Fix DataFlowSanitizer implementation of strchr() so that strchr(..., '\0') returns...

Summary:

Fixes https://bugs.llvm.org/show_bug.cgi?id=22392

Reviewers: pcc, morehouse

Reviewed By: morehouse

Subscribers: morehouse, #sanitizers

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D77996

diff --git a/compiler-rt/lib/dfsan/dfsan_custom.cpp b/compiler-rt/lib/dfsan/dfsan_custom.cpp
index 84f0271..78790a8 100644 (file)
--- a/compiler-rt/lib/dfsan/dfsan_custom.cpp
+++ b/compiler-rt/lib/dfsan/dfsan_custom.cpp
@@ -84,7 +84,13 @@ SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strchr(const char *s, int c,
         *ret_label = dfsan_union(dfsan_read_label(s, i + 1),
                                  dfsan_union(s_label, c_label));
       }
-      return s[i] == 0 ? nullptr : const_cast<char *>(s+i);
+
+      // If s[i] is the \0 at the end of the string, and \0 is not the
+      // character we are searching for, then return null.
+      if (s[i] == 0 && c != 0) {
+        return nullptr;
+      }
+      return const_cast<char *>(s + i);
     }
   }
 }

diff --git a/compiler-rt/test/dfsan/custom.cpp b/compiler-rt/test/dfsan/custom.cpp
index 71422f7..96c897a 100644 (file)
--- a/compiler-rt/test/dfsan/custom.cpp
+++ b/compiler-rt/test/dfsan/custom.cpp
@@ -250,6 +250,17 @@ void test_strchr() {
 #else
   ASSERT_LABEL(crv, i_label);
 #endif
+
+  // `man strchr` says:
+  // The terminating null byte is considered part of the string, so that if c
+  // is specified as '\0', these functions return a pointer to the terminator.
+  crv = strchr(str1, '\0');
+  assert(crv == &str1[4]);
+#ifdef STRICT_DATA_DEPENDENCIES
+  ASSERT_ZERO_LABEL(crv);
+#else
+  ASSERT_LABEL(crv, i_label);
+#endif
 }
 
 void test_calloc() {