void (*func)()) { 1140 // Avoid calling real atexit as it is unreachable on at least on Linux. 1141 if (msan_init_is_running) 1142 return REAL(__cxa_atexit)((void (*)(void *a))func, 0, 0); 1143 return setup_at_exit_wrapper((void(*)())func, 0, 0); 1144 } 1145 1146 static int setup_at_exit_wrapper(void(*f)(), void *arg, void *dso) { 1147 ENSURE_MSAN_INITED(); 1148 MSanAtExitRecord *r = 1149 (MSanAtExitRecord *)InternalAlloc(sizeof(MSanAtExitRecord)); 1150 r->func = (void(*)(void *a))f; 1151 r->arg = arg; 1152 int res; 1153 if (!dso) { 1154 // NetBSD does not preserve the 2nd argument if dso is equal to 0 1155 // Store ctx in a local stack-like structure 1156 1157 Lock l(&interceptor_ctx()->atexit_mu); 1158 1159 res = REAL(__cxa_atexit)((void (*)(void *a))MSanAtExitWrapper, 0, 0); 1160 if (!res) { 1161 interceptor_ctx()->AtExitStack.PushBack(r); 1162 } 1163 } else { 1164 res = REAL(__cxa_atexit)(MSanCxaAtExitWrapper, r, dso); 1165 } 1166 return res; 1167 } 1168 1169 static void BeforeFork() { 1170 StackDepotLockAll(); 1171 ChainedOriginDepotLockAll(); 1172 } 1173 1174 static void AfterFork() { 1175 ChainedOriginDepotUnlockAll(); 1176 StackDepotUnlockAll(); 1177 } 1178 1179 INTERCEPTOR(int, fork, void) { 1180 ENSURE_MSAN_INITED(); 1181 BeforeFork(); 1182 int pid = REAL(fork)(); 1183 AfterFork(); 1184 return pid; 1185 } 1186 1187 // NetBSD ships with openpty(3) in -lutil, that needs to be prebuilt explicitly 1188 // with MSan. 1189 #if SANITIZER_LINUX 1190 INTERCEPTOR(int, openpty, int *aparent, int *aworker, char *name, 1191 const void *termp, const void *winp) { 1192 ENSURE_MSAN_INITED(); 1193 InterceptorScope interceptor_scope; 1194 int res = REAL(openpty)(aparent, aworker, name, termp, winp); 1195 if (!res) { 1196 __msan_unpoison(aparent, sizeof(*aparent)); 1197 __msan_unpoison(aworker, sizeof(*aworker)); 1198 } 1199 return res; 1200 } 1201 #define MSAN_MAYBE_INTERCEPT_OPENPTY INTERCEPT_FUNCTION(openpty) 1202 #else 1203 #define MSAN_MAYBE_INTERCEPT_OPENPTY 1204 #endif 1205 1206 // NetBSD ships with forkpty(3) in -lutil, that needs to be prebuilt explicitly 1207 // with MSan. 1208 #if SANITIZER_LINUX 1209 INTERCEPTOR(int, forkpty, int *aparent, char *name, const void *termp, 1210 const void *winp) { 1211 ENSURE_MSAN_INITED(); 1212 InterceptorScope interceptor_scope; 1213 int res = REAL(forkpty)(aparent, name, termp, winp); 1214 if (res != -1) 1215 __msan_unpoison(aparent, sizeof(*aparent)); 1216 return res; 1217 } 1218 #define MSAN_MAYBE_INTERCEPT_FORKPTY INTERCEPT_FUNCTION(forkpty) 1219 #else 1220 #define MSAN_MAYBE_INTERCEPT_FORKPTY 1221 #endif 1222 1223 struct MSanInterceptorContext { 1224 bool in_interceptor_scope; 1225 }; 1226 1227 namespace __msan { 1228 1229 int OnExit() { 1230 // FIXME: ask frontend whether we need to return failure. 1231 return 0; 1232 } 1233 1234 } // namespace __msan 1235 1236 // A version of CHECK_UNPOISONED using a saved scope value. Used in common 1237 // interceptors. 1238 #define CHECK_UNPOISONED_CTX(ctx, x, n) \ 1239 do { \ 1240 if (!((MSanInterceptorContext *)ctx)->in_interceptor_scope) \ 1241 CHECK_UNPOISONED_0(x, n); \ 1242 } while (0) 1243 1244 #define MSAN_INTERCEPT_FUNC(name) \ 1245 do { \ 1246 if (!INTERCEPT_FUNCTION(name)) \ 1247 VReport(1, "MemorySanitizer: failed to intercept '%s'\n", #name); \ 1248 } while (0) 1249 1250 #define MSAN_INTERCEPT_FUNC_VER(name, ver) \ 1251 do { \ 1252 if (!INTERCEPT_FUNCTION_VER(name, ver)) \ 1253 VReport(1, "MemorySanitizer: failed to intercept '%s@@%s'\n", #name, \ 1254 ver); \ 1255 } while (0) 1256 #define MSAN_INTERCEPT_FUNC_VER_UNVERSIONED_FALLBACK(name, ver) \ 1257 do { \ 1258 if (!INTERCEPT_FUNCTION_VER(name, ver) && !INTERCEPT_FUNCTION(name)) \ 1259 VReport(1, "MemorySanitizer: failed to intercept '%s@@%s' or '%s'\n", \ 1260 #name, ver, #name); \ 1261 } while (0) 1262 1263 #define COMMON_INTERCEPT_FUNCTION(name) MSAN_INTERCEPT_FUNC(name) 1264 #define COMMON_INTERCEPT_FUNCTION_VER(name, ver) \ 1265 MSAN_INTERCEPT_FUNC_VER(name, ver) 1266 #define COMMON_INTERCEPT_FUNCTION_VER_UNVERSIONED_FALLBACK(name, ver) \ 1267 MSAN_INTERCEPT_FUNC_VER_UNVERSIONED_FALLBACK(name, ver) 1268 #define COMMON_INTERCEPTOR_UNPOISON_PARAM(count) \ 1269 UnpoisonParam(count) 1270 #define COMMON_INTERCEPTOR_WRITE_RANGE(ctx, ptr, size) \ 1271 __msan_unpoison(ptr, size) 1272 #define COMMON_INTERCEPTOR_READ_RANGE(ctx, ptr, size) \ 1273 CHECK_UNPOISONED_CTX(ctx, ptr, size) 1274 #define COMMON_INTERCEPTOR_INITIALIZE_RANGE(ptr, size) \ 1275 __msan_unpoison(ptr, size) 1276 #define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \ 1277 if (msan_init_is_running) \ 1278 return REAL(func)(__VA_ARGS__); \ 1279 ENSURE_MSAN_INITED(); \ 1280 MSanInterceptorContext msan_ctx = {IsInInterceptorScope()}; \ 1281 ctx = (void *)&msan_ctx; \ 1282 (void)ctx; \ 1283 InterceptorScope interceptor_scope; \ 1284 __msan_unpoison(__errno_location(), sizeof(int)); 1285 #define COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path) \ 1286 do { \ 1287 } while (false) 1288 #define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \ 1289 do { \ 1290 } while (false) 1291 #define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \ 1292 do { \ 1293 } while (false) 1294 #define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \ 1295 do { \ 1296 } while (false) 1297 #define COMMON_INTERCEPTOR_SET_THREAD_NAME(ctx, name) \ 1298 do { \ 1299 } while (false) // FIXME 1300 #define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \ 1301 do { \ 1302 } while (false) // FIXME 1303 #define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name) 1304 #define COMMON_INTERCEPTOR_ON_EXIT(ctx) OnExit() 1305 #define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle) \ 1306 do { \ 1307 link_map *map = GET_LINK_MAP_BY_DLOPEN_HANDLE((handle)); \ 1308 if (filename && map) \ 1309 ForEachMappedRegion(map, __msan_unpoison); \ 1310 } while (false) 1311 1312 #define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED (!msan_inited) 1313 1314 #define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) \ 1315 if (MsanThread *t = GetCurrentThread()) { \ 1316 *begin = t->tls_begin(); \ 1317 *end = t->tls_end(); \ 1318 } else { \ 1319 *begin = *end = 0; \ 1320 } 1321 1322 #define COMMON_INTERCEPTOR_MEMSET_IMPL(ctx, block, c, size) \ 1323 { \ 1324 (void)ctx; \ 1325 return __msan_memset(block, c, size); \ 1326 } 1327 #define COMMON_INTERCEPTOR_MEMMOVE_IMPL(ctx, to, from, size) \ 1328 { \ 1329 (void)ctx; \ 1330 return __msan_memmove(to, from, size); \ 1331 } 1332 #define COMMON_INTERCEPTOR_MEMCPY_IMPL(ctx, to, from, size) \ 1333 { \ 1334 (void)ctx; \ 1335 return __msan_memcpy(to, from, size); \ 1336 } 1337 1338 #define COMMON_INTERCEPTOR_COPY_STRING(ctx, to, from, size) \ 1339 do { \ 1340 GET_STORE_STACK_TRACE; \ 1341 CopyShadowAndOrigin(to, from, size, &stack); \ 1342 __msan_unpoison(to + size, 1); \ 1343 } while (false) 1344 1345 #define COMMON_INTERCEPTOR_MMAP_IMPL(ctx, mmap, addr, length, prot, flags, fd, \ 1346 offset) \ 1347 do { \ 1348 return mmap_interceptor(REAL(mmap), addr, sz, prot, flags, fd, off); \ 1349 } while (false) 1350 1351 #include "sanitizer_common/sanitizer_platform_interceptors.h" 1352 #include "sanitizer_common/sanitizer_common_interceptors.inc" 1353 1354 static uptr signal_impl(int signo, uptr cb); 1355 static int sigaction_impl(int signo, const __sanitizer_sigaction *act, 1356 __sanitizer_sigaction *oldact); 1357 1358 #define SIGNAL_INTERCEPTOR_SIGACTION_IMPL(signo, act, oldact) \ 1359 { return sigaction_impl(signo, act, oldact); } 1360 1361 #define SIGNAL_INTERCEPTOR_SIGNAL_IMPL(func, signo, handler) \ 1362 { \ 1363 handler = signal_impl(signo, handler); \ 1364 InterceptorScope interceptor_scope; \ 1365 return REAL(func)(signo, handler); \ 1366 } 1367 1368 #include "sanitizer_common/sanitizer_signal_interceptors.inc" 1369 1370 static int sigaction_impl(int signo, const __sanitizer_sigaction *act, 1371 __sanitizer_sigaction *oldact) { 1372 ENSURE_MSAN_INITED(); 1373 if (signo <= 0 || signo >= kMaxSignals) { 1374 errno = errno_EINVAL; 1375 return -1; 1376 } 1377 if (act) read_sigaction(act); 1378 int res; 1379 if (flags()->wrap_signals) { 1380 SpinMutexLock lock(&sigactions_mu); 1381 uptr old_cb = atomic_load(&sigactions[signo], memory_order_relaxed); 1382 __sanitizer_sigaction new_act; 1383 __sanitizer_sigaction *pnew_act = act ? &new_act : nullptr; 1384 if (act) { 1385 REAL(memcpy)(pnew_act, act, sizeof(__sanitizer_sigaction)); 1386 uptr cb = (uptr)pnew_act->sigaction; 1387 uptr new_cb = (pnew_act->sa_flags & __sanitizer::sa_siginfo) 1388 ? (uptr)SignalAction 1389 : (uptr)SignalHandler; 1390 if (cb != __sanitizer::sig_ign && cb != __sanitizer::sig_dfl) { 1391 atomic_store(&sigactions[signo], cb, memory_order_relaxed); 1392 pnew_act->sigaction = (decltype(pnew_act->sigaction))new_cb; 1393 } 1394 } 1395 res = REAL(SIGACTION_SYMNAME)(signo, pnew_act, oldact); 1396 if (res == 0 && oldact) { 1397 uptr cb = (uptr)oldact->sigaction; 1398 if (cb == (uptr)SignalAction || cb == (uptr)SignalHandler) { 1399 oldact->sigaction = (decltype(oldact->sigaction))old_cb; 1400 } 1401 } 1402 } else { 1403 res = REAL(SIGACTION_SYMNAME)(signo, act, oldact); 1404 } 1405 1406 if (res == 0 && oldact) { 1407 __msan_unpoison(oldact, sizeof(__sanitizer_sigaction)); 1408 } 1409 return res; 1410 } 1411 1412 static uptr signal_impl(int signo, uptr cb) { 1413 ENSURE_MSAN_INITED(); 1414 if (signo <= 0 || signo >= kMaxSignals) { 1415 errno = errno_EINVAL; 1416 return -1; 1417 } 1418 if (flags()->wrap_signals) { 1419 SpinMutexLock lock(&sigactions_mu); 1420 if (cb != __sanitizer::sig_ign && cb != __sanitizer::sig_dfl) { 1421 atomic_store(&sigactions[signo], cb, memory_order_relaxed); 1422 cb = (uptr)&SignalHandler; 1423 } 1424 } 1425 return cb; 1426 } 1427 1428 #define COMMON_SYSCALL_PRE_READ_RANGE(p, s) CHECK_UNPOISONED(p, s) 1429 #define COMMON_SYSCALL_PRE_WRITE_RANGE(p, s) \ 1430 do { \ 1431 } while (false) 1432 #define COMMON_SYSCALL_POST_READ_RANGE(p, s) \ 1433 do { \ 1434 } while (false) 1435 #define COMMON_SYSCALL_POST_WRITE_RANGE(p, s) __msan_unpoison(p, s) 1436 #include "sanitizer_common/sanitizer_common_syscalls.inc" 1437 #include "sanitizer_common/sanitizer_syscalls_netbsd.inc" 1438 1439 struct dlinfo { 1440 char *dli_fname; 1441 void *dli_fbase; 1442 char *dli_sname; 1443 void *dli_saddr; 1444 }; 1445 1446 INTERCEPTOR(int, dladdr, void *addr, dlinfo *info) { 1447 void *ctx; 1448 COMMON_INTERCEPTOR_ENTER(ctx, dladdr, addr, info); 1449 int res = REAL(dladdr)(addr, info); 1450 if (res != 0) { 1451 __msan_unpoison(info, sizeof(*info)); 1452 if (info->dli_fname) 1453 __msan_unpoison(info->dli_fname, internal_strlen(info->dli_fname) + 1); 1454 if (info->dli_sname) 1455 __msan_unpoison(info->dli_sname, internal_strlen(info->dli_sname) + 1); 1456 } 1457 return res; 1458 } 1459 1460 INTERCEPTOR(char *, dlerror, int fake) { 1461 void *ctx; 1462 COMMON_INTERCEPTOR_ENTER(ctx, dlerror, fake); 1463 char *res = REAL(dlerror)(fake); 1464 if (res) 1465 __msan_unpoison(res, internal_strlen(res) + 1); 1466 return res; 1467 } 1468 1469 typedef int (*dl_iterate_phdr_cb)(__sanitizer_dl_phdr_info *info, SIZE_T size, 1470 void *data); 1471 struct dl_iterate_phdr_data { 1472 dl_iterate_phdr_cb callback; 1473 void *data; 1474 }; 1475 1476 static int msan_dl_iterate_phdr_cb(__sanitizer_dl_phdr_info *info, SIZE_T size, 1477 void *data) { 1478 if (info) { 1479 __msan_unpoison(info, size); 1480 if (info->dlpi_phdr && info->dlpi_phnum) 1481 __msan_unpoison(info->dlpi_phdr, struct_ElfW_Phdr_sz * info->dlpi_phnum); 1482 if (info->dlpi_name) 1483 __msan_unpoison(info->dlpi_name, internal_strlen(info->dlpi_name) + 1); 1484 } 1485 dl_iterate_phdr_data *cbdata = (dl_iterate_phdr_data *)data; 1486 UnpoisonParam(3); 1487 return cbdata->callback(info, size, cbdata->data); 1488 } 1489 1490 INTERCEPTOR(void *, shmat, int shmid, const void *shmaddr, int shmflg) { 1491 ENSURE_MSAN_INITED(); 1492 void *p = REAL(shmat)(shmid, shmaddr, shmflg); 1493 if (p != (void *)-1) { 1494 __sanitizer_shmid_ds ds; 1495 int res = REAL(shmctl)(shmid, shmctl_ipc_stat, &ds); 1496 if (!res) { 1497 __msan_unpoison(p, ds.shm_segsz); 1498 } 1499 } 1500 return p; 1501 } 1502 1503 INTERCEPTOR(int, dl_iterate_phdr, dl_iterate_phdr_cb callback, void *data) { 1504 void *ctx; 1505 COMMON_INTERCEPTOR_ENTER(ctx, dl_iterate_phdr, callback, data); 1506 dl_iterate_phdr_data cbdata; 1507 cbdata.callback = callback; 1508 cbdata.data = data; 1509 int res = REAL(dl_iterate_phdr)(msan_dl_iterate_phdr_cb, (void *)&cbdata); 1510 return res; 1511 } 1512 1513 // wchar_t *wcschr(const wchar_t *wcs, wchar_t wc); 1514 INTERCEPTOR(wchar_t *, wcschr, void *s, wchar_t wc, void *ps) { 1515 ENSURE_MSAN_INITED(); 1516 wchar_t *res = REAL(wcschr)(s, wc, ps); 1517 return res; 1518 } 1519 1520 // wchar_t *wcscpy(wchar_t *dest, const wchar_t *src); 1521 INTERCEPTOR(wchar_t *, wcscpy, wchar_t *dest, const wchar_t *src) { 1522 ENSURE_MSAN_INITED(); 1523 GET_STORE_STACK_TRACE; 1524 wchar_t *res = REAL(wcscpy)(dest, src); 1525 CopyShadowAndOrigin(dest, src, sizeof(wchar_t) * (internal_wcslen(src) + 1), 1526 &stack); 1527 return res; 1528 } 1529 1530 INTERCEPTOR(wchar_t *, wcsncpy, wchar_t *dest, const wchar_t *src, SIZE_T n) { 1531 ENSURE_MSAN_INITED(); 1532 GET_STORE_STACK_TRACE; 1533 SIZE_T copy_size = internal_wcsnlen(src, n); 1534 if (copy_size < n) copy_size++; // trailing \0 1535 wchar_t *res = REAL(wcsncpy)(dest, src, n); 1536 CopyShadowAndOrigin(dest, src, copy_size * sizeof(wchar_t), &stack); 1537 __msan_unpoison(dest + copy_size, (n - copy_size) * sizeof(wchar_t)); 1538 return res; 1539 } 1540 1541 // These interface functions reside here so that they can use 1542 // REAL(memset), etc. 1543 void __msan_unpoison(const void *a, uptr size) { 1544 if (!MEM_IS_APP(a)) return; 1545 SetShadow(a, size, 0); 1546 } 1547 1548 void __msan_poison(const void *a, uptr size) { 1549 if (!MEM_IS_APP(a)) return; 1550 SetShadow(a, size, __msan::flags()->poison_heap_with_zeroes ? 0 : -1); 1551 } 1552 1553 void __msan_poison_stack(void *a, uptr size) { 1554 if (!MEM_IS_APP(a)) return; 1555 SetShadow(a, size, __msan::flags()->poison_stack_with_zeroes ? 0 : -1); 1556 } 1557 1558 void __msan_unpoison_param(uptr n) { UnpoisonParam(n); } 1559 1560 void __msan_clear_and_unpoison(void *a, uptr size) { 1561 REAL(memset)(a, 0, size); 1562 SetShadow(a, size, 0); 1563 } 1564 1565 void *__msan_memcpy(void *dest, const void *src, SIZE_T n) { 1566 if (!msan_inited) return internal_memcpy(dest, src, n); 1567 if (msan_init_is_running || __msan::IsInSymbolizer()) 1568 return REAL(memcpy)(dest, src, n); 1569 ENSURE_MSAN_INITED(); 1570 GET_STORE_STACK_TRACE; 1571 void *res = REAL(memcpy)(dest, src, n); 1572 CopyShadowAndOrigin(dest, src, n, &stack); 1573 return res; 1574 } 1575 1576 void *__msan_memset(void *s, int c, SIZE_T n) { 1577 if (!msan_inited) return internal_memset(s, c, n); 1578 if (msan_init_is_running) return REAL(memset)(s, c, n); 1579 ENSURE_MSAN_INITED(); 1580 void *res = REAL(memset)(s, c, n); 1581 __msan_unpoison(s, n); 1582 return res; 1583 } 1584 1585 void *__msan_memmove(void *dest, const void *src, SIZE_T n) { 1586 if (!msan_inited) return internal_memmove(dest, src, n); 1587 if (msan_init_is_running) return REAL(memmove)(dest, src, n); 1588 ENSURE_MSAN_INITED(); 1589 GET_STORE_STACK_TRACE; 1590 void *res = REAL(memmove)(dest, src, n); 1591 MoveShadowAndOrigin(dest, src, n, &stack); 1592 return res; 1593 } 1594 1595 void __msan_unpoison_string(const char* s) { 1596 if (!MEM_IS_APP(s)) return; 1597 __msan_unpoison(s, internal_strlen(s) + 1); 1598 } 1599 1600 namespace __msan { 1601 1602 void InitializeInterceptors() { 1603 static int inited = 0; 1604 CHECK_EQ(inited, 0); 1605 1606 new(interceptor_ctx()) InterceptorContext(); 1607 1608 InitializeCommonInterceptors(); 1609 InitializeSignalInterceptors(); 1610 1611 INTERCEPT_FUNCTION(posix_memalign); 1612 MSAN_MAYBE_INTERCEPT_MEMALIGN; 1613 MSAN_MAYBE_INTERCEPT___LIBC_MEMALIGN; 1614 INTERCEPT_FUNCTION(valloc); 1615 MSAN_MAYBE_INTERCEPT_PVALLOC; 1616 INTERCEPT_FUNCTION(malloc); 1617 INTERCEPT_FUNCTION(calloc); 1618 INTERCEPT_FUNCTION(realloc); 1619 INTERCEPT_FUNCTION(reallocarray); 1620 INTERCEPT_FUNCTION(free); 1621 MSAN_MAYBE_INTERCEPT_CFREE; 1622 MSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE; 1623 MSAN_MAYBE_INTERCEPT_MALLINFO; 1624 MSAN_MAYBE_INTERCEPT_MALLOPT; 1625 MSAN_MAYBE_INTERCEPT_MALLOC_STATS; 1626 INTERCEPT_FUNCTION(fread); 1627 MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED; 1628 INTERCEPT_FUNCTION(memccpy); 1629 MSAN_MAYBE_INTERCEPT_MEMPCPY; 1630 INTERCEPT_FUNCTION(bcopy); 1631 INTERCEPT_FUNCTION(wmemset); 1632 INTERCEPT_FUNCTION(wmemcpy); 1633 MSAN_MAYBE_INTERCEPT_WMEMPCPY; 1634 INTERCEPT_FUNCTION(wmemmove); 1635 INTERCEPT_FUNCTION(strcpy); 1636 MSAN_MAYBE_INTERCEPT_STPCPY; 1637 INTERCEPT_FUNCTION(strdup); 1638 MSAN_MAYBE_INTERCEPT___STRDUP; 1639 INTERCEPT_FUNCTION(strncpy); 1640 MSAN_MAYBE_INTERCEPT_GCVT; 1641 INTERCEPT_FUNCTION(strcat); 1642 INTERCEPT_FUNCTION(strncat); 1643 INTERCEPT_STRTO(strtod); 1644 INTERCEPT_STRTO(strtof); 1645 INTERCEPT_STRTO(strtold); 1646 INTERCEPT_STRTO(strtol); 1647 INTERCEPT_STRTO(strtoul); 1648 INTERCEPT_STRTO(strtoll); 1649 INTERCEPT_STRTO(strtoull); 1650 INTERCEPT_STRTO(strtouq); 1651 INTERCEPT_STRTO(wcstod); 1652 INTERCEPT_STRTO(wcstof); 1653 INTERCEPT_STRTO(wcstold); 1654 INTERCEPT_STRTO(wcstol); 1655 INTERCEPT_STRTO(wcstoul); 1656 INTERCEPT_STRTO(wcstoll); 1657 INTERCEPT_STRTO(wcstoull); 1658 #ifdef SANITIZER_NLDBL_VERSION 1659 INTERCEPT_FUNCTION_VER(vswprintf, SANITIZER_NLDBL_VERSION); 1660 INTERCEPT_FUNCTION_VER(swprintf, SANITIZER_NLDBL_VERSION); 1661 #else 1662 INTERCEPT_FUNCTION(vswprintf); 1663 INTERCEPT_FUNCTION(swprintf); 1664 #endif 1665 INTERCEPT_FUNCTION(strftime); 1666 INTERCEPT_FUNCTION(strftime_l); 1667 MSAN_MAYBE_INTERCEPT___STRFTIME_L; 1668 INTERCEPT_FUNCTION(wcsftime); 1669 INTERCEPT_FUNCTION(wcsftime_l); 1670 MSAN_MAYBE_INTERCEPT___WCSFTIME_L; 1671 INTERCEPT_FUNCTION(mbtowc); 1672 INTERCEPT_FUNCTION(mbrtowc); 1673 INTERCEPT_FUNCTION(wcslen); 1674 INTERCEPT_FUNCTION(wcsnlen); 1675 INTERCEPT_FUNCTION(wcschr); 1676 INTERCEPT_FUNCTION(wcscpy); 1677 INTERCEPT_FUNCTION(wcsncpy); 1678 INTERCEPT_FUNCTION(wcscmp); 1679 INTERCEPT_FUNCTION(getenv); 1680 INTERCEPT_FUNCTION(setenv); 1681 INTERCEPT_FUNCTION(putenv); 1682 INTERCEPT_FUNCTION(gettimeofday); 1683 MSAN_MAYBE_INTERCEPT_FCVT; 1684 MSAN_MAYBE_INTERCEPT_FSTAT; 1685 MSAN_MAYBE_INTERCEPT___FXSTAT; 1686 MSAN_MAYBE_INTERCEPT_FSTATAT; 1687 MSAN_MAYBE_INTERCEPT___FXSTATAT; 1688 MSAN_MAYBE_INTERCEPT___FXSTAT64; 1689 MSAN_MAYBE_INTERCEPT___FXSTATAT64; 1690 INTERCEPT_FUNCTION(pipe); 1691 INTERCEPT_FUNCTION(pipe2); 1692 INTERCEPT_FUNCTION(socketpair); 1693 MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED; 1694 INTERCEPT_FUNCTION(getrlimit); 1695 MSAN_MAYBE_INTERCEPT___GETRLIMIT; 1696 MSAN_MAYBE_INTERCEPT_GETRLIMIT64; 1697 MSAN_MAYBE_INTERCEPT_PRLIMIT; 1698 MSAN_MAYBE_INTERCEPT_PRLIMIT64; 1699 INTERCEPT_FUNCTION(gethostname); 1700 MSAN_MAYBE_INTERCEPT_EPOLL_WAIT; 1701 MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT; 1702 INTERCEPT_FUNCTION(dladdr); 1703 INTERCEPT_FUNCTION(dlerror); 1704 INTERCEPT_FUNCTION(dl_iterate_phdr); 1705 INTERCEPT_FUNCTION(getrusage); 1706 #if defined(__mips__) 1707 INTERCEPT_FUNCTION_VER(pthread_create, "GLIBC_2.2"); 1708 #else 1709 INTERCEPT_FUNCTION(pthread_create); 1710 #endif 1711 INTERCEPT_FUNCTION(pthread_join); 1712 INTERCEPT_FUNCTION(pthread_key_create); 1713 1714 #if SANITIZER_NETBSD 1715 INTERCEPT_FUNCTION(__libc_thr_keycreate); 1716 #endif 1717 1718 INTERCEPT_FUNCTION(pthread_join); 1719 INTERCEPT_FUNCTION(tzset); 1720 INTERCEPT_FUNCTION(atexit); 1721 INTERCEPT_FUNCTION(__cxa_atexit); 1722 INTERCEPT_FUNCTION(shmat); 1723 INTERCEPT_FUNCTION(fork); 1724 MSAN_MAYBE_INTERCEPT_OPENPTY; 1725 MSAN_MAYBE_INTERCEPT_FORKPTY; 1726 1727 inited = 1; 1728 } 1729 } // namespace __msan 1730