This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: fortification and valgrind/memcheck (Was: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify@the same time)

From: Mark Wielaard <mjw at redhat dot com>
To: Florian Weimer <fweimer at redhat dot com>
Cc: libc-alpha at sourceware dot org
Date: Wed, 05 Oct 2016 14:02:10 +0200
Subject: Re: fortification and valgrind/memcheck (Was: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify@the same time)
Authentication-results: sourceware.org; auth=none
References: <20160929100429.GQ7282@tucnak.redhat.com> <CAJOtW+5gnekVLcnUCrHWjYL1agspyZ-v_kOgEp8kyCrviGADJw@mail.gmail.com> <20160929104408.GR7282@tucnak.redhat.com> <CA+=Sn1mj83AL=XKinTbJDwOEEVReVFWTsbprKuVVMbsu=OdA7w@mail.gmail.com> <CAN=P9pjzpygMJKjUDtkKxRn4+4BDG_wJ3qbQhehSJa5UenV6gA@mail.gmail.com> <87fuofp4sq.fsf@mid.deneb.enyo.de> <20161002093953.GS7282@tucnak.redhat.com> <8760pbnl1m.fsf@mid.deneb.enyo.de> <CAJOtW+4zPuy3n7deKWGvtAs9PL1rmEua8GMG_3zW57GG6tZNSA@mail.gmail.com> <CAN=P9piFwKNNK88BbEMMT6H8S1SndzuKqK4XJVHQVA-4A3MK=g@mail.gmail.com> <20161004064623.GG7282@tucnak.redhat.com> <1475583338.21750.26.camel@redhat.com> <cb76ae33-01ee-2ced-68da-fccf8893eeec@redhat.com>

On Wed, 2016-10-05 at 13:49 +0200, Florian Weimer wrote:
> On 10/04/2016 02:15 PM, Mark Wielaard wrote:
> > My proposal was to extend __chk_fail (or introduce a new __chk_fail_addr
> > function) that provides the address that would have been accessed. Then
> > valgrind just intercepts __chk_fail and uses that address to provide
> > some additional information.
> 
> There many different reasons why __chk_fail might be called.  For 
> example, you get a fortify failure if you call snprintf with a buffer 
> size that is larger than what is inferred by the compiler.  This happens 
> even if the actual written value fits within the shorter space.  So you 
> have a fortify failure without any invalid memory accesses.

Right. And this is where I think valgrind can augment the fortification
check if given the address. You don't want to rely on valgrind/memcheck
noticing an invalid access, because in such cases it might not actually
be. You would call __chk_fail_addr (s + slen) and valgrind can tell you
where the block associated with that pointer came from (backtrace),
whether it was recently freed, how far inside/beyond an existing block
it is, etc.

Cheers,

Mark

References:
- Re: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify at the same time.
  - From: Florian Weimer
- Re: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify at the same time.
  - From: Jakub Jelinek
- Re: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify at the same time.
  - From: Florian Weimer
- Re: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify at the same time.
  - From: Yuri Gribov
- Re: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify at the same time.
  - From: Kostya Serebryany
- Re: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify at the same time.
  - From: Jakub Jelinek
- fortification and valgrind/memcheck (Was: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify@the same time)
  - From: Mark Wielaard
- Re: fortification and valgrind/memcheck (Was: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify@the same time)
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]