1 //===-- msan_interceptors.cpp ---------------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file is a part of MemorySanitizer. 10 // 11 // Interceptors for standard library functions. 12 // 13 // FIXME: move as many interceptors as possible into 14 // sanitizer_common/sanitizer_common_interceptors.h 15 //===----------------------------------------------------------------------===// 16 17 #include "interception/interception.h" 18 #include "msan.h" 19 #include "msan_chained_origin_depot.h" 20 #include "msan_origin.h" 21 #include "msan_report.h" 22 #include "msan_thread.h" 23 #include "msan_poisoning.h" 24 #include "sanitizer_common/sanitizer_platform_limits_posix.h" 25 #include "sanitizer_common/sanitizer_platform_limits_netbsd.h" 26 #include "sanitizer_common/sanitizer_allocator.h" 27 #include "sanitizer_common/sanitizer_allocator_interface.h" 28 #include "sanitizer_common/sanitizer_allocator_internal.h" 29 #include "sanitizer_common/sanitizer_atomic.h" 30 #include "sanitizer_common/sanitizer_common.h" 31 #include "sanitizer_common/sanitizer_errno.h" 32 #include "sanitizer_common/sanitizer_stackdepot.h" 33 #include "sanitizer_common/sanitizer_libc.h" 34 #include "sanitizer_common/sanitizer_linux.h" 35 #include "sanitizer_common/sanitizer_tls_get_addr.h" 36 #include "sanitizer_common/sanitizer_vector.h" 37 38 #if SANITIZER_NETBSD 39 #define fstat __fstat50 40 #define gettimeofday __gettimeofday50 41 #define getrusage __getrusage50 42 #define tzset __tzset50 43 #endif 44 45 #include <stdarg.h> 46 // ACHTUNG! No other system header includes in this file. 47 // Ideally, we should get rid of stdarg.h as well. 48 49 using namespace __msan; 50 51 using __sanitizer::memory_order; 52 using __sanitizer::atomic_load; 53 using __sanitizer::atomic_store; 54 using __sanitizer::atomic_uintptr_t; 55 56 DECLARE_REAL(SIZE_T, strlen, const char *s) 57 DECLARE_REAL(SIZE_T, strnlen, const char *s, SIZE_T maxlen) 58 DECLARE_REAL(void *, memcpy, void *dest, const void *src, uptr n) 59 DECLARE_REAL(void *, memset, void *dest, int c, uptr n) 60 61 // True if this is a nested interceptor. 62 static THREADLOCAL int in_interceptor_scope; 63 64 void __msan_scoped_disable_interceptor_checks() { ++in_interceptor_scope; } 65 void __msan_scoped_enable_interceptor_checks() { --in_interceptor_scope; } 66 67 struct InterceptorScope { 68 InterceptorScope() { ++in_interceptor_scope; } 69 ~InterceptorScope() { --in_interceptor_scope; } 70 }; 71 72 bool IsInInterceptorScope() { 73 return in_interceptor_scope; 74 } 75 76 static uptr allocated_for_dlsym; 77 static const uptr kDlsymAllocPoolSize = 1024; 78 static uptr alloc_memory_for_dlsym[kDlsymAllocPoolSize]; 79 80 static bool IsInDlsymAllocPool(const void *ptr) { 81 uptr off = (uptr)ptr - (uptr)alloc_memory_for_dlsym; 82 return off < sizeof(alloc_memory_for_dlsym); 83 } 84 85 static void *AllocateFromLocalPool(uptr size_in_bytes) { 86 uptr size_in_words = RoundUpTo(size_in_bytes, kWordSize) / kWordSize; 87 void *mem = (void *)&alloc_memory_for_dlsym[allocated_for_dlsym]; 88 allocated_for_dlsym += size_in_words; 89 CHECK_LT(allocated_for_dlsym, kDlsymAllocPoolSize); 90 return mem; 91 } 92 93 #define ENSURE_MSAN_INITED() do { \ 94 CHECK(!msan_init_is_running); \ 95 if (!msan_inited) { \ 96 __msan_init(); \ 97 } \ 98 } while (0) 99 100 // Check that [x, x+n) range is unpoisoned. 101 #define CHECK_UNPOISONED_0(x, n) \ 102 do { \ 103 sptr __offset = __msan_test_shadow(x, n); \ 104 if (__msan::IsInSymbolizer()) break; \ 105 if (__offset >= 0 && __msan::flags()->report_umrs) { \ 106 GET_CALLER_PC_BP_SP; \ 107 (void)sp; \ 108 ReportUMRInsideAddressRange(__func__, x, n, __offset); \ 109 __msan::PrintWarningWithOrigin( \ 110 pc, bp, __msan_get_origin((const char *)x + __offset)); \ 111 if (__msan::flags()->halt_on_error) { \ 112 Printf("Exiting\n"); \ 113 Die(); \ 114 } \ 115 } \ 116 } while (0) 117 118 // Check that [x, x+n) range is unpoisoned unless we are in a nested 119 // interceptor. 120 #define CHECK_UNPOISONED(x, n) \ 121 do { \ 122 if (!IsInInterceptorScope()) CHECK_UNPOISONED_0(x, n); \ 123 } while (0) 124 125 #define CHECK_UNPOISONED_STRING_OF_LEN(x, len, n) \ 126 CHECK_UNPOISONED((x), \ 127 common_flags()->strict_string_checks ? (len) + 1 : (n) ) 128 129 #define CHECK_UNPOISONED_STRING(x, n) \ 130 CHECK_UNPOISONED_STRING_OF_LEN((x), internal_strlen(x), (n)) 131 132 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 133 INTERCEPTOR(SIZE_T, fread_unlocked, void *ptr, SIZE_T size, SIZE_T nmemb, 134 void *file) { 135 ENSURE_MSAN_INITED(); 136 SIZE_T res = REAL(fread_unlocked)(ptr, size, nmemb, file); 137 if (res > 0) 138 __msan_unpoison(ptr, res *size); 139 return res; 140 } 141 #define MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED INTERCEPT_FUNCTION(fread_unlocked) 142 #else 143 #define MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED 144 #endif 145 146 #if !SANITIZER_NETBSD 147 INTERCEPTOR(void *, mempcpy, void *dest, const void *src, SIZE_T n) { 148 return (char *)__msan_memcpy(dest, src, n) + n; 149 } 150 #define MSAN_MAYBE_INTERCEPT_MEMPCPY INTERCEPT_FUNCTION(mempcpy) 151 #else 152 #define MSAN_MAYBE_INTERCEPT_MEMPCPY 153 #endif 154 155 INTERCEPTOR(void *, memccpy, void *dest, const void *src, int c, SIZE_T n) { 156 ENSURE_MSAN_INITED(); 157 void *res = REAL(memccpy)(dest, src, c, n); 158 CHECK(!res || (res >= dest && res <= (char *)dest + n)); 159 SIZE_T sz = res ? (char *)res - (char *)dest : n; 160 CHECK_UNPOISONED(src, sz); 161 __msan_unpoison(dest, sz); 162 return res; 163 } 164 165 INTERCEPTOR(void *, bcopy, const void *src, void *dest, SIZE_T n) { 166 return __msan_memmove(dest, src, n); 167 } 168 169 INTERCEPTOR(int, posix_memalign, void **memptr, SIZE_T alignment, SIZE_T size) { 170 GET_MALLOC_STACK_TRACE; 171 CHECK_NE(memptr, 0); 172 int res = msan_posix_memalign(memptr, alignment, size, &stack); 173 if (!res) 174 __msan_unpoison(memptr, sizeof(*memptr)); 175 return res; 176 } 177 178 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 179 INTERCEPTOR(void *, memalign, SIZE_T alignment, SIZE_T size) { 180 GET_MALLOC_STACK_TRACE; 181 return msan_memalign(alignment, size, &stack); 182 } 183 #define MSAN_MAYBE_INTERCEPT_MEMALIGN INTERCEPT_FUNCTION(memalign) 184 #else 185 #define MSAN_MAYBE_INTERCEPT_MEMALIGN 186 #endif 187 188 INTERCEPTOR(void *, aligned_alloc, SIZE_T alignment, SIZE_T size) { 189 GET_MALLOC_STACK_TRACE; 190 return msan_aligned_alloc(alignment, size, &stack); 191 } 192 193 #if !SANITIZER_NETBSD 194 INTERCEPTOR(void *, __libc_memalign, SIZE_T alignment, SIZE_T size) { 195 GET_MALLOC_STACK_TRACE; 196 void *ptr = msan_memalign(alignment, size, &stack); 197 if (ptr) 198 DTLS_on_libc_memalign(ptr, size); 199 return ptr; 200 } 201 #define MSAN_MAYBE_INTERCEPT___LIBC_MEMALIGN INTERCEPT_FUNCTION(__libc_memalign) 202 #else 203 #define MSAN_MAYBE_INTERCEPT___LIBC_MEMALIGN 204 #endif 205 206 INTERCEPTOR(void *, valloc, SIZE_T size) { 207 GET_MALLOC_STACK_TRACE; 208 return msan_valloc(size, &stack); 209 } 210 211 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 212 INTERCEPTOR(void *, pvalloc, SIZE_T size) { 213 GET_MALLOC_STACK_TRACE; 214 return msan_pvalloc(size, &stack); 215 } 216 #define MSAN_MAYBE_INTERCEPT_PVALLOC INTERCEPT_FUNCTION(pvalloc) 217 #else 218 #define MSAN_MAYBE_INTERCEPT_PVALLOC 219 #endif 220 221 INTERCEPTOR(void, free, void *ptr) { 222 GET_MALLOC_STACK_TRACE; 223 if (!ptr || UNLIKELY(IsInDlsymAllocPool(ptr))) return; 224 MsanDeallocate(&stack, ptr); 225 } 226 227 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 228 INTERCEPTOR(void, cfree, void *ptr) { 229 GET_MALLOC_STACK_TRACE; 230 if (!ptr || UNLIKELY(IsInDlsymAllocPool(ptr))) return; 231 MsanDeallocate(&stack, ptr); 232 } 233 #define MSAN_MAYBE_INTERCEPT_CFREE INTERCEPT_FUNCTION(cfree) 234 #else 235 #define MSAN_MAYBE_INTERCEPT_CFREE 236 #endif 237 238 #if !SANITIZER_NETBSD 239 INTERCEPTOR(uptr, malloc_usable_size, void *ptr) { 240 return __sanitizer_get_allocated_size(ptr); 241 } 242 #define MSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE \ 243 INTERCEPT_FUNCTION(malloc_usable_size) 244 #else 245 #define MSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE 246 #endif 247 248 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 249 // This function actually returns a struct by value, but we can't unpoison a 250 // temporary! The following is equivalent on all supported platforms but 251 // aarch64 (which uses a different register for sret value). We have a test 252 // to confirm that. 253 INTERCEPTOR(void, mallinfo, __sanitizer_struct_mallinfo *sret) { 254 #ifdef __aarch64__ 255 uptr r8; 256 asm volatile("mov %0,x8" : "=r" (r8)); 257 sret = reinterpret_cast<__sanitizer_struct_mallinfo*>(r8); 258 #endif 259 REAL(memset)(sret, 0, sizeof(*sret)); 260 __msan_unpoison(sret, sizeof(*sret)); 261 } 262 #define MSAN_MAYBE_INTERCEPT_MALLINFO INTERCEPT_FUNCTION(mallinfo) 263 #else 264 #define MSAN_MAYBE_INTERCEPT_MALLINFO 265 #endif 266 267 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 268 INTERCEPTOR(int, mallopt, int cmd, int value) { 269 return 0; 270 } 271 #define MSAN_MAYBE_INTERCEPT_MALLOPT INTERCEPT_FUNCTION(mallopt) 272 #else 273 #define MSAN_MAYBE_INTERCEPT_MALLOPT 274 #endif 275 276 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 277 INTERCEPTOR(void, malloc_stats, void) { 278 // FIXME: implement, but don't call REAL(malloc_stats)! 279 } 280 #define MSAN_MAYBE_INTERCEPT_MALLOC_STATS INTERCEPT_FUNCTION(malloc_stats) 281 #else 282 #define MSAN_MAYBE_INTERCEPT_MALLOC_STATS 283 #endif 284 285 INTERCEPTOR(char *, strcpy, char *dest, const char *src) { 286 ENSURE_MSAN_INITED(); 287 GET_STORE_STACK_TRACE; 288 SIZE_T n = REAL(strlen)(src); 289 CHECK_UNPOISONED_STRING(src + n, 0); 290 char *res = REAL(strcpy)(dest, src); 291 CopyShadowAndOrigin(dest, src, n + 1, &stack); 292 return res; 293 } 294 295 INTERCEPTOR(char *, strncpy, char *dest, const char *src, SIZE_T n) { 296 ENSURE_MSAN_INITED(); 297 GET_STORE_STACK_TRACE; 298 SIZE_T copy_size = REAL(strnlen)(src, n); 299 if (copy_size < n) 300 copy_size++; // trailing \0 301 char *res = REAL(strncpy)(dest, src, n); 302 CopyShadowAndOrigin(dest, src, copy_size, &stack); 303 __msan_unpoison(dest + copy_size, n - copy_size); 304 return res; 305 } 306 307 #if !SANITIZER_NETBSD 308 INTERCEPTOR(char *, stpcpy, char *dest, const char *src) { 309 ENSURE_MSAN_INITED(); 310 GET_STORE_STACK_TRACE; 311 SIZE_T n = REAL(strlen)(src); 312 CHECK_UNPOISONED_STRING(src + n, 0); 313 char *res = REAL(stpcpy)(dest, src); 314 CopyShadowAndOrigin(dest, src, n + 1, &stack); 315 return res; 316 } 317 #define MSAN_MAYBE_INTERCEPT_STPCPY INTERCEPT_FUNCTION(stpcpy) 318 #else 319 #define MSAN_MAYBE_INTERCEPT_STPCPY 320 #endif 321 322 INTERCEPTOR(char *, strdup, char *src) { 323 ENSURE_MSAN_INITED(); 324 GET_STORE_STACK_TRACE; 325 // On FreeBSD strdup() leverages strlen(). 326 InterceptorScope interceptor_scope; 327 SIZE_T n = REAL(strlen)(src); 328 CHECK_UNPOISONED_STRING(src + n, 0); 329 char *res = REAL(strdup)(src); 330 CopyShadowAndOrigin(res, src, n + 1, &stack); 331 return res; 332 } 333 334 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 335 INTERCEPTOR(char *, __strdup, char *src) { 336 ENSURE_MSAN_INITED(); 337 GET_STORE_STACK_TRACE; 338 SIZE_T n = REAL(strlen)(src); 339 CHECK_UNPOISONED_STRING(src + n, 0); 340 char *res = REAL(__strdup)(src); 341 CopyShadowAndOrigin(res, src, n + 1, &stack); 342 return res; 343 } 344 #define MSAN_MAYBE_INTERCEPT___STRDUP INTERCEPT_FUNCTION(__strdup) 345 #else 346 #define MSAN_MAYBE_INTERCEPT___STRDUP 347 #endif 348 349 #if !SANITIZER_NETBSD 350 INTERCEPTOR(char *, gcvt, double number, SIZE_T ndigit, char *buf) { 351 ENSURE_MSAN_INITED(); 352 char *res = REAL(gcvt)(number, ndigit, buf); 353 SIZE_T n = REAL(strlen)(buf); 354 __msan_unpoison(buf, n + 1); 355 return res; 356 } 357 #define MSAN_MAYBE_INTERCEPT_GCVT INTERCEPT_FUNCTION(gcvt) 358 #else 359 #define MSAN_MAYBE_INTERCEPT_GCVT 360 #endif 361 362 INTERCEPTOR(char *, strcat, char *dest, const char *src) { 363 ENSURE_MSAN_INITED(); 364 GET_STORE_STACK_TRACE; 365 SIZE_T src_size = REAL(strlen)(src); 366 SIZE_T dest_size = REAL(strlen)(dest); 367 CHECK_UNPOISONED_STRING(src + src_size, 0); 368 CHECK_UNPOISONED_STRING(dest + dest_size, 0); 369 char *res = REAL(strcat)(dest, src); 370 CopyShadowAndOrigin(dest + dest_size, src, src_size + 1, &stack); 371 return res; 372 } 373 374 INTERCEPTOR(char *, strncat, char *dest, const char *src, SIZE_T n) { 375 ENSURE_MSAN_INITED(); 376 GET_STORE_STACK_TRACE; 377 SIZE_T dest_size = REAL(strlen)(dest); 378 SIZE_T copy_size = REAL(strnlen)(src, n); 379 CHECK_UNPOISONED_STRING(dest + dest_size, 0); 380 char *res = REAL(strncat)(dest, src, n); 381 CopyShadowAndOrigin(dest + dest_size, src, copy_size, &stack); 382 __msan_unpoison(dest + dest_size + copy_size, 1); // \0 383 return res; 384 } 385 386 // Hack: always pass nptr and endptr as part of __VA_ARGS_ to avoid having to 387 // deal with empty __VA_ARGS__ in the case of INTERCEPTOR_STRTO. 388 #define INTERCEPTOR_STRTO_BODY(ret_type, func, ...) \ 389 ENSURE_MSAN_INITED(); \ 390 ret_type res = REAL(func)(__VA_ARGS__); \ 391 __msan_unpoison(endptr, sizeof(*endptr)); \ 392 return res; 393 394 #define INTERCEPTOR_STRTO(ret_type, func, char_type) \ 395 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr) { \ 396 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr); \ 397 } 398 399 #define INTERCEPTOR_STRTO_BASE(ret_type, func, char_type) \ 400 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr, \ 401 int base) { \ 402 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr, base); \ 403 } 404 405 #define INTERCEPTOR_STRTO_LOC(ret_type, func, char_type) \ 406 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr, \ 407 void *loc) { \ 408 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr, loc); \ 409 } 410 411 #define INTERCEPTOR_STRTO_BASE_LOC(ret_type, func, char_type) \ 412 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr, \ 413 int base, void *loc) { \ 414 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr, base, loc); \ 415 } 416 417 #if SANITIZER_NETBSD 418 #define INTERCEPTORS_STRTO(ret_type, func, char_type) \ 419 INTERCEPTOR_STRTO(ret_type, func, char_type) \ 420 INTERCEPTOR_STRTO_LOC(ret_type, func##_l, char_type) 421 422 #define INTERCEPTORS_STRTO_BASE(ret_type, func, char_type) \ 423 INTERCEPTOR_STRTO_BASE(ret_type, func, char_type) \ 424 INTERCEPTOR_STRTO_BASE_LOC(ret_type, func##_l, char_type) 425 426 #else 427 #define INTERCEPTORS_STRTO(ret_type, func, char_type) \ 428 INTERCEPTOR_STRTO(ret_type, func, char_type) \ 429 INTERCEPTOR_STRTO_LOC(ret_type, func##_l, char_type) \ 430 INTERCEPTOR_STRTO_LOC(ret_type, __##func##_l, char_type) \ 431 INTERCEPTOR_STRTO_LOC(ret_type, __##func##_internal, char_type) 432 433 #define INTERCEPTORS_STRTO_BASE(ret_type, func, char_type) \ 434 INTERCEPTOR_STRTO_BASE(ret_type, func, char_type) \ 435 INTERCEPTOR_STRTO_BASE_LOC(ret_type, func##_l, char_type) \ 436 INTERCEPTOR_STRTO_BASE_LOC(ret_type, __##func##_l, char_type) \ 437 INTERCEPTOR_STRTO_BASE_LOC(ret_type, __##func##_internal, char_type) 438 #endif 439 440 INTERCEPTORS_STRTO(double, strtod, char) 441 INTERCEPTORS_STRTO(float, strtof, char) 442 INTERCEPTORS_STRTO(long double, strtold, char) 443 INTERCEPTORS_STRTO_BASE(long, strtol, char) 444 INTERCEPTORS_STRTO_BASE(long long, strtoll, char) 445 INTERCEPTORS_STRTO_BASE(unsigned long, strtoul, char) 446 INTERCEPTORS_STRTO_BASE(unsigned long long, strtoull, char) 447 INTERCEPTORS_STRTO_BASE(u64, strtouq, char) 448 449 INTERCEPTORS_STRTO(double, wcstod, wchar_t) 450 INTERCEPTORS_STRTO(float, wcstof, wchar_t) 451 INTERCEPTORS_STRTO(long double, wcstold, wchar_t) 452 INTERCEPTORS_STRTO_BASE(long, wcstol, wchar_t) 453 INTERCEPTORS_STRTO_BASE(long long, wcstoll, wchar_t) 454 INTERCEPTORS_STRTO_BASE(unsigned long, wcstoul, wchar_t) 455 INTERCEPTORS_STRTO_BASE(unsigned long long, wcstoull, wchar_t) 456 457 #if SANITIZER_NETBSD 458 #define INTERCEPT_STRTO(func) \ 459 INTERCEPT_FUNCTION(func); \ 460 INTERCEPT_FUNCTION(func##_l); 461 #else 462 #define INTERCEPT_STRTO(func) \ 463 INTERCEPT_FUNCTION(func); \ 464 INTERCEPT_FUNCTION(func##_l); \ 465 INTERCEPT_FUNCTION(__##func##_l); \ 466 INTERCEPT_FUNCTION(__##func##_internal); 467 #endif 468 469 470 // FIXME: support *wprintf in common format interceptors. 471 INTERCEPTOR(int, vswprintf, void *str, uptr size, void *format, va_list ap) { 472 ENSURE_MSAN_INITED(); 473 int res = REAL(vswprintf)(str, size, format, ap); 474 if (res >= 0) { 475 __msan_unpoison(str, 4 * (res + 1)); 476 } 477 return res; 478 } 479 480 INTERCEPTOR(int, swprintf, void *str, uptr size, void *format, ...) { 481 ENSURE_MSAN_INITED(); 482 va_list ap; 483 va_start(ap, format); 484 int res = vswprintf(str, size, format, ap); 485 va_end(ap); 486 return res; 487 } 488 489 #define INTERCEPTOR_STRFTIME_BODY(char_type, ret_type, func, s, ...) \ 490 ENSURE_MSAN_INITED(); \ 491 InterceptorScope interceptor_scope; \ 492 ret_type res = REAL(func)(s, __VA_ARGS__); \ 493 if (s) __msan_unpoison(s, sizeof(char_type) * (res + 1)); \ 494 return res; 495 496 INTERCEPTOR(SIZE_T, strftime, char *s, SIZE_T max, const char *format, 497 __sanitizer_tm *tm) { 498 INTERCEPTOR_STRFTIME_BODY(char, SIZE_T, strftime, s, max, format, tm); 499 } 500 501 INTERCEPTOR(SIZE_T, strftime_l, char *s, SIZE_T max, const char *format, 502 __sanitizer_tm *tm, void *loc) { 503 INTERCEPTOR_STRFTIME_BODY(char, SIZE_T, strftime_l, s, max, format, tm, loc); 504 } 505 506 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 507 INTERCEPTOR(SIZE_T, __strftime_l, char *s, SIZE_T max, const char *format, 508 __sanitizer_tm *tm, void *loc) { 509 INTERCEPTOR_STRFTIME_BODY(char, SIZE_T, __strftime_l, s, max, format, tm, 510 loc); 511 } 512 #define MSAN_MAYBE_INTERCEPT___STRFTIME_L INTERCEPT_FUNCTION(__strftime_l) 513 #else 514 #define MSAN_MAYBE_INTERCEPT___STRFTIME_L 515 #endif 516 517 INTERCEPTOR(SIZE_T, wcsftime, wchar_t *s, SIZE_T max, const wchar_t *format, 518 __sanitizer_tm *tm) { 519 INTERCEPTOR_STRFTIME_BODY(wchar_t, SIZE_T, wcsftime, s, max, format, tm); 520 } 521 522 INTERCEPTOR(SIZE_T, wcsftime_l, wchar_t *s, SIZE_T max, const wchar_t *format, 523 __sanitizer_tm *tm, void *loc) { 524 INTERCEPTOR_STRFTIME_BODY(wchar_t, SIZE_T, wcsftime_l, s, max, format, tm, 525 loc); 526 } 527 528 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 529 INTERCEPTOR(SIZE_T, __wcsftime_l, wchar_t *s, SIZE_T max, const wchar_t *format, 530 __sanitizer_tm *tm, void *loc) { 531 INTERCEPTOR_STRFTIME_BODY(wchar_t, SIZE_T, __wcsftime_l, s, max, format, tm, 532 loc); 533 } 534 #define MSAN_MAYBE_INTERCEPT___WCSFTIME_L INTERCEPT_FUNCTION(__wcsftime_l) 535 #else 536 #define MSAN_MAYBE_INTERCEPT___WCSFTIME_L 537 #endif 538 539 INTERCEPTOR(int, mbtowc, wchar_t *dest, const char *src, SIZE_T n) { 540 ENSURE_MSAN_INITED(); 541 int res = REAL(mbtowc)(dest, src, n); 542 if (res != -1 && dest) __msan_unpoison(dest, sizeof(wchar_t)); 543 return res; 544 } 545 546 INTERCEPTOR(SIZE_T, mbrtowc, wchar_t *dest, const char *src, SIZE_T n, 547 void *ps) { 548 ENSURE_MSAN_INITED(); 549 SIZE_T res = REAL(mbrtowc)(dest, src, n, ps); 550 if (res != (SIZE_T)-1 && dest) __msan_unpoison(dest, sizeof(wchar_t)); 551 return res; 552 } 553 554 // wchar_t *wmemcpy(wchar_t *dest, const wchar_t *src, SIZE_T n); 555 INTERCEPTOR(wchar_t *, wmemcpy, wchar_t *dest, const wchar_t *src, SIZE_T n) { 556 ENSURE_MSAN_INITED(); 557 GET_STORE_STACK_TRACE; 558 wchar_t *res = REAL(wmemcpy)(dest, src, n); 559 CopyShadowAndOrigin(dest, src, n * sizeof(wchar_t), &stack); 560 return res; 561 } 562 563 #if !SANITIZER_NETBSD 564 INTERCEPTOR(wchar_t *, wmempcpy, wchar_t *dest, const wchar_t *src, SIZE_T n) { 565 ENSURE_MSAN_INITED(); 566 GET_STORE_STACK_TRACE; 567 wchar_t *res = REAL(wmempcpy)(dest, src, n); 568 CopyShadowAndOrigin(dest, src, n * sizeof(wchar_t), &stack); 569 return res; 570 } 571 #define MSAN_MAYBE_INTERCEPT_WMEMPCPY INTERCEPT_FUNCTION(wmempcpy) 572 #else 573 #define MSAN_MAYBE_INTERCEPT_WMEMPCPY 574 #endif 575 576 INTERCEPTOR(wchar_t *, wmemset, wchar_t *s, wchar_t c, SIZE_T n) { 577 CHECK(MEM_IS_APP(s)); 578 ENSURE_MSAN_INITED(); 579 wchar_t *res = REAL(wmemset)(s, c, n); 580 __msan_unpoison(s, n * sizeof(wchar_t)); 581 return res; 582 } 583 584 INTERCEPTOR(wchar_t *, wmemmove, wchar_t *dest, const wchar_t *src, SIZE_T n) { 585 ENSURE_MSAN_INITED(); 586 GET_STORE_STACK_TRACE; 587 wchar_t *res = REAL(wmemmove)(dest, src, n); 588 MoveShadowAndOrigin(dest, src, n * sizeof(wchar_t), &stack); 589 return res; 590 } 591 592 INTERCEPTOR(int, wcscmp, const wchar_t *s1, const wchar_t *s2) { 593 ENSURE_MSAN_INITED(); 594 int res = REAL(wcscmp)(s1, s2); 595 return res; 596 } 597 598 INTERCEPTOR(int, gettimeofday, void *tv, void *tz) { 599 ENSURE_MSAN_INITED(); 600 int res = REAL(gettimeofday)(tv, tz); 601 if (tv) 602 __msan_unpoison(tv, 16); 603 if (tz) 604 __msan_unpoison(tz, 8); 605 return res; 606 } 607 608 #if !SANITIZER_NETBSD 609 INTERCEPTOR(char *, fcvt, double x, int a, int *b, int *c) { 610 ENSURE_MSAN_INITED(); 611 char *res = REAL(fcvt)(x, a, b, c); 612 __msan_unpoison(b, sizeof(*b)); 613 __msan_unpoison(c, sizeof(*c)); 614 if (res) __msan_unpoison(res, REAL(strlen)(res) + 1); 615 return res; 616 } 617 #define MSAN_MAYBE_INTERCEPT_FCVT INTERCEPT_FUNCTION(fcvt) 618 #else 619 #define MSAN_MAYBE_INTERCEPT_FCVT 620 #endif 621 622 INTERCEPTOR(char *, getenv, char *name) { 623 if (msan_init_is_running) 624 return REAL(getenv)(name); 625 ENSURE_MSAN_INITED(); 626 char *res = REAL(getenv)(name); 627 if (res) __msan_unpoison(res, REAL(strlen)(res) + 1); 628 return res; 629 } 630 631 extern char **environ; 632 633 static void UnpoisonEnviron() { 634 char **envp = environ; 635 for (; *envp; ++envp) { 636 __msan_unpoison(envp, sizeof(*envp)); 637 __msan_unpoison(*envp, REAL(strlen)(*envp) + 1); 638 } 639 // Trailing NULL pointer. 640 __msan_unpoison(envp, sizeof(*envp)); 641 } 642 643 INTERCEPTOR(int, setenv, const char *name, const char *value, int overwrite) { 644 ENSURE_MSAN_INITED(); 645 CHECK_UNPOISONED_STRING(name, 0); 646 int res = REAL(setenv)(name, value, overwrite); 647 if (!res) UnpoisonEnviron(); 648 return res; 649 } 650 651 INTERCEPTOR(int, putenv, char *string) { 652 ENSURE_MSAN_INITED(); 653 int res = REAL(putenv)(string); 654 if (!res) UnpoisonEnviron(); 655 return res; 656 } 657 658 #if SANITIZER_FREEBSD || SANITIZER_NETBSD 659 INTERCEPTOR(int, fstat, int fd, void *buf) { 660 ENSURE_MSAN_INITED(); 661 int res = REAL(fstat)(fd, buf); 662 if (!res) 663 __msan_unpoison(buf, __sanitizer::struct_stat_sz); 664 return res; 665 } 666 #define MSAN_MAYBE_INTERCEPT_FSTAT INTERCEPT_FUNCTION(fstat) 667 #else 668 #define MSAN_MAYBE_INTERCEPT_FSTAT 669 #endif 670 671 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 672 INTERCEPTOR(int, __fxstat, int magic, int fd, void *buf) { 673 ENSURE_MSAN_INITED(); 674 int res = REAL(__fxstat)(magic, fd, buf); 675 if (!res) 676 __msan_unpoison(buf, __sanitizer::struct_stat_sz); 677 return res; 678 } 679 #define MSAN_MAYBE_INTERCEPT___FXSTAT INTERCEPT_FUNCTION(__fxstat) 680 #else 681 #define MSAN_MAYBE_INTERCEPT___FXSTAT 682 #endif 683 684 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 685 INTERCEPTOR(int, __fxstat64, int magic, int fd, void *buf) { 686 ENSURE_MSAN_INITED(); 687 int res = REAL(__fxstat64)(magic, fd, buf); 688 if (!res) 689 __msan_unpoison(buf, __sanitizer::struct_stat64_sz); 690 return res; 691 } 692 #define MSAN_MAYBE_INTERCEPT___FXSTAT64 INTERCEPT_FUNCTION(__fxstat64) 693 #else 694 #define MSAN_MAYBE_INTERCEPT___FXSTAT64 695 #endif 696 697 #if SANITIZER_FREEBSD || SANITIZER_NETBSD 698 INTERCEPTOR(int, fstatat, int fd, char *pathname, void *buf, int flags) { 699 ENSURE_MSAN_INITED(); 700 int res = REAL(fstatat)(fd, pathname, buf, flags); 701 if (!res) __msan_unpoison(buf, __sanitizer::struct_stat_sz); 702 return res; 703 } 704 # define MSAN_INTERCEPT_FSTATAT INTERCEPT_FUNCTION(fstatat) 705 #else 706 INTERCEPTOR(int, __fxstatat, int magic, int fd, char *pathname, void *buf, 707 int flags) { 708 ENSURE_MSAN_INITED(); 709 int res = REAL(__fxstatat)(magic, fd, pathname, buf, flags); 710 if (!res) __msan_unpoison(buf, __sanitizer::struct_stat_sz); 711 return res; 712 } 713 # define MSAN_INTERCEPT_FSTATAT INTERCEPT_FUNCTION(__fxstatat) 714 #endif 715 716 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 717 INTERCEPTOR(int, __fxstatat64, int magic, int fd, char *pathname, void *buf, 718 int flags) { 719 ENSURE_MSAN_INITED(); 720 int res = REAL(__fxstatat64)(magic, fd, pathname, buf, flags); 721 if (!res) __msan_unpoison(buf, __sanitizer::struct_stat64_sz); 722 return res; 723 } 724 #define MSAN_MAYBE_INTERCEPT___FXSTATAT64 INTERCEPT_FUNCTION(__fxstatat64) 725 #else 726 #define MSAN_MAYBE_INTERCEPT___FXSTATAT64 727 #endif 728 729 INTERCEPTOR(int, pipe, int pipefd[2]) { 730 if (msan_init_is_running) 731 return REAL(pipe)(pipefd); 732 ENSURE_MSAN_INITED(); 733 int res = REAL(pipe)(pipefd); 734 if (!res) 735 __msan_unpoison(pipefd, sizeof(int[2])); 736 return res; 737 } 738 739 INTERCEPTOR(int, pipe2, int pipefd[2], int flags) { 740 ENSURE_MSAN_INITED(); 741 int res = REAL(pipe2)(pipefd, flags); 742 if (!res) 743 __msan_unpoison(pipefd, sizeof(int[2])); 744 return res; 745 } 746 747 INTERCEPTOR(int, socketpair, int domain, int type, int protocol, int sv[2]) { 748 ENSURE_MSAN_INITED(); 749 int res = REAL(socketpair)(domain, type, protocol, sv); 750 if (!res) 751 __msan_unpoison(sv, sizeof(int[2])); 752 return res; 753 } 754 755 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 756 INTERCEPTOR(char *, fgets_unlocked, char *s, int size, void *stream) { 757 ENSURE_MSAN_INITED(); 758 char *res = REAL(fgets_unlocked)(s, size, stream); 759 if (res) 760 __msan_unpoison(s, REAL(strlen)(s) + 1); 761 return res; 762 } 763 #define MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED INTERCEPT_FUNCTION(fgets_unlocked) 764 #else 765 #define MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED 766 #endif 767 768 #define INTERCEPTOR_GETRLIMIT_BODY(func, resource, rlim) \ 769 if (msan_init_is_running) \ 770 return REAL(getrlimit)(resource, rlim); \ 771 ENSURE_MSAN_INITED(); \ 772 int res = REAL(func)(resource, rlim); \ 773 if (!res) \ 774 __msan_unpoison(rlim, __sanitizer::struct_rlimit_sz); \ 775 return res 776 777 INTERCEPTOR(int, getrlimit, int resource, void *rlim) { 778 INTERCEPTOR_GETRLIMIT_BODY(getrlimit, resource, rlim); 779 } 780 781 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 782 INTERCEPTOR(int, __getrlimit, int resource, void *rlim) { 783 INTERCEPTOR_GETRLIMIT_BODY(__getrlimit, resource, rlim); 784 } 785 786 INTERCEPTOR(int, getrlimit64, int resource, void *rlim) { 787 if (msan_init_is_running) return REAL(getrlimit64)(resource, rlim); 788 ENSURE_MSAN_INITED(); 789 int res = REAL(getrlimit64)(resource, rlim); 790 if (!res) __msan_unpoison(rlim, __sanitizer::struct_rlimit64_sz); 791 return res; 792 } 793 794 INTERCEPTOR(int, prlimit, int pid, int resource, void *new_rlimit, 795 void *old_rlimit) { 796 if (msan_init_is_running) 797 return REAL(prlimit)(pid, resource, new_rlimit, old_rlimit); 798 ENSURE_MSAN_INITED(); 799 CHECK_UNPOISONED(new_rlimit, __sanitizer::struct_rlimit_sz); 800 int res = REAL(prlimit)(pid, resource, new_rlimit, old_rlimit); 801 if (!res) __msan_unpoison(old_rlimit, __sanitizer::struct_rlimit_sz); 802 return res; 803 } 804 805 INTERCEPTOR(int, prlimit64, int pid, int resource, void *new_rlimit, 806 void *old_rlimit) { 807 if (msan_init_is_running) 808 return REAL(prlimit64)(pid, resource, new_rlimit, old_rlimit); 809 ENSURE_MSAN_INITED(); 810 CHECK_UNPOISONED(new_rlimit, __sanitizer::struct_rlimit64_sz); 811 int res = REAL(prlimit64)(pid, resource, new_rlimit, old_rlimit); 812 if (!res) __msan_unpoison(old_rlimit, __sanitizer::struct_rlimit64_sz); 813 return res; 814 } 815 816 #define MSAN_MAYBE_INTERCEPT___GETRLIMIT INTERCEPT_FUNCTION(__getrlimit) 817 #define MSAN_MAYBE_INTERCEPT_GETRLIMIT64 INTERCEPT_FUNCTION(getrlimit64) 818 #define MSAN_MAYBE_INTERCEPT_PRLIMIT INTERCEPT_FUNCTION(prlimit) 819 #define MSAN_MAYBE_INTERCEPT_PRLIMIT64 INTERCEPT_FUNCTION(prlimit64) 820 #else 821 #define MSAN_MAYBE_INTERCEPT___GETRLIMIT 822 #define MSAN_MAYBE_INTERCEPT_GETRLIMIT64 823 #define MSAN_MAYBE_INTERCEPT_PRLIMIT 824 #define MSAN_MAYBE_INTERCEPT_PRLIMIT64 825 #endif 826 827 #if SANITIZER_FREEBSD 828 // FreeBSD's <sys/utsname.h> define uname() as 829 // static __inline int uname(struct utsname *name) { 830 // return __xuname(SYS_NMLN, (void*)name); 831 // } 832 INTERCEPTOR(int, __xuname, int size, void *utsname) { 833 ENSURE_MSAN_INITED(); 834 int res = REAL(__xuname)(size, utsname); 835 if (!res) 836 __msan_unpoison(utsname, __sanitizer::struct_utsname_sz); 837 return res; 838 } 839 #define MSAN_INTERCEPT_UNAME INTERCEPT_FUNCTION(__xuname) 840 #else 841 INTERCEPTOR(int, uname, struct utsname *utsname) { 842 ENSURE_MSAN_INITED(); 843 int res = REAL(uname)(utsname); 844 if (!res) 845 __msan_unpoison(utsname, __sanitizer::struct_utsname_sz); 846 return res; 847 } 848 #define MSAN_INTERCEPT_UNAME INTERCEPT_FUNCTION(uname) 849 #endif 850 851 INTERCEPTOR(int, gethostname, char *name, SIZE_T len) { 852 ENSURE_MSAN_INITED(); 853 int res = REAL(gethostname)(name, len); 854 if (!res) { 855 SIZE_T real_len = REAL(strnlen)(name, len); 856 if (real_len < len) 857 ++real_len; 858 __msan_unpoison(name, real_len); 859 } 860 return res; 861 } 862 863 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 864 INTERCEPTOR(int, epoll_wait, int epfd, void *events, int maxevents, 865 int timeout) { 866 ENSURE_MSAN_INITED(); 867 int res = REAL(epoll_wait)(epfd, events, maxevents, timeout); 868 if (res > 0) { 869 __msan_unpoison(events, __sanitizer::struct_epoll_event_sz * res); 870 } 871 return res; 872 } 873 #define MSAN_MAYBE_INTERCEPT_EPOLL_WAIT INTERCEPT_FUNCTION(epoll_wait) 874 #else 875 #define MSAN_MAYBE_INTERCEPT_EPOLL_WAIT 876 #endif 877 878 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD 879 INTERCEPTOR(int, epoll_pwait, int epfd, void *events, int maxevents, 880 int timeout, void *sigmask) { 881 ENSURE_MSAN_INITED(); 882 int res = REAL(epoll_pwait)(epfd, events, maxevents, timeout, sigmask); 883 if (res > 0) { 884 __msan_unpoison(events, __sanitizer::struct_epoll_event_sz * res); 885 } 886 return res; 887 } 888 #define MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT INTERCEPT_FUNCTION(epoll_pwait) 889 #else 890 #define MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT 891 #endif 892 893 INTERCEPTOR(void *, calloc, SIZE_T nmemb, SIZE_T size) { 894 GET_MALLOC_STACK_TRACE; 895 if (UNLIKELY(!msan_inited)) 896 // Hack: dlsym calls calloc before REAL(calloc) is retrieved from dlsym. 897 return AllocateFromLocalPool(nmemb * size); 898 return msan_calloc(nmemb, size, &stack); 899 } 900 901 INTERCEPTOR(void *, realloc, void *ptr, SIZE_T size) { 902 GET_MALLOC_STACK_TRACE; 903 if (UNLIKELY(IsInDlsymAllocPool(ptr))) { 904 uptr offset = (uptr)ptr - (uptr)alloc_memory_for_dlsym; 905 uptr copy_size = Min(size, kDlsymAllocPoolSize - offset); 906 void *new_ptr; 907 if (UNLIKELY(!msan_inited)) { 908 new_ptr = AllocateFromLocalPool(copy_size); 909 } else { 910 copy_size = size; 911 new_ptr = msan_malloc(copy_size, &stack); 912 } 913 internal_memcpy(new_ptr, ptr, copy_size); 914 return new_ptr; 915 } 916 return msan_realloc(ptr, size, &stack); 917 } 918 919 INTERCEPTOR(void *, reallocarray, void *ptr, SIZE_T nmemb, SIZE_T size) { 920 GET_MALLOC_STACK_TRACE; 921 return msan_reallocarray(ptr, nmemb, size, &stack); 922 } 923 924 INTERCEPTOR(void *, malloc, SIZE_T size) { 925 GET_MALLOC_STACK_TRACE; 926 if (UNLIKELY(!msan_inited)) 927 // Hack: dlsym calls malloc before REAL(malloc) is retrieved from dlsym. 928 return AllocateFromLocalPool(size); 929 return msan_malloc(size, &stack); 930 } 931 932 void __msan_allocated_memory(const void *data, uptr size) { 933 GET_MALLOC_STACK_TRACE; 934 if (flags()->poison_in_malloc) { 935 stack.tag = STACK_TRACE_TAG_POISON; 936 PoisonMemory(data, size, &stack); 937 } 938 } 939 940 void __msan_copy_shadow(void *dest, const void *src, uptr n) { 941 GET_STORE_STACK_TRACE; 942 MoveShadowAndOrigin(dest, src, n, &stack); 943 } 944 945 void __sanitizer_dtor_callback(const void *data, uptr size) { 946 GET_MALLOC_STACK_TRACE; 947 if (flags()->poison_in_dtor) { 948 stack.tag = STACK_TRACE_TAG_POISON; 949 PoisonMemory(data, size, &stack); 950 } 951 } 952 953 template <class Mmap> 954 static void *mmap_interceptor(Mmap real_mmap, void *addr, SIZE_T length, 955 int prot, int flags, int fd, OFF64_T offset) { 956 if (addr && !MEM_IS_APP(addr)) { 957 if (flags & map_fixed) { 958 errno = errno_EINVAL; 959 return (void *)-1; 960 } else { 961 addr = nullptr; 962 } 963 } 964 void *res = real_mmap(addr, length, prot, flags, fd, offset); 965 if (res != (void *)-1) __msan_unpoison(res, RoundUpTo(length, GetPageSize())); 966 return res; 967 } 968 969 INTERCEPTOR(int, getrusage, int who, void *usage) { 970 ENSURE_MSAN_INITED(); 971 int res = REAL(getrusage)(who, usage); 972 if (res == 0) { 973 __msan_unpoison(usage, __sanitizer::struct_rusage_sz); 974 } 975 return res; 976 } 977 978 class SignalHandlerScope { 979 public: 980 SignalHandlerScope() { 981 if (MsanThread *t = GetCurrentThread()) 982 t->EnterSignalHandler(); 983 } 984 ~SignalHandlerScope() { 985 if (MsanThread *t = GetCurrentThread()) 986 t->LeaveSignalHandler(); 987 } 988 }; 989 990 // sigactions_mu guarantees atomicity of sigaction() and signal() calls. 991 // Access to sigactions[] is gone with relaxed atomics to avoid data race with 992 // the signal handler. 993 const int kMaxSignals = 1024; 994 static atomic_uintptr_t sigactions[kMaxSignals]; 995 static StaticSpinMutex sigactions_mu; 996 997 static void SignalHandler(int signo) { 998 SignalHandlerScope signal_handler_scope; 999 ScopedThreadLocalStateBackup stlsb; 1000 UnpoisonParam(1); 1001 1002 typedef void (*signal_cb)(int x); 1003 signal_cb cb = 1004 (signal_cb)atomic_load(&sigactions[signo], memory_order_relaxed); 1005 cb(signo); 1006 } 1007 1008 static void SignalAction(int signo, void *si, void *uc) { 1009 SignalHandlerScope signal_handler_scope; 1010 ScopedThreadLocalStateBackup stlsb; 1011 UnpoisonParam(3); 1012 __msan_unpoison(si, sizeof(__sanitizer_sigaction)); 1013 __msan_unpoison(uc, __sanitizer::ucontext_t_sz); 1014 1015 typedef void (*sigaction_cb)(int, void *, void *); 1016 sigaction_cb cb = 1017 (sigaction_cb)atomic_load(&sigactions[signo], memory_order_relaxed); 1018 cb(signo, si, uc); 1019 } 1020 1021 static void read_sigaction(const __sanitizer_sigaction *act) { 1022 CHECK_UNPOISONED(&act->sa_flags, sizeof(act->sa_flags)); 1023 if (act->sa_flags & __sanitizer::sa_siginfo) 1024 CHECK_UNPOISONED(&act->sigaction, sizeof(act->sigaction)); 1025 else 1026 CHECK_UNPOISONED(&act->handler, sizeof(act->handler)); 1027 CHECK_UNPOISONED(&act->sa_mask, sizeof(act->sa_mask)); 1028 } 1029 1030 extern "C" int pthread_attr_init(void *attr); 1031 extern "C" int pthread_attr_destroy(void *attr); 1032 1033 static void *MsanThreadStartFunc(void *arg) { 1034 MsanThread *t = (MsanThread *)arg; 1035 SetCurrentThread(t); 1036 return t->ThreadStart(); 1037 } 1038 1039 INTERCEPTOR(int, pthread_create, void *th, void *attr, void *(*callback)(void*), 1040 void * param) { 1041 ENSURE_MSAN_INITED(); // for GetTlsSize() 1042 __sanitizer_pthread_attr_t myattr; 1043 if (!attr) { 1044 pthread_attr_init(&myattr); 1045 attr = &myattr; 1046 } 1047 1048 AdjustStackSize(attr); 1049 1050 MsanThread *t = MsanThread::Create(callback, param); 1051 1052 int res = REAL(pthread_create)(th, attr, MsanThreadStartFunc, t); 1053 1054 if (attr == &myattr) 1055 pthread_attr_destroy(&myattr); 1056 if (!res) { 1057 __msan_unpoison(th, __sanitizer::pthread_t_sz); 1058 } 1059 return res; 1060 } 1061 1062 INTERCEPTOR(int, pthread_key_create, __sanitizer_pthread_key_t *key, 1063 void (*dtor)(void *value)) { 1064 if (msan_init_is_running) return REAL(pthread_key_create)(key, dtor); 1065 ENSURE_MSAN_INITED(); 1066 int res = REAL(pthread_key_create)(key, dtor); 1067 if (!res && key) 1068 __msan_unpoison(key, sizeof(*key)); 1069 return res; 1070 } 1071 1072 #if SANITIZER_NETBSD 1073 INTERCEPTOR(int, __libc_thr_keycreate, __sanitizer_pthread_key_t *m, 1074 void (*dtor)(void *value)) 1075 ALIAS(WRAPPER_NAME(pthread_key_create)); 1076 #endif 1077 1078 INTERCEPTOR(int, pthread_join, void *th, void **retval) { 1079 ENSURE_MSAN_INITED(); 1080 int res = REAL(pthread_join)(th, retval); 1081 if (!res && retval) 1082 __msan_unpoison(retval, sizeof(*retval)); 1083 return res; 1084 } 1085 1086 extern char *tzname[2]; 1087 1088 INTERCEPTOR(void, tzset, int fake) { 1089 ENSURE_MSAN_INITED(); 1090 InterceptorScope interceptor_scope; 1091 REAL(tzset)(fake); 1092 if (tzname[0]) 1093 __msan_unpoison(tzname[0], REAL(strlen)(tzname[0]) + 1); 1094 if (tzname[1]) 1095 __msan_unpoison(tzname[1], REAL(strlen)(tzname[1]) + 1); 1096 return; 1097 } 1098 1099 struct MSanAtExitRecord { 1100 void (*func)(void *arg); 1101 void *arg; 1102 }; 1103 1104 struct InterceptorContext { 1105 BlockingMutex atexit_mu; 1106 Vector<struct MSanAtExitRecord *> AtExitStack; 1107 1108 InterceptorContext() 1109 : AtExitStack() { 1110 } 1111 }; 1112 1113 static ALIGNED(64) char interceptor_placeholder[sizeof(InterceptorContext)]; 1114 InterceptorContext *interceptor_ctx() { 1115 return reinterpret_cast<InterceptorContext*>(&interceptor_placeholder[0]); 1116 } 1117 1118 void MSanAtExitWrapper() { 1119 MSanAtExitRecord *r; 1120 { 1121 BlockingMutexLock l(&interceptor_ctx()->atexit_mu); 1122 1123 uptr element = interceptor_ctx()->AtExitStack.Size() - 1; 1124 r = interceptor_ctx()->AtExitStack[element]; 1125 interceptor_ctx()->AtExitStack.PopBack(); 1126 } 1127 1128 UnpoisonParam(1); 1129 ((void(*)())r->func)(); 1130 InternalFree(r); 1131 } 1132 1133 void MSanCxaAtExitWrapper(void *arg) { 1134 UnpoisonParam(1); 1135 MSanAtExitRecord *r = (MSanAtExitRecord *)arg; 1136 // libc before 2.27 had race which caused occasional double handler execution 1137 // https://sourceware.org/ml/libc-alpha/2017-08/msg01204.html 1138 if (!r->func) 1139 return; 1140 r->func(r->arg); 1141 r->func = nullptr; 1142 } 1143 1144 static int setup_at_exit_wrapper(void(*f)(), void *arg, void *dso); 1145 1146 // Unpoison argument shadow for C++ module destructors. 1147 INTERCEPTOR(int, __cxa_atexit, void (*func)(void *), void *arg, 1148 void *dso_handle) { 1149 if (msan_init_is_running) return REAL(__cxa_atexit)(func, arg, dso_handle); 1150 return setup_at_exit_wrapper((void(*)())func, arg, dso_handle); 1151 } 1152 1153 // Unpoison argument shadow for C++ module destructors. 1154 INTERCEPTOR(int, atexit, void (*func)()) { 1155 // Avoid calling real atexit as it is unrechable on at least on Linux. 1156 if (msan_init_is_running) 1157 return REAL(__cxa_atexit)((void (*)(void *a))func, 0, 0); 1158 return setup_at_exit_wrapper((void(*)())func, 0, 0); 1159 } 1160 1161 static int setup_at_exit_wrapper(void(*f)(), void *arg, void *dso) { 1162 ENSURE_MSAN_INITED(); 1163 MSanAtExitRecord *r = 1164 (MSanAtExitRecord *)InternalAlloc(sizeof(MSanAtExitRecord)); 1165 r->func = (void(*)(void *a))f; 1166 r->arg = arg; 1167 int res; 1168 if (!dso) { 1169 // NetBSD does not preserve the 2nd argument if dso is equal to 0 1170 // Store ctx in a local stack-like structure 1171 1172 BlockingMutexLock l(&interceptor_ctx()->atexit_mu); 1173 1174 res = REAL(__cxa_atexit)((void (*)(void *a))MSanAtExitWrapper, 0, 0); 1175 if (!res) { 1176 interceptor_ctx()->AtExitStack.PushBack(r); 1177 } 1178 } else { 1179 res = REAL(__cxa_atexit)(MSanCxaAtExitWrapper, r, dso); 1180 } 1181 return res; 1182 } 1183 1184 static void BeforeFork() { 1185 StackDepotLockAll(); 1186 ChainedOriginDepotLockAll(); 1187 } 1188 1189 static void AfterFork() { 1190 ChainedOriginDepotUnlockAll(); 1191 StackDepotUnlockAll(); 1192 } 1193 1194 INTERCEPTOR(int, fork, void) { 1195 ENSURE_MSAN_INITED(); 1196 BeforeFork(); 1197 int pid = REAL(fork)(); 1198 AfterFork(); 1199 return pid; 1200 } 1201 1202 // NetBSD ships with openpty(3) in -lutil, that needs to be prebuilt explicitly 1203 // with MSan. 1204 #if SANITIZER_LINUX 1205 INTERCEPTOR(int, openpty, int *aparent, int *aworker, char *name, 1206 const void *termp, const void *winp) { 1207 ENSURE_MSAN_INITED(); 1208 InterceptorScope interceptor_scope; 1209 int res = REAL(openpty)(aparent, aworker, name, termp, winp); 1210 if (!res) { 1211 __msan_unpoison(aparent, sizeof(*aparent)); 1212 __msan_unpoison(aworker, sizeof(*aworker)); 1213 } 1214 return res; 1215 } 1216 #define MSAN_MAYBE_INTERCEPT_OPENPTY INTERCEPT_FUNCTION(openpty) 1217 #else 1218 #define MSAN_MAYBE_INTERCEPT_OPENPTY 1219 #endif 1220 1221 // NetBSD ships with forkpty(3) in -lutil, that needs to be prebuilt explicitly 1222 // with MSan. 1223 #if SANITIZER_LINUX 1224 INTERCEPTOR(int, forkpty, int *aparent, char *name, const void *termp, 1225 const void *winp) { 1226 ENSURE_MSAN_INITED(); 1227 InterceptorScope interceptor_scope; 1228 int res = REAL(forkpty)(aparent, name, termp, winp); 1229 if (res != -1) 1230 __msan_unpoison(aparent, sizeof(*aparent)); 1231 return res; 1232 } 1233 #define MSAN_MAYBE_INTERCEPT_FORKPTY INTERCEPT_FUNCTION(forkpty) 1234 #else 1235 #define MSAN_MAYBE_INTERCEPT_FORKPTY 1236 #endif 1237 1238 struct MSanInterceptorContext { 1239 bool in_interceptor_scope; 1240 }; 1241 1242 namespace __msan { 1243 1244 int OnExit() { 1245 // FIXME: ask frontend whether we need to return failure. 1246 return 0; 1247 } 1248 1249 } // namespace __msan 1250 1251 // A version of CHECK_UNPOISONED using a saved scope value. Used in common 1252 // interceptors. 1253 #define CHECK_UNPOISONED_CTX(ctx, x, n) \ 1254 do { \ 1255 if (!((MSanInterceptorContext *)ctx)->in_interceptor_scope) \ 1256 CHECK_UNPOISONED_0(x, n); \ 1257 } while (0) 1258 1259 #define MSAN_INTERCEPT_FUNC(name) \ 1260 do { \ 1261 if (!INTERCEPT_FUNCTION(name)) \ 1262 VReport(1, "MemorySanitizer: failed to intercept '%s'\n'", #name); \ 1263 } while (0) 1264 1265 #define MSAN_INTERCEPT_FUNC_VER(name, ver) \ 1266 do { \ 1267 if (!INTERCEPT_FUNCTION_VER(name, ver)) \ 1268 VReport(1, "MemorySanitizer: failed to intercept '%s@@%s'\n", #name, \ 1269 #ver); \ 1270 } while (0) 1271 1272 #define COMMON_INTERCEPT_FUNCTION(name) MSAN_INTERCEPT_FUNC(name) 1273 #define COMMON_INTERCEPT_FUNCTION_VER(name, ver) \ 1274 MSAN_INTERCEPT_FUNC_VER(name, ver) 1275 #define COMMON_INTERCEPTOR_UNPOISON_PARAM(count) \ 1276 UnpoisonParam(count) 1277 #define COMMON_INTERCEPTOR_WRITE_RANGE(ctx, ptr, size) \ 1278 __msan_unpoison(ptr, size) 1279 #define COMMON_INTERCEPTOR_READ_RANGE(ctx, ptr, size) \ 1280 CHECK_UNPOISONED_CTX(ctx, ptr, size) 1281 #define COMMON_INTERCEPTOR_INITIALIZE_RANGE(ptr, size) \ 1282 __msan_unpoison(ptr, size) 1283 #define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \ 1284 if (msan_init_is_running) return REAL(func)(__VA_ARGS__); \ 1285 ENSURE_MSAN_INITED(); \ 1286 MSanInterceptorContext msan_ctx = {IsInInterceptorScope()}; \ 1287 ctx = (void *)&msan_ctx; \ 1288 (void)ctx; \ 1289 InterceptorScope interceptor_scope; \ 1290 __msan_unpoison(__errno_location(), sizeof(int)); /* NOLINT */ 1291 #define COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path) \ 1292 do { \ 1293 } while (false) 1294 #define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \ 1295 do { \ 1296 } while (false) 1297 #define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \ 1298 do { \ 1299 } while (false) 1300 #define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \ 1301 do { \ 1302 } while (false) 1303 #define COMMON_INTERCEPTOR_SET_THREAD_NAME(ctx, name) \ 1304 do { \ 1305 } while (false) // FIXME 1306 #define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \ 1307 do { \ 1308 } while (false) // FIXME 1309 #define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name) 1310 #define COMMON_INTERCEPTOR_ON_EXIT(ctx) OnExit() 1311 #define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle) \ 1312 do { \ 1313 link_map *map = GET_LINK_MAP_BY_DLOPEN_HANDLE((handle)); \ 1314 if (filename && map) \ 1315 ForEachMappedRegion(map, __msan_unpoison); \ 1316 } while (false) 1317 1318 #define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) \ 1319 if (MsanThread *t = GetCurrentThread()) { \ 1320 *begin = t->tls_begin(); \ 1321 *end = t->tls_end(); \ 1322 } else { \ 1323 *begin = *end = 0; \ 1324 } 1325 1326 #define COMMON_INTERCEPTOR_MEMSET_IMPL(ctx, block, c, size) \ 1327 { \ 1328 (void)ctx; \ 1329 return __msan_memset(block, c, size); \ 1330 } 1331 #define COMMON_INTERCEPTOR_MEMMOVE_IMPL(ctx, to, from, size) \ 1332 { \ 1333 (void)ctx; \ 1334 return __msan_memmove(to, from, size); \ 1335 } 1336 #define COMMON_INTERCEPTOR_MEMCPY_IMPL(ctx, to, from, size) \ 1337 { \ 1338 (void)ctx; \ 1339 return __msan_memcpy(to, from, size); \ 1340 } 1341 1342 #define COMMON_INTERCEPTOR_COPY_STRING(ctx, to, from, size) \ 1343 do { \ 1344 GET_STORE_STACK_TRACE; \ 1345 CopyShadowAndOrigin(to, from, size, &stack); \ 1346 __msan_unpoison(to + size, 1); \ 1347 } while (false) 1348 1349 #define COMMON_INTERCEPTOR_MMAP_IMPL(ctx, mmap, addr, length, prot, flags, fd, \ 1350 offset) \ 1351 do { \ 1352 return mmap_interceptor(REAL(mmap), addr, sz, prot, flags, fd, off); \ 1353 } while (false) 1354 1355 #include "sanitizer_common/sanitizer_platform_interceptors.h" 1356 #include "sanitizer_common/sanitizer_common_interceptors.inc" 1357 1358 static uptr signal_impl(int signo, uptr cb); 1359 static int sigaction_impl(int signo, const __sanitizer_sigaction *act, 1360 __sanitizer_sigaction *oldact); 1361 1362 #define SIGNAL_INTERCEPTOR_SIGACTION_IMPL(signo, act, oldact) \ 1363 { return sigaction_impl(signo, act, oldact); } 1364 1365 #define SIGNAL_INTERCEPTOR_SIGNAL_IMPL(func, signo, handler) \ 1366 { \ 1367 handler = signal_impl(signo, handler); \ 1368 InterceptorScope interceptor_scope; \ 1369 return REAL(func)(signo, handler); \ 1370 } 1371 1372 #include "sanitizer_common/sanitizer_signal_interceptors.inc" 1373 1374 static int sigaction_impl(int signo, const __sanitizer_sigaction *act, 1375 __sanitizer_sigaction *oldact) { 1376 ENSURE_MSAN_INITED(); 1377 if (act) read_sigaction(act); 1378 int res; 1379 if (flags()->wrap_signals) { 1380 SpinMutexLock lock(&sigactions_mu); 1381 CHECK_LT(signo, kMaxSignals); 1382 uptr old_cb = atomic_load(&sigactions[signo], memory_order_relaxed); 1383 __sanitizer_sigaction new_act; 1384 __sanitizer_sigaction *pnew_act = act ? &new_act : nullptr; 1385 if (act) { 1386 REAL(memcpy)(pnew_act, act, sizeof(__sanitizer_sigaction)); 1387 uptr cb = (uptr)pnew_act->sigaction; 1388 uptr new_cb = (pnew_act->sa_flags & __sanitizer::sa_siginfo) 1389 ? (uptr)SignalAction 1390 : (uptr)SignalHandler; 1391 if (cb != __sanitizer::sig_ign && cb != __sanitizer::sig_dfl) { 1392 atomic_store(&sigactions[signo], cb, memory_order_relaxed); 1393 pnew_act->sigaction = (decltype(pnew_act->sigaction))new_cb; 1394 } 1395 } 1396 res = REAL(SIGACTION_SYMNAME)(signo, pnew_act, oldact); 1397 if (res == 0 && oldact) { 1398 uptr cb = (uptr)oldact->sigaction; 1399 if (cb == (uptr)SignalAction || cb == (uptr)SignalHandler) { 1400 oldact->sigaction = (decltype(oldact->sigaction))old_cb; 1401 } 1402 } 1403 } else { 1404 res = REAL(SIGACTION_SYMNAME)(signo, act, oldact); 1405 } 1406 1407 if (res == 0 && oldact) { 1408 __msan_unpoison(oldact, sizeof(__sanitizer_sigaction)); 1409 } 1410 return res; 1411 } 1412 1413 static uptr signal_impl(int signo, uptr cb) { 1414 ENSURE_MSAN_INITED(); 1415 if (flags()->wrap_signals) { 1416 CHECK_LT(signo, kMaxSignals); 1417 SpinMutexLock lock(&sigactions_mu); 1418 if (cb != __sanitizer::sig_ign && cb != __sanitizer::sig_dfl) { 1419 atomic_store(&sigactions[signo], cb, memory_order_relaxed); 1420 cb = (uptr)&SignalHandler; 1421 } 1422 } 1423 return cb; 1424 } 1425 1426 #define COMMON_SYSCALL_PRE_READ_RANGE(p, s) CHECK_UNPOISONED(p, s) 1427 #define COMMON_SYSCALL_PRE_WRITE_RANGE(p, s) \ 1428 do { \ 1429 } while (false) 1430 #define COMMON_SYSCALL_POST_READ_RANGE(p, s) \ 1431 do { \ 1432 } while (false) 1433 #define COMMON_SYSCALL_POST_WRITE_RANGE(p, s) __msan_unpoison(p, s) 1434 #include "sanitizer_common/sanitizer_common_syscalls.inc" 1435 #include "sanitizer_common/sanitizer_syscalls_netbsd.inc" 1436 1437 struct dlinfo { 1438 char *dli_fname; 1439 void *dli_fbase; 1440 char *dli_sname; 1441 void *dli_saddr; 1442 }; 1443 1444 INTERCEPTOR(int, dladdr, void *addr, dlinfo *info) { 1445 void *ctx; 1446 COMMON_INTERCEPTOR_ENTER(ctx, dladdr, addr, info); 1447 int res = REAL(dladdr)(addr, info); 1448 if (res != 0) { 1449 __msan_unpoison(info, sizeof(*info)); 1450 if (info->dli_fname) 1451 __msan_unpoison(info->dli_fname, REAL(strlen)(info->dli_fname) + 1); 1452 if (info->dli_sname) 1453 __msan_unpoison(info->dli_sname, REAL(strlen)(info->dli_sname) + 1); 1454 } 1455 return res; 1456 } 1457 1458 INTERCEPTOR(char *, dlerror, int fake) { 1459 void *ctx; 1460 COMMON_INTERCEPTOR_ENTER(ctx, dlerror, fake); 1461 char *res = REAL(dlerror)(fake); 1462 if (res) __msan_unpoison(res, REAL(strlen)(res) + 1); 1463 return res; 1464 } 1465 1466 typedef int (*dl_iterate_phdr_cb)(__sanitizer_dl_phdr_info *info, SIZE_T size, 1467 void *data); 1468 struct dl_iterate_phdr_data { 1469 dl_iterate_phdr_cb callback; 1470 void *data; 1471 }; 1472 1473 static int msan_dl_iterate_phdr_cb(__sanitizer_dl_phdr_info *info, SIZE_T size, 1474 void *data) { 1475 if (info) { 1476 __msan_unpoison(info, size); 1477 if (info->dlpi_phdr && info->dlpi_phnum) 1478 __msan_unpoison(info->dlpi_phdr, struct_ElfW_Phdr_sz * info->dlpi_phnum); 1479 if (info->dlpi_name) 1480 __msan_unpoison(info->dlpi_name, REAL(strlen)(info->dlpi_name) + 1); 1481 } 1482 dl_iterate_phdr_data *cbdata = (dl_iterate_phdr_data *)data; 1483 UnpoisonParam(3); 1484 return cbdata->callback(info, size, cbdata->data); 1485 } 1486 1487 INTERCEPTOR(void *, shmat, int shmid, const void *shmaddr, int shmflg) { 1488 ENSURE_MSAN_INITED(); 1489 void *p = REAL(shmat)(shmid, shmaddr, shmflg); 1490 if (p != (void *)-1) { 1491 __sanitizer_shmid_ds ds; 1492 int res = REAL(shmctl)(shmid, shmctl_ipc_stat, &ds); 1493 if (!res) { 1494 __msan_unpoison(p, ds.shm_segsz); 1495 } 1496 } 1497 return p; 1498 } 1499 1500 INTERCEPTOR(int, dl_iterate_phdr, dl_iterate_phdr_cb callback, void *data) { 1501 void *ctx; 1502 COMMON_INTERCEPTOR_ENTER(ctx, dl_iterate_phdr, callback, data); 1503 dl_iterate_phdr_data cbdata; 1504 cbdata.callback = callback; 1505 cbdata.data = data; 1506 int res = REAL(dl_iterate_phdr)(msan_dl_iterate_phdr_cb, (void *)&cbdata); 1507 return res; 1508 } 1509 1510 // wchar_t *wcschr(const wchar_t *wcs, wchar_t wc); 1511 INTERCEPTOR(wchar_t *, wcschr, void *s, wchar_t wc, void *ps) { 1512 ENSURE_MSAN_INITED(); 1513 wchar_t *res = REAL(wcschr)(s, wc, ps); 1514 return res; 1515 } 1516 1517 // wchar_t *wcscpy(wchar_t *dest, const wchar_t *src); 1518 INTERCEPTOR(wchar_t *, wcscpy, wchar_t *dest, const wchar_t *src) { 1519 ENSURE_MSAN_INITED(); 1520 GET_STORE_STACK_TRACE; 1521 wchar_t *res = REAL(wcscpy)(dest, src); 1522 CopyShadowAndOrigin(dest, src, sizeof(wchar_t) * (REAL(wcslen)(src) + 1), 1523 &stack); 1524 return res; 1525 } 1526 1527 INTERCEPTOR(wchar_t *, wcsncpy, wchar_t *dest, const wchar_t *src, SIZE_T n) { 1528 ENSURE_MSAN_INITED(); 1529 GET_STORE_STACK_TRACE; 1530 SIZE_T copy_size = REAL(wcsnlen)(src, n); 1531 if (copy_size < n) copy_size++; // trailing \0 1532 wchar_t *res = REAL(wcsncpy)(dest, src, n); 1533 CopyShadowAndOrigin(dest, src, copy_size * sizeof(wchar_t), &stack); 1534 __msan_unpoison(dest + copy_size, (n - copy_size) * sizeof(wchar_t)); 1535 return res; 1536 } 1537 1538 // These interface functions reside here so that they can use 1539 // REAL(memset), etc. 1540 void __msan_unpoison(const void *a, uptr size) { 1541 if (!MEM_IS_APP(a)) return; 1542 SetShadow(a, size, 0); 1543 } 1544 1545 void __msan_poison(const void *a, uptr size) { 1546 if (!MEM_IS_APP(a)) return; 1547 SetShadow(a, size, __msan::flags()->poison_heap_with_zeroes ? 0 : -1); 1548 } 1549 1550 void __msan_poison_stack(void *a, uptr size) { 1551 if (!MEM_IS_APP(a)) return; 1552 SetShadow(a, size, __msan::flags()->poison_stack_with_zeroes ? 0 : -1); 1553 } 1554 1555 void __msan_unpoison_param(uptr n) { UnpoisonParam(n); } 1556 1557 void __msan_clear_and_unpoison(void *a, uptr size) { 1558 REAL(memset)(a, 0, size); 1559 SetShadow(a, size, 0); 1560 } 1561 1562 void *__msan_memcpy(void *dest, const void *src, SIZE_T n) { 1563 if (!msan_inited) return internal_memcpy(dest, src, n); 1564 if (msan_init_is_running || __msan::IsInSymbolizer()) 1565 return REAL(memcpy)(dest, src, n); 1566 ENSURE_MSAN_INITED(); 1567 GET_STORE_STACK_TRACE; 1568 void *res = REAL(memcpy)(dest, src, n); 1569 CopyShadowAndOrigin(dest, src, n, &stack); 1570 return res; 1571 } 1572 1573 void *__msan_memset(void *s, int c, SIZE_T n) { 1574 if (!msan_inited) return internal_memset(s, c, n); 1575 if (msan_init_is_running) return REAL(memset)(s, c, n); 1576 ENSURE_MSAN_INITED(); 1577 void *res = REAL(memset)(s, c, n); 1578 __msan_unpoison(s, n); 1579 return res; 1580 } 1581 1582 void *__msan_memmove(void *dest, const void *src, SIZE_T n) { 1583 if (!msan_inited) return internal_memmove(dest, src, n); 1584 if (msan_init_is_running) return REAL(memmove)(dest, src, n); 1585 ENSURE_MSAN_INITED(); 1586 GET_STORE_STACK_TRACE; 1587 void *res = REAL(memmove)(dest, src, n); 1588 MoveShadowAndOrigin(dest, src, n, &stack); 1589 return res; 1590 } 1591 1592 void __msan_unpoison_string(const char* s) { 1593 if (!MEM_IS_APP(s)) return; 1594 __msan_unpoison(s, REAL(strlen)(s) + 1); 1595 } 1596 1597 namespace __msan { 1598 1599 void InitializeInterceptors() { 1600 static int inited = 0; 1601 CHECK_EQ(inited, 0); 1602 1603 new(interceptor_ctx()) InterceptorContext(); 1604 1605 InitializeCommonInterceptors(); 1606 InitializeSignalInterceptors(); 1607 1608 INTERCEPT_FUNCTION(posix_memalign); 1609 MSAN_MAYBE_INTERCEPT_MEMALIGN; 1610 MSAN_MAYBE_INTERCEPT___LIBC_MEMALIGN; 1611 INTERCEPT_FUNCTION(valloc); 1612 MSAN_MAYBE_INTERCEPT_PVALLOC; 1613 INTERCEPT_FUNCTION(malloc); 1614 INTERCEPT_FUNCTION(calloc); 1615 INTERCEPT_FUNCTION(realloc); 1616 INTERCEPT_FUNCTION(reallocarray); 1617 INTERCEPT_FUNCTION(free); 1618 MSAN_MAYBE_INTERCEPT_CFREE; 1619 MSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE; 1620 MSAN_MAYBE_INTERCEPT_MALLINFO; 1621 MSAN_MAYBE_INTERCEPT_MALLOPT; 1622 MSAN_MAYBE_INTERCEPT_MALLOC_STATS; 1623 INTERCEPT_FUNCTION(fread); 1624 MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED; 1625 INTERCEPT_FUNCTION(memccpy); 1626 MSAN_MAYBE_INTERCEPT_MEMPCPY; 1627 INTERCEPT_FUNCTION(bcopy); 1628 INTERCEPT_FUNCTION(wmemset); 1629 INTERCEPT_FUNCTION(wmemcpy); 1630 MSAN_MAYBE_INTERCEPT_WMEMPCPY; 1631 INTERCEPT_FUNCTION(wmemmove); 1632 INTERCEPT_FUNCTION(strcpy); 1633 MSAN_MAYBE_INTERCEPT_STPCPY; 1634 INTERCEPT_FUNCTION(strdup); 1635 MSAN_MAYBE_INTERCEPT___STRDUP; 1636 INTERCEPT_FUNCTION(strncpy); 1637 MSAN_MAYBE_INTERCEPT_GCVT; 1638 INTERCEPT_FUNCTION(strcat); 1639 INTERCEPT_FUNCTION(strncat); 1640 INTERCEPT_STRTO(strtod); 1641 INTERCEPT_STRTO(strtof); 1642 INTERCEPT_STRTO(strtold); 1643 INTERCEPT_STRTO(strtol); 1644 INTERCEPT_STRTO(strtoul); 1645 INTERCEPT_STRTO(strtoll); 1646 INTERCEPT_STRTO(strtoull); 1647 INTERCEPT_STRTO(strtouq); 1648 INTERCEPT_STRTO(wcstod); 1649 INTERCEPT_STRTO(wcstof); 1650 INTERCEPT_STRTO(wcstold); 1651 INTERCEPT_STRTO(wcstol); 1652 INTERCEPT_STRTO(wcstoul); 1653 INTERCEPT_STRTO(wcstoll); 1654 INTERCEPT_STRTO(wcstoull); 1655 #ifdef SANITIZER_NLDBL_VERSION 1656 INTERCEPT_FUNCTION_VER(vswprintf, SANITIZER_NLDBL_VERSION); 1657 INTERCEPT_FUNCTION_VER(swprintf, SANITIZER_NLDBL_VERSION); 1658 #else 1659 INTERCEPT_FUNCTION(vswprintf); 1660 INTERCEPT_FUNCTION(swprintf); 1661 #endif 1662 INTERCEPT_FUNCTION(strftime); 1663 INTERCEPT_FUNCTION(strftime_l); 1664 MSAN_MAYBE_INTERCEPT___STRFTIME_L; 1665 INTERCEPT_FUNCTION(wcsftime); 1666 INTERCEPT_FUNCTION(wcsftime_l); 1667 MSAN_MAYBE_INTERCEPT___WCSFTIME_L; 1668 INTERCEPT_FUNCTION(mbtowc); 1669 INTERCEPT_FUNCTION(mbrtowc); 1670 INTERCEPT_FUNCTION(wcslen); 1671 INTERCEPT_FUNCTION(wcsnlen); 1672 INTERCEPT_FUNCTION(wcschr); 1673 INTERCEPT_FUNCTION(wcscpy); 1674 INTERCEPT_FUNCTION(wcsncpy); 1675 INTERCEPT_FUNCTION(wcscmp); 1676 INTERCEPT_FUNCTION(getenv); 1677 INTERCEPT_FUNCTION(setenv); 1678 INTERCEPT_FUNCTION(putenv); 1679 INTERCEPT_FUNCTION(gettimeofday); 1680 MSAN_MAYBE_INTERCEPT_FCVT; 1681 MSAN_MAYBE_INTERCEPT_FSTAT; 1682 MSAN_MAYBE_INTERCEPT___FXSTAT; 1683 MSAN_INTERCEPT_FSTATAT; 1684 MSAN_MAYBE_INTERCEPT___FXSTAT64; 1685 MSAN_MAYBE_INTERCEPT___FXSTATAT64; 1686 INTERCEPT_FUNCTION(pipe); 1687 INTERCEPT_FUNCTION(pipe2); 1688 INTERCEPT_FUNCTION(socketpair); 1689 MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED; 1690 INTERCEPT_FUNCTION(getrlimit); 1691 MSAN_MAYBE_INTERCEPT___GETRLIMIT; 1692 MSAN_MAYBE_INTERCEPT_GETRLIMIT64; 1693 MSAN_MAYBE_INTERCEPT_PRLIMIT; 1694 MSAN_MAYBE_INTERCEPT_PRLIMIT64; 1695 MSAN_INTERCEPT_UNAME; 1696 INTERCEPT_FUNCTION(gethostname); 1697 MSAN_MAYBE_INTERCEPT_EPOLL_WAIT; 1698 MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT; 1699 INTERCEPT_FUNCTION(dladdr); 1700 INTERCEPT_FUNCTION(dlerror); 1701 INTERCEPT_FUNCTION(dl_iterate_phdr); 1702 INTERCEPT_FUNCTION(getrusage); 1703 #if defined(__mips__) 1704 INTERCEPT_FUNCTION_VER(pthread_create, "GLIBC_2.2"); 1705 #else 1706 INTERCEPT_FUNCTION(pthread_create); 1707 #endif 1708 INTERCEPT_FUNCTION(pthread_key_create); 1709 1710 #if SANITIZER_NETBSD 1711 INTERCEPT_FUNCTION(__libc_thr_keycreate); 1712 #endif 1713 1714 INTERCEPT_FUNCTION(pthread_join); 1715 INTERCEPT_FUNCTION(tzset); 1716 INTERCEPT_FUNCTION(atexit); 1717 INTERCEPT_FUNCTION(__cxa_atexit); 1718 INTERCEPT_FUNCTION(shmat); 1719 INTERCEPT_FUNCTION(fork); 1720 MSAN_MAYBE_INTERCEPT_OPENPTY; 1721 MSAN_MAYBE_INTERCEPT_FORKPTY; 1722 1723 inited = 1; 1724 } 1725 } // namespace __msan 1726