This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify at the same time.


On Wed, Oct 5, 2016 at 9:06 AM, Zack Weinberg <zackw@panix.com> wrote:
> On Mon, Sep 5, 2016 at 1:27 PM, Maxim Ostapenko <m.ostapenko@samsung.com> wrote:
>> When fortify is used with MSan it will cause MSan false positives.
>
> I feel like this discussion has gone way into the weeds.  Your
> original problem report ...
>
>> #include <stdio.h>
>> #include <string.h>
>> int main()
>> {
>>         char text[100];
>>         sprintf(text, "hello");
>>         printf("%lu\n", strlen(text));
>> }
>>
>> % clang test.c -fsanitize=memory   -O3 && ./a.out
>> 5
>> % clang test.c -fsanitize=memory -D_FORTIFY_SOURCE=2  -O3 && ./a.out
>> Uninitialized bytes in __interceptor_strlen at offset 0 inside
>> [0x7ffe259e4d20, 6)
>> ==26297==WARNING: MemorySanitizer: use-of-uninitialized-value
>>     #0 0x4869cc in main
>
> ... appears to me to be a plain old bug.  Either the fortify shims are
> actually using an uninitialized value, in which case they should be
> fixed, or MSan has misunderstood the code generated in _FORTIFY_SOURCE
> mode, in which case MSan should be fixed.
>
> You understand what is going on better than anyone else here, I think
> - can you please write up a detailed description of exactly why this
> goes wrong?

* fortify replaces sprintf with sprintf_chk
* msan does not know about sprintf_chk
* sprintf_chk initializes 'text' but msan does not know that
* in strlen(text) msan thinks that 'text' has uninitialized bits.


>
> zw


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]