1 //===-- msan_interceptors.cpp ---------------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file is a part of MemorySanitizer. 10 // 11 // Interceptors for standard library functions. 12 // 13 // FIXME: move as many interceptors as possible into 14 // sanitizer_common/sanitizer_common_interceptors.h 15 //===----------------------------------------------------------------------===// 16 17 #include "interception/interception.h" 18 #include "msan.h" 19 #include "msan_chained_origin_depot.h" 20 #include "msan_origin.h" 21 #include "msan_report.h" 22 #include "msan_thread.h" 23 #include "msan_poisoning.h" 24 #include "sanitizer_common/sanitizer_errno_codes.h" 25 #include "sanitizer_common/sanitizer_platform_limits_posix.h" 26 #include "sanitizer_common/sanitizer_platform_limits_netbsd.h" 27 #include "sanitizer_common/sanitizer_allocator.h" 28 #include "sanitizer_common/sanitizer_allocator_interface.h" 29 #include "sanitizer_common/sanitizer_allocator_internal.h" 30 #include "sanitizer_common/sanitizer_atomic.h" 31 #include "sanitizer_common/sanitizer_common.h" 32 #include "sanitizer_common/sanitizer_errno.h" 33 #include "sanitizer_common/sanitizer_stackdepot.h" 34 #include "sanitizer_common/sanitizer_libc.h" 35 #include "sanitizer_common/sanitizer_linux.h" 36 #include "sanitizer_common/sanitizer_tls_get_addr.h" 37 #include "sanitizer_common/sanitizer_vector.h" 38 39 #if SANITIZER_NETBSD 40 #define fstat __fstat50 41 #define gettimeofday __gettimeofday50 42 #define getrusage __getrusage50 43 #define tzset __tzset50 44 #endif 45 46 #include <stdarg.h> 47 // ACHTUNG! No other system header includes in this file. 48 // Ideally, we should get rid of stdarg.h as well. 49 50 using namespace __msan; 51 52 using __sanitizer::memory_order; 53 using __sanitizer::atomic_load; 54 using __sanitizer::atomic_store; 55 using __sanitizer::atomic_uintptr_t; 56 57 DECLARE_REAL(SIZE_T, strlen, const char *s) 58 DECLARE_REAL(SIZE_T, strnlen, const char *s, SIZE_T maxlen) 59 DECLARE_REAL(void *, memcpy, void *dest, const void *src, uptr n) 60 DECLARE_REAL(void *, memset, void *dest, int c, uptr n) 61 62 // True if this is a nested interceptor. 63 static THREADLOCAL int in_interceptor_scope; 64 65 void __msan_scoped_disable_interceptor_checks() { ++in_interceptor_scope; } 66 void __msan_scoped_enable_interceptor_checks() { --in_interceptor_scope; } 67 68 struct InterceptorScope { 69 InterceptorScope() { ++in_interceptor_scope; } 70 ~InterceptorScope() { --in_interceptor_scope; } 71 }; 72 73 bool IsInInterceptorScope() { 74 return in_interceptor_scope; 75 } 76 77 static uptr allocated_for_dlsym; 78 static const uptr kDlsymAllocPoolSize = 1024; 79 static uptr alloc_memory_for_dlsym[kDlsymAllocPoolSize]; 80 81 static bool IsInDlsymAllocPool(const void *ptr) { 82 uptr off = (uptr)ptr - (uptr)alloc_memory_for_dlsym; 83 return off < sizeof(alloc_memory_for_dlsym); 84 } 85 86 static void *AllocateFromLocalPool(uptr size_in_bytes) { 87 uptr size_in_words = RoundUpTo(size_in_bytes, kWordSize) / kWordSize; 88 void *mem = (void *)&alloc_memory_for_dlsym[allocated_for_dlsym]; 89 allocated_for_dlsym += size_in_words; 90 CHECK_LT(allocated_for_dlsym, kDlsymAllocPoolSize); 91 return mem; 92 } 93 94 #define ENSURE_MSAN_INITED() do { \ 95 CHECK(!msan_init_is_running); \ 96 if (!msan_inited) { \ 97 __msan_init(); \ 98 } \ 99 } while (0) 100 101 // Check that [x, x+n) range is unpoisoned. 102 #define CHECK_UNPOISONED_0(x, n) \ 103 do { \ 104 sptr __offset = __msan_test_shadow(x, n); \ 105 if (__msan::IsInSymbolizer()) break; \ 106 if (__offset >= 0 && __msan::flags()->report_umrs) { \ 107 GET_CALLER_PC_BP_SP; \ 108 (void)sp; \ 109 ReportUMRInsideAddressRange(__func__, x, n, __offset); \ 110 __msan::PrintWarningWithOrigin( \ 111 pc, bp, __msan_get_origin((const char *)x + __offset)); \ 112 if (__msan::flags()->halt_on_error) { \ 113 Printf("Exiting\n"); \ 114 Die(); \ 115 } \ 116 } \ 117 } while (0) 118 119 // Check that [x, x+n) range is unpoisoned unless we are in a nested 120 // interceptor. 121 #define CHECK_UNPOISONED(x, n) \ 122 do { \ 123 if (!IsInInterceptorScope()) CHECK_UNPOISONED_0(x, n); \ 124 } while (0) 125 126 #define CHECK_UNPOISONED_STRING_OF_LEN(x, len, n) \ 127 CHECK_UNPOISONED((x), \ 128 common_flags()->strict_string_checks ? (len) + 1 : (n) ) 129 130 #define CHECK_UNPOISONED_STRING(x, n) \ 131 CHECK_UNPOISONED_STRING_OF_LEN((x), internal_strlen(x), (n)) 132 133 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 134 INTERCEPTOR(SIZE_T, fread_unlocked, void *ptr, SIZE_T size, SIZE_T nmemb, 135 void *file) { 136 ENSURE_MSAN_INITED(); 137 SIZE_T res = REAL(fread_unlocked)(ptr, size, nmemb, file); 138 if (res > 0) 139 __msan_unpoison(ptr, res *size); 140 return res; 141 } 142 #define MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED INTERCEPT_FUNCTION(fread_unlocked) 143 #else 144 #define MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED 145 #endif 146 147 #if !SANITIZER_NETBSD 148 INTERCEPTOR(void *, mempcpy, void *dest, const void *src, SIZE_T n) { 149 return (char *)__msan_memcpy(dest, src, n) + n; 150 } 151 #define MSAN_MAYBE_INTERCEPT_MEMPCPY INTERCEPT_FUNCTION(mempcpy) 152 #else 153 #define MSAN_MAYBE_INTERCEPT_MEMPCPY 154 #endif 155 156 INTERCEPTOR(void *, memccpy, void *dest, const void *src, int c, SIZE_T n) { 157 ENSURE_MSAN_INITED(); 158 void *res = REAL(memccpy)(dest, src, c, n); 159 CHECK(!res || (res >= dest && res <= (char *)dest + n)); 160 SIZE_T sz = res ? (char *)res - (char *)dest : n; 161 CHECK_UNPOISONED(src, sz); 162 __msan_unpoison(dest, sz); 163 return res; 164 } 165 166 INTERCEPTOR(void *, bcopy, const void *src, void *dest, SIZE_T n) { 167 return __msan_memmove(dest, src, n); 168 } 169 170 INTERCEPTOR(int, posix_memalign, void **memptr, SIZE_T alignment, SIZE_T size) { 171 GET_MALLOC_STACK_TRACE; 172 CHECK_NE(memptr, 0); 173 int res = msan_posix_memalign(memptr, alignment, size, &stack); 174 if (!res) 175 __msan_unpoison(memptr, sizeof(*memptr)); 176 return res; 177 } 178 179 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 180 INTERCEPTOR(void *, memalign, SIZE_T alignment, SIZE_T size) { 181 GET_MALLOC_STACK_TRACE; 182 return msan_memalign(alignment, size, &stack); 183 } 184 #define MSAN_MAYBE_INTERCEPT_MEMALIGN INTERCEPT_FUNCTION(memalign) 185 #else 186 #define MSAN_MAYBE_INTERCEPT_MEMALIGN 187 #endif 188 189 INTERCEPTOR(void *, aligned_alloc, SIZE_T alignment, SIZE_T size) { 190 GET_MALLOC_STACK_TRACE; 191 return msan_aligned_alloc(alignment, size, &stack); 192 } 193 194 #if !SANITIZER_NETBSD 195 INTERCEPTOR(void *, __libc_memalign, SIZE_T alignment, SIZE_T size) { 196 GET_MALLOC_STACK_TRACE; 197 void *ptr = msan_memalign(alignment, size, &stack); 198 if (ptr) 199 DTLS_on_libc_memalign(ptr, size); 200 return ptr; 201 } 202 #define MSAN_MAYBE_INTERCEPT___LIBC_MEMALIGN INTERCEPT_FUNCTION(__libc_memalign) 203 #else 204 #define MSAN_MAYBE_INTERCEPT___LIBC_MEMALIGN 205 #endif 206 207 INTERCEPTOR(void *, valloc, SIZE_T size) { 208 GET_MALLOC_STACK_TRACE; 209 return msan_valloc(size, &stack); 210 } 211 212 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 213 INTERCEPTOR(void *, pvalloc, SIZE_T size) { 214 GET_MALLOC_STACK_TRACE; 215 return msan_pvalloc(size, &stack); 216 } 217 #define MSAN_MAYBE_INTERCEPT_PVALLOC INTERCEPT_FUNCTION(pvalloc) 218 #else 219 #define MSAN_MAYBE_INTERCEPT_PVALLOC 220 #endif 221 222 INTERCEPTOR(void, free, void *ptr) { 223 GET_MALLOC_STACK_TRACE; 224 if (!ptr || UNLIKELY(IsInDlsymAllocPool(ptr))) return; 225 MsanDeallocate(&stack, ptr); 226 } 227 228 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 229 INTERCEPTOR(void, cfree, void *ptr) { 230 GET_MALLOC_STACK_TRACE; 231 if (!ptr || UNLIKELY(IsInDlsymAllocPool(ptr))) return; 232 MsanDeallocate(&stack, ptr); 233 } 234 #define MSAN_MAYBE_INTERCEPT_CFREE INTERCEPT_FUNCTION(cfree) 235 #else 236 #define MSAN_MAYBE_INTERCEPT_CFREE 237 #endif 238 239 #if !SANITIZER_NETBSD 240 INTERCEPTOR(uptr, malloc_usable_size, void *ptr) { 241 return __sanitizer_get_allocated_size(ptr); 242 } 243 #define MSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE \ 244 INTERCEPT_FUNCTION(malloc_usable_size) 245 #else 246 #define MSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE 247 #endif 248 249 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 250 // This function actually returns a struct by value, but we can't unpoison a 251 // temporary! The following is equivalent on all supported platforms but 252 // aarch64 (which uses a different register for sret value). We have a test 253 // to confirm that. 254 INTERCEPTOR(void, mallinfo, __sanitizer_struct_mallinfo *sret) { 255 #ifdef __aarch64__ 256 uptr r8; 257 asm volatile("mov %0,x8" : "=r" (r8)); 258 sret = reinterpret_cast<__sanitizer_struct_mallinfo*>(r8); 259 #endif 260 REAL(memset)(sret, 0, sizeof(*sret)); 261 __msan_unpoison(sret, sizeof(*sret)); 262 } 263 #define MSAN_MAYBE_INTERCEPT_MALLINFO INTERCEPT_FUNCTION(mallinfo) 264 #else 265 #define MSAN_MAYBE_INTERCEPT_MALLINFO 266 #endif 267 268 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 269 INTERCEPTOR(int, mallopt, int cmd, int value) { 270 return 0; 271 } 272 #define MSAN_MAYBE_INTERCEPT_MALLOPT INTERCEPT_FUNCTION(mallopt) 273 #else 274 #define MSAN_MAYBE_INTERCEPT_MALLOPT 275 #endif 276 277 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 278 INTERCEPTOR(void, malloc_stats, void) { 279 // FIXME: implement, but don't call REAL(malloc_stats)! 280 } 281 #define MSAN_MAYBE_INTERCEPT_MALLOC_STATS INTERCEPT_FUNCTION(malloc_stats) 282 #else 283 #define MSAN_MAYBE_INTERCEPT_MALLOC_STATS 284 #endif 285 286 INTERCEPTOR(char *, strcpy, char *dest, const char *src) { 287 ENSURE_MSAN_INITED(); 288 GET_STORE_STACK_TRACE; 289 SIZE_T n = REAL(strlen)(src); 290 CHECK_UNPOISONED_STRING(src + n, 0); 291 char *res = REAL(strcpy)(dest, src); 292 CopyShadowAndOrigin(dest, src, n + 1, &stack); 293 return res; 294 } 295 296 INTERCEPTOR(char *, strncpy, char *dest, const char *src, SIZE_T n) { 297 ENSURE_MSAN_INITED(); 298 GET_STORE_STACK_TRACE; 299 SIZE_T copy_size = REAL(strnlen)(src, n); 300 if (copy_size < n) 301 copy_size++; // trailing \0 302 char *res = REAL(strncpy)(dest, src, n); 303 CopyShadowAndOrigin(dest, src, copy_size, &stack); 304 __msan_unpoison(dest + copy_size, n - copy_size); 305 return res; 306 } 307 308 #if !SANITIZER_NETBSD 309 INTERCEPTOR(char *, stpcpy, char *dest, const char *src) { 310 ENSURE_MSAN_INITED(); 311 GET_STORE_STACK_TRACE; 312 SIZE_T n = REAL(strlen)(src); 313 CHECK_UNPOISONED_STRING(src + n, 0); 314 char *res = REAL(stpcpy)(dest, src); 315 CopyShadowAndOrigin(dest, src, n + 1, &stack); 316 return res; 317 } 318 #define MSAN_MAYBE_INTERCEPT_STPCPY INTERCEPT_FUNCTION(stpcpy) 319 #else 320 #define MSAN_MAYBE_INTERCEPT_STPCPY 321 #endif 322 323 INTERCEPTOR(char *, strdup, char *src) { 324 ENSURE_MSAN_INITED(); 325 GET_STORE_STACK_TRACE; 326 // On FreeBSD strdup() leverages strlen(). 327 InterceptorScope interceptor_scope; 328 SIZE_T n = REAL(strlen)(src); 329 CHECK_UNPOISONED_STRING(src + n, 0); 330 char *res = REAL(strdup)(src); 331 CopyShadowAndOrigin(res, src, n + 1, &stack); 332 return res; 333 } 334 335 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 336 INTERCEPTOR(char *, __strdup, char *src) { 337 ENSURE_MSAN_INITED(); 338 GET_STORE_STACK_TRACE; 339 SIZE_T n = REAL(strlen)(src); 340 CHECK_UNPOISONED_STRING(src + n, 0); 341 char *res = REAL(__strdup)(src); 342 CopyShadowAndOrigin(res, src, n + 1, &stack); 343 return res; 344 } 345 #define MSAN_MAYBE_INTERCEPT___STRDUP INTERCEPT_FUNCTION(__strdup) 346 #else 347 #define MSAN_MAYBE_INTERCEPT___STRDUP 348 #endif 349 350 #if !SANITIZER_NETBSD 351 INTERCEPTOR(char *, gcvt, double number, SIZE_T ndigit, char *buf) { 352 ENSURE_MSAN_INITED(); 353 char *res = REAL(gcvt)(number, ndigit, buf); 354 SIZE_T n = REAL(strlen)(buf); 355 __msan_unpoison(buf, n + 1); 356 return res; 357 } 358 #define MSAN_MAYBE_INTERCEPT_GCVT INTERCEPT_FUNCTION(gcvt) 359 #else 360 #define MSAN_MAYBE_INTERCEPT_GCVT 361 #endif 362 363 INTERCEPTOR(char *, strcat, char *dest, const char *src) { 364 ENSURE_MSAN_INITED(); 365 GET_STORE_STACK_TRACE; 366 SIZE_T src_size = REAL(strlen)(src); 367 SIZE_T dest_size = REAL(strlen)(dest); 368 CHECK_UNPOISONED_STRING(src + src_size, 0); 369 CHECK_UNPOISONED_STRING(dest + dest_size, 0); 370 char *res = REAL(strcat)(dest, src); 371 CopyShadowAndOrigin(dest + dest_size, src, src_size + 1, &stack); 372 return res; 373 } 374 375 INTERCEPTOR(char *, strncat, char *dest, const char *src, SIZE_T n) { 376 ENSURE_MSAN_INITED(); 377 GET_STORE_STACK_TRACE; 378 SIZE_T dest_size = REAL(strlen)(dest); 379 SIZE_T copy_size = REAL(strnlen)(src, n); 380 CHECK_UNPOISONED_STRING(dest + dest_size, 0); 381 char *res = REAL(strncat)(dest, src, n); 382 CopyShadowAndOrigin(dest + dest_size, src, copy_size, &stack); 383 __msan_unpoison(dest + dest_size + copy_size, 1); // \0 384 return res; 385 } 386 387 // Hack: always pass nptr and endptr as part of __VA_ARGS_ to avoid having to 388 // deal with empty __VA_ARGS__ in the case of INTERCEPTOR_STRTO. 389 #define INTERCEPTOR_STRTO_BODY(ret_type, func, ...) \ 390 ENSURE_MSAN_INITED(); \ 391 ret_type res = REAL(func)(__VA_ARGS__); \ 392 __msan_unpoison(endptr, sizeof(*endptr)); \ 393 return res; 394 395 #define INTERCEPTOR_STRTO(ret_type, func, char_type) \ 396 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr) { \ 397 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr); \ 398 } 399 400 #define INTERCEPTOR_STRTO_BASE(ret_type, func, char_type) \ 401 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr, \ 402 int base) { \ 403 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr, base); \ 404 } 405 406 #define INTERCEPTOR_STRTO_LOC(ret_type, func, char_type) \ 407 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr, \ 408 void *loc) { \ 409 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr, loc); \ 410 } 411 412 #define INTERCEPTOR_STRTO_BASE_LOC(ret_type, func, char_type) \ 413 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr, \ 414 int base, void *loc) { \ 415 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr, base, loc); \ 416 } 417 418 #if SANITIZER_NETBSD 419 #define INTERCEPTORS_STRTO(ret_type, func, char_type) \ 420 INTERCEPTOR_STRTO(ret_type, func, char_type) \ 421 INTERCEPTOR_STRTO_LOC(ret_type, func##_l, char_type) 422 423 #define INTERCEPTORS_STRTO_BASE(ret_type, func, char_type) \ 424 INTERCEPTOR_STRTO_BASE(ret_type, func, char_type) \ 425 INTERCEPTOR_STRTO_BASE_LOC(ret_type, func##_l, char_type) 426 427 #else 428 #define INTERCEPTORS_STRTO(ret_type, func, char_type) \ 429 INTERCEPTOR_STRTO(ret_type, func, char_type) \ 430 INTERCEPTOR_STRTO_LOC(ret_type, func##_l, char_type) \ 431 INTERCEPTOR_STRTO_LOC(ret_type, __##func##_l, char_type) \ 432 INTERCEPTOR_STRTO_LOC(ret_type, __##func##_internal, char_type) 433 434 #define INTERCEPTORS_STRTO_BASE(ret_type, func, char_type) \ 435 INTERCEPTOR_STRTO_BASE(ret_type, func, char_type) \ 436 INTERCEPTOR_STRTO_BASE_LOC(ret_type, func##_l, char_type) \ 437 INTERCEPTOR_STRTO_BASE_LOC(ret_type, __##func##_l, char_type) \ 438 INTERCEPTOR_STRTO_BASE_LOC(ret_type, __##func##_internal, char_type) 439 #endif 440 441 INTERCEPTORS_STRTO(double, strtod, char) 442 INTERCEPTORS_STRTO(float, strtof, char) 443 INTERCEPTORS_STRTO(long double, strtold, char) 444 INTERCEPTORS_STRTO_BASE(long, strtol, char) 445 INTERCEPTORS_STRTO_BASE(long long, strtoll, char) 446 INTERCEPTORS_STRTO_BASE(unsigned long, strtoul, char) 447 INTERCEPTORS_STRTO_BASE(unsigned long long, strtoull, char) 448 INTERCEPTORS_STRTO_BASE(u64, strtouq, char) 449 450 INTERCEPTORS_STRTO(double, wcstod, wchar_t) 451 INTERCEPTORS_STRTO(float, wcstof, wchar_t) 452 INTERCEPTORS_STRTO(long double, wcstold, wchar_t) 453 INTERCEPTORS_STRTO_BASE(long, wcstol, wchar_t) 454 INTERCEPTORS_STRTO_BASE(long long, wcstoll, wchar_t) 455 INTERCEPTORS_STRTO_BASE(unsigned long, wcstoul, wchar_t) 456 INTERCEPTORS_STRTO_BASE(unsigned long long, wcstoull, wchar_t) 457 458 #if SANITIZER_NETBSD 459 #define INTERCEPT_STRTO(func) \ 460 INTERCEPT_FUNCTION(func); \ 461 INTERCEPT_FUNCTION(func##_l); 462 #else 463 #define INTERCEPT_STRTO(func) \ 464 INTERCEPT_FUNCTION(func); \ 465 INTERCEPT_FUNCTION(func##_l); \ 466 INTERCEPT_FUNCTION(__##func##_l); \ 467 INTERCEPT_FUNCTION(__##func##_internal); 468 #endif 469 470 471 // FIXME: support *wprintf in common format interceptors. 472 INTERCEPTOR(int, vswprintf, void *str, uptr size, void *format, va_list ap) { 473 ENSURE_MSAN_INITED(); 474 int res = REAL(vswprintf)(str, size, format, ap); 475 if (res >= 0) { 476 __msan_unpoison(str, 4 * (res + 1)); 477 } 478 return res; 479 } 480 481 INTERCEPTOR(int, swprintf, void *str, uptr size, void *format, ...) { 482 ENSURE_MSAN_INITED(); 483 va_list ap; 484 va_start(ap, format); 485 int res = vswprintf(str, size, format, ap); 486 va_end(ap); 487 return res; 488 } 489 490 #define INTERCEPTOR_STRFTIME_BODY(char_type, ret_type, func, s, ...) \ 491 ENSURE_MSAN_INITED(); \ 492 InterceptorScope interceptor_scope; \ 493 ret_type res = REAL(func)(s, __VA_ARGS__); \ 494 if (s) __msan_unpoison(s, sizeof(char_type) * (res + 1)); \ 495 return res; 496 497 INTERCEPTOR(SIZE_T, strftime, char *s, SIZE_T max, const char *format, 498 __sanitizer_tm *tm) { 499 INTERCEPTOR_STRFTIME_BODY(char, SIZE_T, strftime, s, max, format, tm); 500 } 501 502 INTERCEPTOR(SIZE_T, strftime_l, char *s, SIZE_T max, const char *format, 503 __sanitizer_tm *tm, void *loc) { 504 INTERCEPTOR_STRFTIME_BODY(char, SIZE_T, strftime_l, s, max, format, tm, loc); 505 } 506 507 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 508 INTERCEPTOR(SIZE_T, __strftime_l, char *s, SIZE_T max, const char *format, 509 __sanitizer_tm *tm, void *loc) { 510 INTERCEPTOR_STRFTIME_BODY(char, SIZE_T, __strftime_l, s, max, format, tm, 511 loc); 512 } 513 #define MSAN_MAYBE_INTERCEPT___STRFTIME_L INTERCEPT_FUNCTION(__strftime_l) 514 #else 515 #define MSAN_MAYBE_INTERCEPT___STRFTIME_L 516 #endif 517 518 INTERCEPTOR(SIZE_T, wcsftime, wchar_t *s, SIZE_T max, const wchar_t *format, 519 __sanitizer_tm *tm) { 520 INTERCEPTOR_STRFTIME_BODY(wchar_t, SIZE_T, wcsftime, s, max, format, tm); 521 } 522 523 INTERCEPTOR(SIZE_T, wcsftime_l, wchar_t *s, SIZE_T max, const wchar_t *format, 524 __sanitizer_tm *tm, void *loc) { 525 INTERCEPTOR_STRFTIME_BODY(wchar_t, SIZE_T, wcsftime_l, s, max, format, tm, 526 loc); 527 } 528 529 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 530 INTERCEPTOR(SIZE_T, __wcsftime_l, wchar_t *s, SIZE_T max, const wchar_t *format, 531 __sanitizer_tm *tm, void *loc) { 532 INTERCEPTOR_STRFTIME_BODY(wchar_t, SIZE_T, __wcsftime_l, s, max, format, tm, 533 loc); 534 } 535 #define MSAN_MAYBE_INTERCEPT___WCSFTIME_L INTERCEPT_FUNCTION(__wcsftime_l) 536 #else 537 #define MSAN_MAYBE_INTERCEPT___WCSFTIME_L 538 #endif 539 540 INTERCEPTOR(int, mbtowc, wchar_t *dest, const char *src, SIZE_T n) { 541 ENSURE_MSAN_INITED(); 542 int res = REAL(mbtowc)(dest, src, n); 543 if (res != -1 && dest) __msan_unpoison(dest, sizeof(wchar_t)); 544 return res; 545 } 546 547 INTERCEPTOR(SIZE_T, mbrtowc, wchar_t *dest, const char *src, SIZE_T n, 548 void *ps) { 549 ENSURE_MSAN_INITED(); 550 SIZE_T res = REAL(mbrtowc)(dest, src, n, ps); 551 if (res != (SIZE_T)-1 && dest) __msan_unpoison(dest, sizeof(wchar_t)); 552 return res; 553 } 554 555 // wchar_t *wmemcpy(wchar_t *dest, const wchar_t *src, SIZE_T n); 556 INTERCEPTOR(wchar_t *, wmemcpy, wchar_t *dest, const wchar_t *src, SIZE_T n) { 557 ENSURE_MSAN_INITED(); 558 GET_STORE_STACK_TRACE; 559 wchar_t *res = REAL(wmemcpy)(dest, src, n); 560 CopyShadowAndOrigin(dest, src, n * sizeof(wchar_t), &stack); 561 return res; 562 } 563 564 #if !SANITIZER_NETBSD 565 INTERCEPTOR(wchar_t *, wmempcpy, wchar_t *dest, const wchar_t *src, SIZE_T n) { 566 ENSURE_MSAN_INITED(); 567 GET_STORE_STACK_TRACE; 568 wchar_t *res = REAL(wmempcpy)(dest, src, n); 569 CopyShadowAndOrigin(dest, src, n * sizeof(wchar_t), &stack); 570 return res; 571 } 572 #define MSAN_MAYBE_INTERCEPT_WMEMPCPY INTERCEPT_FUNCTION(wmempcpy) 573 #else 574 #define MSAN_MAYBE_INTERCEPT_WMEMPCPY 575 #endif 576 577 INTERCEPTOR(wchar_t *, wmemset, wchar_t *s, wchar_t c, SIZE_T n) { 578 CHECK(MEM_IS_APP(s)); 579 ENSURE_MSAN_INITED(); 580 wchar_t *res = REAL(wmemset)(s, c, n); 581 __msan_unpoison(s, n * sizeof(wchar_t)); 582 return res; 583 } 584 585 INTERCEPTOR(wchar_t *, wmemmove, wchar_t *dest, const wchar_t *src, SIZE_T n) { 586 ENSURE_MSAN_INITED(); 587 GET_STORE_STACK_TRACE; 588 wchar_t *res = REAL(wmemmove)(dest, src, n); 589 MoveShadowAndOrigin(dest, src, n * sizeof(wchar_t), &stack); 590 return res; 591 } 592 593 INTERCEPTOR(int, wcscmp, const wchar_t *s1, const wchar_t *s2) { 594 ENSURE_MSAN_INITED(); 595 int res = REAL(wcscmp)(s1, s2); 596 return res; 597 } 598 599 INTERCEPTOR(int, gettimeofday, void *tv, void *tz) { 600 ENSURE_MSAN_INITED(); 601 int res = REAL(gettimeofday)(tv, tz); 602 if (tv) 603 __msan_unpoison(tv, 16); 604 if (tz) 605 __msan_unpoison(tz, 8); 606 return res; 607 } 608 609 #if !SANITIZER_NETBSD 610 INTERCEPTOR(char *, fcvt, double x, int a, int *b, int *c) { 611 ENSURE_MSAN_INITED(); 612 char *res = REAL(fcvt)(x, a, b, c); 613 __msan_unpoison(b, sizeof(*b)); 614 __msan_unpoison(c, sizeof(*c)); 615 if (res) __msan_unpoison(res, REAL(strlen)(res) + 1); 616 return res; 617 } 618 #define MSAN_MAYBE_INTERCEPT_FCVT INTERCEPT_FUNCTION(fcvt) 619 #else 620 #define MSAN_MAYBE_INTERCEPT_FCVT 621 #endif 622 623 INTERCEPTOR(char *, getenv, char *name) { 624 if (msan_init_is_running) 625 return REAL(getenv)(name); 626 ENSURE_MSAN_INITED(); 627 char *res = REAL(getenv)(name); 628 if (res) __msan_unpoison(res, REAL(strlen)(res) + 1); 629 return res; 630 } 631 632 extern char **environ; 633 634 static void UnpoisonEnviron() { 635 char **envp = environ; 636 for (; *envp; ++envp) { 637 __msan_unpoison(envp, sizeof(*envp)); 638 __msan_unpoison(*envp, REAL(strlen)(*envp) + 1); 639 } 640 // Trailing NULL pointer. 641 __msan_unpoison(envp, sizeof(*envp)); 642 } 643 644 INTERCEPTOR(int, setenv, const char *name, const char *value, int overwrite) { 645 ENSURE_MSAN_INITED(); 646 CHECK_UNPOISONED_STRING(name, 0); 647 int res = REAL(setenv)(name, value, overwrite); 648 if (!res) UnpoisonEnviron(); 649 return res; 650 } 651 652 INTERCEPTOR(int, putenv, char *string) { 653 ENSURE_MSAN_INITED(); 654 int res = REAL(putenv)(string); 655 if (!res) UnpoisonEnviron(); 656 return res; 657 } 658 659 #if SANITIZER_FREEBSD || SANITIZER_NETBSD 660 INTERCEPTOR(int, fstat, int fd, void *buf) { 661 ENSURE_MSAN_INITED(); 662 int res = REAL(fstat)(fd, buf); 663 if (!res) 664 __msan_unpoison(buf, __sanitizer::struct_stat_sz); 665 return res; 666 } 667 #define MSAN_MAYBE_INTERCEPT_FSTAT INTERCEPT_FUNCTION(fstat) 668 #else 669 #define MSAN_MAYBE_INTERCEPT_FSTAT 670 #endif 671 672 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 673 INTERCEPTOR(int, __fxstat, int magic, int fd, void *buf) { 674 ENSURE_MSAN_INITED(); 675 int res = REAL(__fxstat)(magic, fd, buf); 676 if (!res) 677 __msan_unpoison(buf, __sanitizer::struct_stat_sz); 678 return res; 679 } 680 #define MSAN_MAYBE_INTERCEPT___FXSTAT INTERCEPT_FUNCTION(__fxstat) 681 #else 682 #define MSAN_MAYBE_INTERCEPT___FXSTAT 683 #endif 684 685 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 686 INTERCEPTOR(int, __fxstat64, int magic, int fd, void *buf) { 687 ENSURE_MSAN_INITED(); 688 int res = REAL(__fxstat64)(magic, fd, buf); 689 if (!res) 690 __msan_unpoison(buf, __sanitizer::struct_stat64_sz); 691 return res; 692 } 693 #define MSAN_MAYBE_INTERCEPT___FXSTAT64 INTERCEPT_FUNCTION(__fxstat64) 694 #else 695 #define MSAN_MAYBE_INTERCEPT___FXSTAT64 696 #endif 697 698 #if SANITIZER_FREEBSD || SANITIZER_NETBSD 699 INTERCEPTOR(int, fstatat, int fd, char *pathname, void *buf, int flags) { 700 ENSURE_MSAN_INITED(); 701 int res = REAL(fstatat)(fd, pathname, buf, flags); 702 if (!res) __msan_unpoison(buf, __sanitizer::struct_stat_sz); 703 return res; 704 } 705 # define MSAN_INTERCEPT_FSTATAT INTERCEPT_FUNCTION(fstatat) 706 #else 707 INTERCEPTOR(int, __fxstatat, int magic, int fd, char *pathname, void *buf, 708 int flags) { 709 ENSURE_MSAN_INITED(); 710 int res = REAL(__fxstatat)(magic, fd, pathname, buf, flags); 711 if (!res) __msan_unpoison(buf, __sanitizer::struct_stat_sz); 712 return res; 713 } 714 # define MSAN_INTERCEPT_FSTATAT INTERCEPT_FUNCTION(__fxstatat) 715 #endif 716 717 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 718 INTERCEPTOR(int, __fxstatat64, int magic, int fd, char *pathname, void *buf, 719 int flags) { 720 ENSURE_MSAN_INITED(); 721 int res = REAL(__fxstatat64)(magic, fd, pathname, buf, flags); 722 if (!res) __msan_unpoison(buf, __sanitizer::struct_stat64_sz); 723 return res; 724 } 725 #define MSAN_MAYBE_INTERCEPT___FXSTATAT64 INTERCEPT_FUNCTION(__fxstatat64) 726 #else 727 #define MSAN_MAYBE_INTERCEPT___FXSTATAT64 728 #endif 729 730 INTERCEPTOR(int, pipe, int pipefd[2]) { 731 if (msan_init_is_running) 732 return REAL(pipe)(pipefd); 733 ENSURE_MSAN_INITED(); 734 int res = REAL(pipe)(pipefd); 735 if (!res) 736 __msan_unpoison(pipefd, sizeof(int[2])); 737 return res; 738 } 739 740 INTERCEPTOR(int, pipe2, int pipefd[2], int flags) { 741 ENSURE_MSAN_INITED(); 742 int res = REAL(pipe2)(pipefd, flags); 743 if (!res) 744 __msan_unpoison(pipefd, sizeof(int[2])); 745 return res; 746 } 747 748 INTERCEPTOR(int, socketpair, int domain, int type, int protocol, int sv[2]) { 749 ENSURE_MSAN_INITED(); 750 int res = REAL(socketpair)(domain, type, protocol, sv); 751 if (!res) 752 __msan_unpoison(sv, sizeof(int[2])); 753 return res; 754 } 755 756 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 757 INTERCEPTOR(char *, fgets_unlocked, char *s, int size, void *stream) { 758 ENSURE_MSAN_INITED(); 759 char *res = REAL(fgets_unlocked)(s, size, stream); 760 if (res) 761 __msan_unpoison(s, REAL(strlen)(s) + 1); 762 return res; 763 } 764 #define MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED INTERCEPT_FUNCTION(fgets_unlocked) 765 #else 766 #define MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED 767 #endif 768 769 #define INTERCEPTOR_GETRLIMIT_BODY(func, resource, rlim) \ 770 if (msan_init_is_running) \ 771 return REAL(getrlimit)(resource, rlim); \ 772 ENSURE_MSAN_INITED(); \ 773 int res = REAL(func)(resource, rlim); \ 774 if (!res) \ 775 __msan_unpoison(rlim, __sanitizer::struct_rlimit_sz); \ 776 return res 777 778 INTERCEPTOR(int, getrlimit, int resource, void *rlim) { 779 INTERCEPTOR_GETRLIMIT_BODY(getrlimit, resource, rlim); 780 } 781 782 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 783 INTERCEPTOR(int, __getrlimit, int resource, void *rlim) { 784 INTERCEPTOR_GETRLIMIT_BODY(__getrlimit, resource, rlim); 785 } 786 787 INTERCEPTOR(int, getrlimit64, int resource, void *rlim) { 788 if (msan_init_is_running) return REAL(getrlimit64)(resource, rlim); 789 ENSURE_MSAN_INITED(); 790 int res = REAL(getrlimit64)(resource, rlim); 791 if (!res) __msan_unpoison(rlim, __sanitizer::struct_rlimit64_sz); 792 return res; 793 } 794 795 INTERCEPTOR(int, prlimit, int pid, int resource, void *new_rlimit, 796 void *old_rlimit) { 797 if (msan_init_is_running) 798 return REAL(prlimit)(pid, resource, new_rlimit, old_rlimit); 799 ENSURE_MSAN_INITED(); 800 CHECK_UNPOISONED(new_rlimit, __sanitizer::struct_rlimit_sz); 801 int res = REAL(prlimit)(pid, resource, new_rlimit, old_rlimit); 802 if (!res) __msan_unpoison(old_rlimit, __sanitizer::struct_rlimit_sz); 803 return res; 804 } 805 806 INTERCEPTOR(int, prlimit64, int pid, int resource, void *new_rlimit, 807 void *old_rlimit) { 808 if (msan_init_is_running) 809 return REAL(prlimit64)(pid, resource, new_rlimit, old_rlimit); 810 ENSURE_MSAN_INITED(); 811 CHECK_UNPOISONED(new_rlimit, __sanitizer::struct_rlimit64_sz); 812 int res = REAL(prlimit64)(pid, resource, new_rlimit, old_rlimit); 813 if (!res) __msan_unpoison(old_rlimit, __sanitizer::struct_rlimit64_sz); 814 return res; 815 } 816 817 #define MSAN_MAYBE_INTERCEPT___GETRLIMIT INTERCEPT_FUNCTION(__getrlimit) 818 #define MSAN_MAYBE_INTERCEPT_GETRLIMIT64 INTERCEPT_FUNCTION(getrlimit64) 819 #define MSAN_MAYBE_INTERCEPT_PRLIMIT INTERCEPT_FUNCTION(prlimit) 820 #define MSAN_MAYBE_INTERCEPT_PRLIMIT64 INTERCEPT_FUNCTION(prlimit64) 821 #else 822 #define MSAN_MAYBE_INTERCEPT___GETRLIMIT 823 #define MSAN_MAYBE_INTERCEPT_GETRLIMIT64 824 #define MSAN_MAYBE_INTERCEPT_PRLIMIT 825 #define MSAN_MAYBE_INTERCEPT_PRLIMIT64 826 #endif 827 828 INTERCEPTOR(int, gethostname, char *name, SIZE_T len) { 829 ENSURE_MSAN_INITED(); 830 int res = REAL(gethostname)(name, len); 831 if (!res || (res == -1 && errno == errno_ENAMETOOLONG)) { 832 SIZE_T real_len = REAL(strnlen)(name, len); 833 if (real_len < len) 834 ++real_len; 835 __msan_unpoison(name, real_len); 836 } 837 return res; 838 } 839 840 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 841 INTERCEPTOR(int, epoll_wait, int epfd, void *events, int maxevents, 842 int timeout) { 843 ENSURE_MSAN_INITED(); 844 int res = REAL(epoll_wait)(epfd, events, maxevents, timeout); 845 if (res > 0) { 846 __msan_unpoison(events, __sanitizer::struct_epoll_event_sz * res); 847 } 848 return res; 849 } 850 #define MSAN_MAYBE_INTERCEPT_EPOLL_WAIT INTERCEPT_FUNCTION(epoll_wait) 851 #else 852 #define MSAN_MAYBE_INTERCEPT_EPOLL_WAIT 853 #endif 854 855 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 856 INTERCEPTOR(int, epoll_pwait, int epfd, void *events, int maxevents, 857 int timeout, void *sigmask) { 858 ENSURE_MSAN_INITED(); 859 int res = REAL(epoll_pwait)(epfd, events, maxevents, timeout, sigmask); 860 if (res > 0) { 861 __msan_unpoison(events, __sanitizer::struct_epoll_event_sz * res); 862 } 863 return res; 864 } 865 #define MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT INTERCEPT_FUNCTION(epoll_pwait) 866 #else 867 #define MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT 868 #endif 869 870 INTERCEPTOR(void *, calloc, SIZE_T nmemb, SIZE_T size) { 871 GET_MALLOC_STACK_TRACE; 872 if (UNLIKELY(!msan_inited)) 873 // Hack: dlsym calls calloc before REAL(calloc) is retrieved from dlsym. 874 return AllocateFromLocalPool(nmemb * size); 875 return msan_calloc(nmemb, size, &stack); 876 } 877 878 INTERCEPTOR(void *, realloc, void *ptr, SIZE_T size) { 879 GET_MALLOC_STACK_TRACE; 880 if (UNLIKELY(IsInDlsymAllocPool(ptr))) { 881 uptr offset = (uptr)ptr - (uptr)alloc_memory_for_dlsym; 882 uptr copy_size = Min(size, kDlsymAllocPoolSize - offset); 883 void *new_ptr; 884 if (UNLIKELY(!msan_inited)) { 885 new_ptr = AllocateFromLocalPool(copy_size); 886 } else { 887 copy_size = size; 888 new_ptr = msan_malloc(copy_size, &stack); 889 } 890 internal_memcpy(new_ptr, ptr, copy_size); 891 return new_ptr; 892 } 893 return msan_realloc(ptr, size, &stack); 894 } 895 896 INTERCEPTOR(void *, reallocarray, void *ptr, SIZE_T nmemb, SIZE_T size) { 897 GET_MALLOC_STACK_TRACE; 898 return msan_reallocarray(ptr, nmemb, size, &stack); 899 } 900 901 INTERCEPTOR(void *, malloc, SIZE_T size) { 902 GET_MALLOC_STACK_TRACE; 903 if (UNLIKELY(!msan_inited)) 904 // Hack: dlsym calls malloc before REAL(malloc) is retrieved from dlsym. 905 return AllocateFromLocalPool(size); 906 return msan_malloc(size, &stack); 907 } 908 909 void __msan_allocated_memory(const void *data, uptr size) { 910 GET_MALLOC_STACK_TRACE; 911 if (flags()->poison_in_malloc) { 912 stack.tag = STACK_TRACE_TAG_POISON; 913 PoisonMemory(data, size, &stack); 914 } 915 } 916 917 void __msan_copy_shadow(void *dest, const void *src, uptr n) { 918 GET_STORE_STACK_TRACE; 919 MoveShadowAndOrigin(dest, src, n, &stack); 920 } 921 922 void __sanitizer_dtor_callback(const void *data, uptr size) { 923 GET_MALLOC_STACK_TRACE; 924 if (flags()->poison_in_dtor) { 925 stack.tag = STACK_TRACE_TAG_POISON; 926 PoisonMemory(data, size, &stack); 927 } 928 } 929 930 template <class Mmap> 931 static void *mmap_interceptor(Mmap real_mmap, void *addr, SIZE_T length, 932 int prot, int flags, int fd, OFF64_T offset) { 933 SIZE_T rounded_length = RoundUpTo(length, GetPageSize()); 934 void *end_addr = (char *)addr + (rounded_length - 1); 935 if (addr && (!MEM_IS_APP(addr) || !MEM_IS_APP(end_addr))) { 936 if (flags & map_fixed) { 937 errno = errno_EINVAL; 938 return (void *)-1; 939 } else { 940 addr = nullptr; 941 } 942 } 943 void *res = real_mmap(addr, length, prot, flags, fd, offset); 944 if (res != (void *)-1) { 945 void *end_res = (char *)res + (rounded_length - 1); 946 if (MEM_IS_APP(res) && MEM_IS_APP(end_res)) { 947 __msan_unpoison(res, rounded_length); 948 } else { 949 // Application has attempted to map more memory than is supported by 950 // MSAN. Act as if we ran out of memory. 951 internal_munmap(res, length); 952 errno = errno_ENOMEM; 953 return (void *)-1; 954 } 955 } 956 return res; 957 } 958 959 INTERCEPTOR(int, getrusage, int who, void *usage) { 960 ENSURE_MSAN_INITED(); 961 int res = REAL(getrusage)(who, usage); 962 if (res == 0) { 963 __msan_unpoison(usage, __sanitizer::struct_rusage_sz); 964 } 965 return res; 966 } 967 968 class SignalHandlerScope { 969 public: 970 SignalHandlerScope() { 971 if (MsanThread *t = GetCurrentThread()) 972 t->EnterSignalHandler(); 973 } 974 ~SignalHandlerScope() { 975 if (MsanThread *t = GetCurrentThread()) 976 t->LeaveSignalHandler(); 977 } 978 }; 979 980 // sigactions_mu guarantees atomicity of sigaction() and signal() calls. 981 // Access to sigactions[] is gone with relaxed atomics to avoid data race with 982 // the signal handler. 983 const int kMaxSignals = 1024; 984 static atomic_uintptr_t sigactions[kMaxSignals]; 985 static StaticSpinMutex sigactions_mu; 986 987 static void SignalHandler(int signo) { 988 SignalHandlerScope signal_handler_scope; 989 ScopedThreadLocalStateBackup stlsb; 990 UnpoisonParam(1); 991 992 typedef void (*signal_cb)(int x); 993 signal_cb cb = 994 (signal_cb)atomic_load(&sigactions[signo], memory_order_relaxed); 995 cb(signo); 996 } 997 998 static void SignalAction(int signo, void *si, void *uc) { 999 SignalHandlerScope signal_handler_scope; 1000 ScopedThreadLocalStateBackup stlsb; 1001 UnpoisonParam(3); 1002 __msan_unpoison(si, sizeof(__sanitizer_sigaction)); 1003 __msan_unpoison(uc, __sanitizer::ucontext_t_sz); 1004 1005 typedef void (*sigaction_cb)(int, void *, void *); 1006 sigaction_cb cb = 1007 (sigaction_cb)atomic_load(&sigactions[signo], memory_order_relaxed); 1008 cb(signo, si, uc); 1009 } 1010 1011 static void read_sigaction(const __sanitizer_sigaction *act) { 1012 CHECK_UNPOISONED(&act->sa_flags, sizeof(act->sa_flags)); 1013 if (act->sa_flags & __sanitizer::sa_siginfo) 1014 CHECK_UNPOISONED(&act->sigaction, sizeof(act->sigaction)); 1015 else 1016 CHECK_UNPOISONED(&act->handler, sizeof(act->handler)); 1017 CHECK_UNPOISONED(&act->sa_mask, sizeof(act->sa_mask)); 1018 } 1019 1020 extern "C" int pthread_attr_init(void *attr); 1021 extern "C" int pthread_attr_destroy(void *attr); 1022 1023 static void *MsanThreadStartFunc(void *arg) { 1024 MsanThread *t = (MsanThread *)arg; 1025 SetCurrentThread(t); 1026 return t->ThreadStart(); 1027 } 1028 1029 INTERCEPTOR(int, pthread_create, void *th, void *attr, void *(*callback)(void*), 1030 void * param) { 1031 ENSURE_MSAN_INITED(); // for GetTlsSize() 1032 __sanitizer_pthread_attr_t myattr; 1033 if (!attr) { 1034 pthread_attr_init(&myattr); 1035 attr = &myattr; 1036 } 1037 1038 AdjustStackSize(attr); 1039 1040 MsanThread *t = MsanThread::Create(callback, param); 1041 1042 int res = REAL(pthread_create)(th, attr, MsanThreadStartFunc, t); 1043 1044 if (attr == &myattr) 1045 pthread_attr_destroy(&myattr); 1046 if (!res) { 1047 __msan_unpoison(th, __sanitizer::pthread_t_sz); 1048 } 1049 return res; 1050 } 1051 1052 INTERCEPTOR(int, pthread_key_create, __sanitizer_pthread_key_t *key, 1053 void (*dtor)(void *value)) { 1054 if (msan_init_is_running) return REAL(pthread_key_create)(key, dtor); 1055 ENSURE_MSAN_INITED(); 1056 int res = REAL(pthread_key_create)(key, dtor); 1057 if (!res && key) 1058 __msan_unpoison(key, sizeof(*key)); 1059 return res; 1060 } 1061 1062 #if SANITIZER_NETBSD 1063 INTERCEPTOR(int, __libc_thr_keycreate, __sanitizer_pthread_key_t *m, 1064 void (*dtor)(void *value)) 1065 ALIAS(WRAPPER_NAME(pthread_key_create)); 1066 #endif 1067 1068 INTERCEPTOR(int, pthread_join, void *th, void **retval) { 1069 ENSURE_MSAN_INITED(); 1070 int res = REAL(pthread_join)(th, retval); 1071 if (!res && retval) 1072 __msan_unpoison(retval, sizeof(*retval)); 1073 return res; 1074 } 1075 1076 extern char *tzname[2]; 1077 1078 INTERCEPTOR(void, tzset, int fake) { 1079 ENSURE_MSAN_INITED(); 1080 InterceptorScope interceptor_scope; 1081 REAL(tzset)(fake); 1082 if (tzname[0]) 1083 __msan_unpoison(tzname[0], REAL(strlen)(tzname[0]) + 1); 1084 if (tzname[1]) 1085 __msan_unpoison(tzname[1], REAL(strlen)(tzname[1]) + 1); 1086 return; 1087 } 1088 1089 struct MSanAtExitRecord { 1090 void (*func)(void *arg); 1091 void *arg; 1092 }; 1093 1094 struct InterceptorContext { 1095 BlockingMutex atexit_mu; 1096 Vector<struct MSanAtExitRecord *> AtExitStack; 1097 1098 InterceptorContext() 1099 : AtExitStack() { 1100 } 1101 }; 1102 1103 static ALIGNED(64) char interceptor_placeholder[sizeof(InterceptorContext)]; 1104 InterceptorContext *interceptor_ctx() { 1105 return reinterpret_cast<InterceptorContext*>(&interceptor_placeholder[0]); 1106 } 1107 1108 void MSanAtExitWrapper() { 1109 MSanAtExitRecord *r; 1110 { 1111 BlockingMutexLock l(&interceptor_ctx()->atexit_mu); 1112 1113 uptr element = interceptor_ctx()->AtExitStack.Size() - 1; 1114 r = interceptor_ctx()->AtExitStack[element]; 1115 interceptor_ctx()->AtExitStack.PopBack(); 1116 } 1117 1118 UnpoisonParam(1); 1119 ((void(*)())r->func)(); 1120 InternalFree(r); 1121 } 1122 1123 void MSanCxaAtExitWrapper(void *arg) { 1124 UnpoisonParam(1); 1125 MSanAtExitRecord *r = (MSanAtExitRecord *)arg; 1126 // libc before 2.27 had race which caused occasional double handler execution 1127 // https://sourceware.org/ml/libc-alpha/2017-08/msg01204.html 1128 if (!r->func) 1129 return; 1130 r->func(r->arg); 1131 r->func = nullptr; 1132 } 1133 1134 static int setup_at_exit_wrapper(void(*f)(), void *arg, void *dso); 1135 1136 // Unpoison argument shadow for C++ module destructors. 1137 INTERCEPTOR(int, __cxa_atexit, void (*func)(void *), void *arg, 1138 void *dso_handle) { 1139 if (msan_init_is_running) return REAL(__cxa_atexit)(func, arg, dso_handle); 1140 return setup_at_exit_wrapper((void(*)())func, arg, dso_handle); 1141 } 1142 1143 // Unpoison argument shadow for C++ module destructors. 1144 INTERCEPTOR(int, atexit, void (*func)()) { 1145 // Avoid calling real atexit as it is unrechable on at least on Linux. 1146 if (msan_init_is_running) 1147 return REAL(__cxa_atexit)((void (*)(void *a))func, 0, 0); 1148 return setup_at_exit_wrapper((void(*)())func, 0, 0); 1149 } 1150 1151 static int setup_at_exit_wrapper(void(*f)(), void *arg, void *dso) { 1152 ENSURE_MSAN_INITED(); 1153 MSanAtExitRecord *r = 1154 (MSanAtExitRecord *)InternalAlloc(sizeof(MSanAtExitRecord)); 1155 r->func = (void(*)(void *a))f; 1156 r->arg = arg; 1157 int res; 1158 if (!dso) { 1159 // NetBSD does not preserve the 2nd argument if dso is equal to 0 1160 // Store ctx in a local stack-like structure 1161 1162 BlockingMutexLock l(&interceptor_ctx()->atexit_mu); 1163 1164 res = REAL(__cxa_atexit)((void (*)(void *a))MSanAtExitWrapper, 0, 0); 1165 if (!res) { 1166 interceptor_ctx()->AtExitStack.PushBack(r); 1167 } 1168 } else { 1169 res = REAL(__cxa_atexit)(MSanCxaAtExitWrapper, r, dso); 1170 } 1171 return res; 1172 } 1173 1174 static void BeforeFork() { 1175 StackDepotLockAll(); 1176 ChainedOriginDepotLockAll(); 1177 } 1178 1179 static void AfterFork() { 1180 ChainedOriginDepotUnlockAll(); 1181 StackDepotUnlockAll(); 1182 } 1183 1184 INTERCEPTOR(int, fork, void) { 1185 ENSURE_MSAN_INITED(); 1186 BeforeFork(); 1187 int pid = REAL(fork)(); 1188 AfterFork(); 1189 return pid; 1190 } 1191 1192 // NetBSD ships with openpty(3) in -lutil, that needs to be prebuilt explicitly 1193 // with MSan. 1194 #if SANITIZER_LINUX 1195 INTERCEPTOR(int, openpty, int *aparent, int *aworker, char *name, 1196 const void *termp, const void *winp) { 1197 ENSURE_MSAN_INITED(); 1198 InterceptorScope interceptor_scope; 1199 int res = REAL(openpty)(aparent, aworker, name, termp, winp); 1200 if (!res) { 1201 __msan_unpoison(aparent, sizeof(*aparent)); 1202 __msan_unpoison(aworker, sizeof(*aworker)); 1203 } 1204 return res; 1205 } 1206 #define MSAN_MAYBE_INTERCEPT_OPENPTY INTERCEPT_FUNCTION(openpty) 1207 #else 1208 #define MSAN_MAYBE_INTERCEPT_OPENPTY 1209 #endif 1210 1211 // NetBSD ships with forkpty(3) in -lutil, that needs to be prebuilt explicitly 1212 // with MSan. 1213 #if SANITIZER_LINUX 1214 INTERCEPTOR(int, forkpty, int *aparent, char *name, const void *termp, 1215 const void *winp) { 1216 ENSURE_MSAN_INITED(); 1217 InterceptorScope interceptor_scope; 1218 int res = REAL(forkpty)(aparent, name, termp, winp); 1219 if (res != -1) 1220 __msan_unpoison(aparent, sizeof(*aparent)); 1221 return res; 1222 } 1223 #define MSAN_MAYBE_INTERCEPT_FORKPTY INTERCEPT_FUNCTION(forkpty) 1224 #else 1225 #define MSAN_MAYBE_INTERCEPT_FORKPTY 1226 #endif 1227 1228 struct MSanInterceptorContext { 1229 bool in_interceptor_scope; 1230 }; 1231 1232 namespace __msan { 1233 1234 int OnExit() { 1235 // FIXME: ask frontend whether we need to return failure. 1236 return 0; 1237 } 1238 1239 } // namespace __msan 1240 1241 // A version of CHECK_UNPOISONED using a saved scope value. Used in common 1242 // interceptors. 1243 #define CHECK_UNPOISONED_CTX(ctx, x, n) \ 1244 do { \ 1245 if (!((MSanInterceptorContext *)ctx)->in_interceptor_scope) \ 1246 CHECK_UNPOISONED_0(x, n); \ 1247 } while (0) 1248 1249 #define MSAN_INTERCEPT_FUNC(name) \ 1250 do { \ 1251 if (!INTERCEPT_FUNCTION(name)) \ 1252 VReport(1, "MemorySanitizer: failed to intercept '%s'\n", #name); \ 1253 } while (0) 1254 1255 #define MSAN_INTERCEPT_FUNC_VER(name, ver) \ 1256 do { \ 1257 if (!INTERCEPT_FUNCTION_VER(name, ver)) \ 1258 VReport(1, "MemorySanitizer: failed to intercept '%s@@%s'\n", #name, \ 1259 #ver); \ 1260 } while (0) 1261 #define MSAN_INTERCEPT_FUNC_VER_UNVERSIONED_FALLBACK(name, ver) \ 1262 do { \ 1263 if (!INTERCEPT_FUNCTION_VER(name, ver) && !INTERCEPT_FUNCTION(name)) \ 1264 VReport(1, "MemorySanitizer: failed to intercept '%s@@%s' or '%s'\n", \ 1265 #name, #ver, #name); \ 1266 } while (0) 1267 1268 #define COMMON_INTERCEPT_FUNCTION(name) MSAN_INTERCEPT_FUNC(name) 1269 #define COMMON_INTERCEPT_FUNCTION_VER(name, ver) \ 1270 MSAN_INTERCEPT_FUNC_VER(name, ver) 1271 #define COMMON_INTERCEPT_FUNCTION_VER_UNVERSIONED_FALLBACK(name, ver) \ 1272 MSAN_INTERCEPT_FUNC_VER_UNVERSIONED_FALLBACK(name, ver) 1273 #define COMMON_INTERCEPTOR_UNPOISON_PARAM(count) \ 1274 UnpoisonParam(count) 1275 #define COMMON_INTERCEPTOR_WRITE_RANGE(ctx, ptr, size) \ 1276 __msan_unpoison(ptr, size) 1277 #define COMMON_INTERCEPTOR_READ_RANGE(ctx, ptr, size) \ 1278 CHECK_UNPOISONED_CTX(ctx, ptr, size) 1279 #define COMMON_INTERCEPTOR_INITIALIZE_RANGE(ptr, size) \ 1280 __msan_unpoison(ptr, size) 1281 #define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \ 1282 if (msan_init_is_running) return REAL(func)(__VA_ARGS__); \ 1283 ENSURE_MSAN_INITED(); \ 1284 MSanInterceptorContext msan_ctx = {IsInInterceptorScope()}; \ 1285 ctx = (void *)&msan_ctx; \ 1286 (void)ctx; \ 1287 InterceptorScope interceptor_scope; \ 1288 __msan_unpoison(__errno_location(), sizeof(int)); /* NOLINT */ 1289 #define COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path) \ 1290 do { \ 1291 } while (false) 1292 #define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \ 1293 do { \ 1294 } while (false) 1295 #define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \ 1296 do { \ 1297 } while (false) 1298 #define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \ 1299 do { \ 1300 } while (false) 1301 #define COMMON_INTERCEPTOR_SET_THREAD_NAME(ctx, name) \ 1302 do { \ 1303 } while (false) // FIXME 1304 #define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \ 1305 do { \ 1306 } while (false) // FIXME 1307 #define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name) 1308 #define COMMON_INTERCEPTOR_ON_EXIT(ctx) OnExit() 1309 #define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle) \ 1310 do { \ 1311 link_map *map = GET_LINK_MAP_BY_DLOPEN_HANDLE((handle)); \ 1312 if (filename && map) \ 1313 ForEachMappedRegion(map, __msan_unpoison); \ 1314 } while (false) 1315 1316 #define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED (!msan_inited) 1317 1318 #define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) \ 1319 if (MsanThread *t = GetCurrentThread()) { \ 1320 *begin = t->tls_begin(); \ 1321 *end = t->tls_end(); \ 1322 } else { \ 1323 *begin = *end = 0; \ 1324 } 1325 1326 #define COMMON_INTERCEPTOR_MEMSET_IMPL(ctx, block, c, size) \ 1327 { \ 1328 (void)ctx; \ 1329 return __msan_memset(block, c, size); \ 1330 } 1331 #define COMMON_INTERCEPTOR_MEMMOVE_IMPL(ctx, to, from, size) \ 1332 { \ 1333 (void)ctx; \ 1334 return __msan_memmove(to, from, size); \ 1335 } 1336 #define COMMON_INTERCEPTOR_MEMCPY_IMPL(ctx, to, from, size) \ 1337 { \ 1338 (void)ctx; \ 1339 return __msan_memcpy(to, from, size); \ 1340 } 1341 1342 #define COMMON_INTERCEPTOR_COPY_STRING(ctx, to, from, size) \ 1343 do { \ 1344 GET_STORE_STACK_TRACE; \ 1345 CopyShadowAndOrigin(to, from, size, &stack); \ 1346 __msan_unpoison(to + size, 1); \ 1347 } while (false) 1348 1349 #define COMMON_INTERCEPTOR_MMAP_IMPL(ctx, mmap, addr, length, prot, flags, fd, \ 1350 offset) \ 1351 do { \ 1352 return mmap_interceptor(REAL(mmap), addr, sz, prot, flags, fd, off); \ 1353 } while (false) 1354 1355 #include "sanitizer_common/sanitizer_platform_interceptors.h" 1356 #include "sanitizer_common/sanitizer_common_interceptors.inc" 1357 1358 static uptr signal_impl(int signo, uptr cb); 1359 static int sigaction_impl(int signo, const __sanitizer_sigaction *act, 1360 __sanitizer_sigaction *oldact); 1361 1362 #define SIGNAL_INTERCEPTOR_SIGACTION_IMPL(signo, act, oldact) \ 1363 { return sigaction_impl(signo, act, oldact); } 1364 1365 #define SIGNAL_INTERCEPTOR_SIGNAL_IMPL(func, signo, handler) \ 1366 { \ 1367 handler = signal_impl(signo, handler); \ 1368 InterceptorScope interceptor_scope; \ 1369 return REAL(func)(signo, handler); \ 1370 } 1371 1372 #include "sanitizer_common/sanitizer_signal_interceptors.inc" 1373 1374 static int sigaction_impl(int signo, const __sanitizer_sigaction *act, 1375 __sanitizer_sigaction *oldact) { 1376 ENSURE_MSAN_INITED(); 1377 if (signo <= 0 || signo >= kMaxSignals) { 1378 errno = errno_EINVAL; 1379 return -1; 1380 } 1381 if (act) read_sigaction(act); 1382 int res; 1383 if (flags()->wrap_signals) { 1384 SpinMutexLock lock(&sigactions_mu); 1385 uptr old_cb = atomic_load(&sigactions[signo], memory_order_relaxed); 1386 __sanitizer_sigaction new_act; 1387 __sanitizer_sigaction *pnew_act = act ? &new_act : nullptr; 1388 if (act) { 1389 REAL(memcpy)(pnew_act, act, sizeof(__sanitizer_sigaction)); 1390 uptr cb = (uptr)pnew_act->sigaction; 1391 uptr new_cb = (pnew_act->sa_flags & __sanitizer::sa_siginfo) 1392 ? (uptr)SignalAction 1393 : (uptr)SignalHandler; 1394 if (cb != __sanitizer::sig_ign && cb != __sanitizer::sig_dfl) { 1395 atomic_store(&sigactions[signo], cb, memory_order_relaxed); 1396 pnew_act->sigaction = (decltype(pnew_act->sigaction))new_cb; 1397 } 1398 } 1399 res = REAL(SIGACTION_SYMNAME)(signo, pnew_act, oldact); 1400 if (res == 0 && oldact) { 1401 uptr cb = (uptr)oldact->sigaction; 1402 if (cb == (uptr)SignalAction || cb == (uptr)SignalHandler) { 1403 oldact->sigaction = (decltype(oldact->sigaction))old_cb; 1404 } 1405 } 1406 } else { 1407 res = REAL(SIGACTION_SYMNAME)(signo, act, oldact); 1408 } 1409 1410 if (res == 0 && oldact) { 1411 __msan_unpoison(oldact, sizeof(__sanitizer_sigaction)); 1412 } 1413 return res; 1414 } 1415 1416 static uptr signal_impl(int signo, uptr cb) { 1417 ENSURE_MSAN_INITED(); 1418 if (signo <= 0 || signo >= kMaxSignals) { 1419 errno = errno_EINVAL; 1420 return -1; 1421 } 1422 if (flags()->wrap_signals) { 1423 SpinMutexLock lock(&sigactions_mu); 1424 if (cb != __sanitizer::sig_ign && cb != __sanitizer::sig_dfl) { 1425 atomic_store(&sigactions[signo], cb, memory_order_relaxed); 1426 cb = (uptr)&SignalHandler; 1427 } 1428 } 1429 return cb; 1430 } 1431 1432 #define COMMON_SYSCALL_PRE_READ_RANGE(p, s) CHECK_UNPOISONED(p, s) 1433 #define COMMON_SYSCALL_PRE_WRITE_RANGE(p, s) \ 1434 do { \ 1435 } while (false) 1436 #define COMMON_SYSCALL_POST_READ_RANGE(p, s) \ 1437 do { \ 1438 } while (false) 1439 #define COMMON_SYSCALL_POST_WRITE_RANGE(p, s) __msan_unpoison(p, s) 1440 #include "sanitizer_common/sanitizer_common_syscalls.inc" 1441 #include "sanitizer_common/sanitizer_syscalls_netbsd.inc" 1442 1443 struct dlinfo { 1444 char *dli_fname; 1445 void *dli_fbase; 1446 char *dli_sname; 1447 void *dli_saddr; 1448 }; 1449 1450 INTERCEPTOR(int, dladdr, void *addr, dlinfo *info) { 1451 void *ctx; 1452 COMMON_INTERCEPTOR_ENTER(ctx, dladdr, addr, info); 1453 int res = REAL(dladdr)(addr, info); 1454 if (res != 0) { 1455 __msan_unpoison(info, sizeof(*info)); 1456 if (info->dli_fname) 1457 __msan_unpoison(info->dli_fname, REAL(strlen)(info->dli_fname) + 1); 1458 if (info->dli_sname) 1459 __msan_unpoison(info->dli_sname, REAL(strlen)(info->dli_sname) + 1); 1460 } 1461 return res; 1462 } 1463 1464 INTERCEPTOR(char *, dlerror, int fake) { 1465 void *ctx; 1466 COMMON_INTERCEPTOR_ENTER(ctx, dlerror, fake); 1467 char *res = REAL(dlerror)(fake); 1468 if (res) __msan_unpoison(res, REAL(strlen)(res) + 1); 1469 return res; 1470 } 1471 1472 typedef int (*dl_iterate_phdr_cb)(__sanitizer_dl_phdr_info *info, SIZE_T size, 1473 void *data); 1474 struct dl_iterate_phdr_data { 1475 dl_iterate_phdr_cb callback; 1476 void *data; 1477 }; 1478 1479 static int msan_dl_iterate_phdr_cb(__sanitizer_dl_phdr_info *info, SIZE_T size, 1480 void *data) { 1481 if (info) { 1482 __msan_unpoison(info, size); 1483 if (info->dlpi_phdr && info->dlpi_phnum) 1484 __msan_unpoison(info->dlpi_phdr, struct_ElfW_Phdr_sz * info->dlpi_phnum); 1485 if (info->dlpi_name) 1486 __msan_unpoison(info->dlpi_name, REAL(strlen)(info->dlpi_name) + 1); 1487 } 1488 dl_iterate_phdr_data *cbdata = (dl_iterate_phdr_data *)data; 1489 UnpoisonParam(3); 1490 return cbdata->callback(info, size, cbdata->data); 1491 } 1492 1493 INTERCEPTOR(void *, shmat, int shmid, const void *shmaddr, int shmflg) { 1494 ENSURE_MSAN_INITED(); 1495 void *p = REAL(shmat)(shmid, shmaddr, shmflg); 1496 if (p != (void *)-1) { 1497 __sanitizer_shmid_ds ds; 1498 int res = REAL(shmctl)(shmid, shmctl_ipc_stat, &ds); 1499 if (!res) { 1500 __msan_unpoison(p, ds.shm_segsz); 1501 } 1502 } 1503 return p; 1504 } 1505 1506 INTERCEPTOR(int, dl_iterate_phdr, dl_iterate_phdr_cb callback, void *data) { 1507 void *ctx; 1508 COMMON_INTERCEPTOR_ENTER(ctx, dl_iterate_phdr, callback, data); 1509 dl_iterate_phdr_data cbdata; 1510 cbdata.callback = callback; 1511 cbdata.data = data; 1512 int res = REAL(dl_iterate_phdr)(msan_dl_iterate_phdr_cb, (void *)&cbdata); 1513 return res; 1514 } 1515 1516 // wchar_t *wcschr(const wchar_t *wcs, wchar_t wc); 1517 INTERCEPTOR(wchar_t *, wcschr, void *s, wchar_t wc, void *ps) { 1518 ENSURE_MSAN_INITED(); 1519 wchar_t *res = REAL(wcschr)(s, wc, ps); 1520 return res; 1521 } 1522 1523 // wchar_t *wcscpy(wchar_t *dest, const wchar_t *src); 1524 INTERCEPTOR(wchar_t *, wcscpy, wchar_t *dest, const wchar_t *src) { 1525 ENSURE_MSAN_INITED(); 1526 GET_STORE_STACK_TRACE; 1527 wchar_t *res = REAL(wcscpy)(dest, src); 1528 CopyShadowAndOrigin(dest, src, sizeof(wchar_t) * (REAL(wcslen)(src) + 1), 1529 &stack); 1530 return res; 1531 } 1532 1533 INTERCEPTOR(wchar_t *, wcsncpy, wchar_t *dest, const wchar_t *src, SIZE_T n) { 1534 ENSURE_MSAN_INITED(); 1535 GET_STORE_STACK_TRACE; 1536 SIZE_T copy_size = REAL(wcsnlen)(src, n); 1537 if (copy_size < n) copy_size++; // trailing \0 1538 wchar_t *res = REAL(wcsncpy)(dest, src, n); 1539 CopyShadowAndOrigin(dest, src, copy_size * sizeof(wchar_t), &stack); 1540 __msan_unpoison(dest + copy_size, (n - copy_size) * sizeof(wchar_t)); 1541 return res; 1542 } 1543 1544 // These interface functions reside here so that they can use 1545 // REAL(memset), etc. 1546 void __msan_unpoison(const void *a, uptr size) { 1547 if (!MEM_IS_APP(a)) return; 1548 SetShadow(a, size, 0); 1549 } 1550 1551 void __msan_poison(const void *a, uptr size) { 1552 if (!MEM_IS_APP(a)) return; 1553 SetShadow(a, size, __msan::flags()->poison_heap_with_zeroes ? 0 : -1); 1554 } 1555 1556 void __msan_poison_stack(void *a, uptr size) { 1557 if (!MEM_IS_APP(a)) return; 1558 SetShadow(a, size, __msan::flags()->poison_stack_with_zeroes ? 0 : -1); 1559 } 1560 1561 void __msan_unpoison_param(uptr n) { UnpoisonParam(n); } 1562 1563 void __msan_clear_and_unpoison(void *a, uptr size) { 1564 REAL(memset)(a, 0, size); 1565 SetShadow(a, size, 0); 1566 } 1567 1568 void *__msan_memcpy(void *dest, const void *src, SIZE_T n) { 1569 if (!msan_inited) return internal_memcpy(dest, src, n); 1570 if (msan_init_is_running || __msan::IsInSymbolizer()) 1571 return REAL(memcpy)(dest, src, n); 1572 ENSURE_MSAN_INITED(); 1573 GET_STORE_STACK_TRACE; 1574 void *res = REAL(memcpy)(dest, src, n); 1575 CopyShadowAndOrigin(dest, src, n, &stack); 1576 return res; 1577 } 1578 1579 void *__msan_memset(void *s, int c, SIZE_T n) { 1580 if (!msan_inited) return internal_memset(s, c, n); 1581 if (msan_init_is_running) return REAL(memset)(s, c, n); 1582 ENSURE_MSAN_INITED(); 1583 void *res = REAL(memset)(s, c, n); 1584 __msan_unpoison(s, n); 1585 return res; 1586 } 1587 1588 void *__msan_memmove(void *dest, const void *src, SIZE_T n) { 1589 if (!msan_inited) return internal_memmove(dest, src, n); 1590 if (msan_init_is_running) return REAL(memmove)(dest, src, n); 1591 ENSURE_MSAN_INITED(); 1592 GET_STORE_STACK_TRACE; 1593 void *res = REAL(memmove)(dest, src, n); 1594 MoveShadowAndOrigin(dest, src, n, &stack); 1595 return res; 1596 } 1597 1598 void __msan_unpoison_string(const char* s) { 1599 if (!MEM_IS_APP(s)) return; 1600 __msan_unpoison(s, REAL(strlen)(s) + 1); 1601 } 1602 1603 namespace __msan { 1604 1605 void InitializeInterceptors() { 1606 static int inited = 0; 1607 CHECK_EQ(inited, 0); 1608 1609 new(interceptor_ctx()) InterceptorContext(); 1610 1611 InitializeCommonInterceptors(); 1612 InitializeSignalInterceptors(); 1613 1614 INTERCEPT_FUNCTION(posix_memalign); 1615 MSAN_MAYBE_INTERCEPT_MEMALIGN; 1616 MSAN_MAYBE_INTERCEPT___LIBC_MEMALIGN; 1617 INTERCEPT_FUNCTION(valloc); 1618 MSAN_MAYBE_INTERCEPT_PVALLOC; 1619 INTERCEPT_FUNCTION(malloc); 1620 INTERCEPT_FUNCTION(calloc); 1621 INTERCEPT_FUNCTION(realloc); 1622 INTERCEPT_FUNCTION(reallocarray); 1623 INTERCEPT_FUNCTION(free); 1624 MSAN_MAYBE_INTERCEPT_CFREE; 1625 MSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE; 1626 MSAN_MAYBE_INTERCEPT_MALLINFO; 1627 MSAN_MAYBE_INTERCEPT_MALLOPT; 1628 MSAN_MAYBE_INTERCEPT_MALLOC_STATS; 1629 INTERCEPT_FUNCTION(fread); 1630 MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED; 1631 INTERCEPT_FUNCTION(memccpy); 1632 MSAN_MAYBE_INTERCEPT_MEMPCPY; 1633 INTERCEPT_FUNCTION(bcopy); 1634 INTERCEPT_FUNCTION(wmemset); 1635 INTERCEPT_FUNCTION(wmemcpy); 1636 MSAN_MAYBE_INTERCEPT_WMEMPCPY; 1637 INTERCEPT_FUNCTION(wmemmove); 1638 INTERCEPT_FUNCTION(strcpy); 1639 MSAN_MAYBE_INTERCEPT_STPCPY; 1640 INTERCEPT_FUNCTION(strdup); 1641 MSAN_MAYBE_INTERCEPT___STRDUP; 1642 INTERCEPT_FUNCTION(strncpy); 1643 MSAN_MAYBE_INTERCEPT_GCVT; 1644 INTERCEPT_FUNCTION(strcat); 1645 INTERCEPT_FUNCTION(strncat); 1646 INTERCEPT_STRTO(strtod); 1647 INTERCEPT_STRTO(strtof); 1648 INTERCEPT_STRTO(strtold); 1649 INTERCEPT_STRTO(strtol); 1650 INTERCEPT_STRTO(strtoul); 1651 INTERCEPT_STRTO(strtoll); 1652 INTERCEPT_STRTO(strtoull); 1653 INTERCEPT_STRTO(strtouq); 1654 INTERCEPT_STRTO(wcstod); 1655 INTERCEPT_STRTO(wcstof); 1656 INTERCEPT_STRTO(wcstold); 1657 INTERCEPT_STRTO(wcstol); 1658 INTERCEPT_STRTO(wcstoul); 1659 INTERCEPT_STRTO(wcstoll); 1660 INTERCEPT_STRTO(wcstoull); 1661 #ifdef SANITIZER_NLDBL_VERSION 1662 INTERCEPT_FUNCTION_VER(vswprintf, SANITIZER_NLDBL_VERSION); 1663 INTERCEPT_FUNCTION_VER(swprintf, SANITIZER_NLDBL_VERSION); 1664 #else 1665 INTERCEPT_FUNCTION(vswprintf); 1666 INTERCEPT_FUNCTION(swprintf); 1667 #endif 1668 INTERCEPT_FUNCTION(strftime); 1669 INTERCEPT_FUNCTION(strftime_l); 1670 MSAN_MAYBE_INTERCEPT___STRFTIME_L; 1671 INTERCEPT_FUNCTION(wcsftime); 1672 INTERCEPT_FUNCTION(wcsftime_l); 1673 MSAN_MAYBE_INTERCEPT___WCSFTIME_L; 1674 INTERCEPT_FUNCTION(mbtowc); 1675 INTERCEPT_FUNCTION(mbrtowc); 1676 INTERCEPT_FUNCTION(wcslen); 1677 INTERCEPT_FUNCTION(wcsnlen); 1678 INTERCEPT_FUNCTION(wcschr); 1679 INTERCEPT_FUNCTION(wcscpy); 1680 INTERCEPT_FUNCTION(wcsncpy); 1681 INTERCEPT_FUNCTION(wcscmp); 1682 INTERCEPT_FUNCTION(getenv); 1683 INTERCEPT_FUNCTION(setenv); 1684 INTERCEPT_FUNCTION(putenv); 1685 INTERCEPT_FUNCTION(gettimeofday); 1686 MSAN_MAYBE_INTERCEPT_FCVT; 1687 MSAN_MAYBE_INTERCEPT_FSTAT; 1688 MSAN_MAYBE_INTERCEPT___FXSTAT; 1689 MSAN_INTERCEPT_FSTATAT; 1690 MSAN_MAYBE_INTERCEPT___FXSTAT64; 1691 MSAN_MAYBE_INTERCEPT___FXSTATAT64; 1692 INTERCEPT_FUNCTION(pipe); 1693 INTERCEPT_FUNCTION(pipe2); 1694 INTERCEPT_FUNCTION(socketpair); 1695 MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED; 1696 INTERCEPT_FUNCTION(getrlimit); 1697 MSAN_MAYBE_INTERCEPT___GETRLIMIT; 1698 MSAN_MAYBE_INTERCEPT_GETRLIMIT64; 1699 MSAN_MAYBE_INTERCEPT_PRLIMIT; 1700 MSAN_MAYBE_INTERCEPT_PRLIMIT64; 1701 INTERCEPT_FUNCTION(gethostname); 1702 MSAN_MAYBE_INTERCEPT_EPOLL_WAIT; 1703 MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT; 1704 INTERCEPT_FUNCTION(dladdr); 1705 INTERCEPT_FUNCTION(dlerror); 1706 INTERCEPT_FUNCTION(dl_iterate_phdr); 1707 INTERCEPT_FUNCTION(getrusage); 1708 #if defined(__mips__) 1709 INTERCEPT_FUNCTION_VER(pthread_create, "GLIBC_2.2"); 1710 #else 1711 INTERCEPT_FUNCTION(pthread_create); 1712 #endif 1713 INTERCEPT_FUNCTION(pthread_key_create); 1714 1715 #if SANITIZER_NETBSD 1716 INTERCEPT_FUNCTION(__libc_thr_keycreate); 1717 #endif 1718 1719 INTERCEPT_FUNCTION(pthread_join); 1720 INTERCEPT_FUNCTION(tzset); 1721 INTERCEPT_FUNCTION(atexit); 1722 INTERCEPT_FUNCTION(__cxa_atexit); 1723 INTERCEPT_FUNCTION(shmat); 1724 INTERCEPT_FUNCTION(fork); 1725 MSAN_MAYBE_INTERCEPT_OPENPTY; 1726 MSAN_MAYBE_INTERCEPT_FORKPTY; 1727 1728 inited = 1; 1729 } 1730 } // namespace __msan 1731