[ASAN] Add interceptor for __longjmp_chk

Summary:
glibc on Linux calls __longjmp_chk instead of longjmp (or _longjmp) when
_FORTIFY_SOURCE is defined. Ensure that an ASAN-instrumented program
intercepts this function when a system library calls it, otherwise the
stack might remain poisoned and result in CHECK failures and false
positives.

Fixes https://github.com/google/sanitizers/issues/721

Reviewed By: eugenis

Differential Revision: https://reviews.llvm.org/D32408

llvm-svn: 302152

diff --git a/compiler-rt/lib/asan/asan_interceptors.cc b/compiler-rt/lib/asan/asan_interceptors.cc
index 905dd2e238709e7b2197f85fb7d6c56f6e06500d..c6969c979a59e1a5b7ea4ae3b2bc65066e21a1c0 100644 (file)
--- a/compiler-rt/lib/asan/asan_interceptors.cc
+++ b/compiler-rt/lib/asan/asan_interceptors.cc
@@ -443,6 +443,13 @@ INTERCEPTOR(void, _longjmp, void *env, int val) {
 }
 #endif
 
+#if ASAN_INTERCEPT___LONGJMP_CHK
+INTERCEPTOR(void, __longjmp_chk, void *env, int val) {
+  __asan_handle_no_return();
+  REAL(__longjmp_chk)(env, val);
+}
+#endif
+
 #if ASAN_INTERCEPT_SIGLONGJMP
 INTERCEPTOR(void, siglongjmp, void *env, int val) {
   __asan_handle_no_return();
@@ -758,6 +765,9 @@ void InitializeAsanInterceptors() {
 #if ASAN_INTERCEPT__LONGJMP
   ASAN_INTERCEPT_FUNC(_longjmp);
 #endif
+#if ASAN_INTERCEPT___LONGJMP_CHK
+  ASAN_INTERCEPT_FUNC(__longjmp_chk);
+#endif
 #if ASAN_INTERCEPT_SIGLONGJMP
   ASAN_INTERCEPT_FUNC(siglongjmp);
 #endif

diff --git a/compiler-rt/lib/asan/asan_interceptors.h b/compiler-rt/lib/asan/asan_interceptors.h
index d747c31a5d0fb91ec49a07410b1c791834d8aa17..93fca4f67366bf7d645eb6399b0cc1640337b26c 100644 (file)
--- a/compiler-rt/lib/asan/asan_interceptors.h
+++ b/compiler-rt/lib/asan/asan_interceptors.h
@@ -58,6 +58,12 @@
 # define ASAN_INTERCEPT_SIGLONGJMP 0
 #endif
 
+#if SANITIZER_LINUX && !SANITIZER_ANDROID
+# define ASAN_INTERCEPT___LONGJMP_CHK 1
+#else
+# define ASAN_INTERCEPT___LONGJMP_CHK 0
+#endif
+
 // Android bug: https://code.google.com/p/android/issues/detail?id=61799
 #if ASAN_HAS_EXCEPTIONS && !SANITIZER_WINDOWS && \
     !(SANITIZER_ANDROID && defined(__i386))

diff --git a/compiler-rt/test/asan/TestCases/Linux/longjmp_chk.c b/compiler-rt/test/asan/TestCases/Linux/longjmp_chk.c
new file mode 100644 (file)
index 0000000..99a4a16
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Linux/longjmp_chk.c
@@ -0,0 +1,51 @@
+// Verify that use of longjmp() in a _FORTIFY_SOURCE'd library (without ASAN)
+// is correctly intercepted such that the stack is unpoisoned.
+// Note: it is essential that the external library is not built with ASAN,
+// otherwise it would be able to unpoison the stack before use.
+//
+// RUN: %clang -DIS_LIBRARY -D_FORTIFY_SOURCE=2 -O2 %s -c -o %t.o
+// RUN: %clang_asan -O2 %s %t.o -o %t
+// RUN: %run %t
+
+#ifdef IS_LIBRARY
+/* the library */
+#include <setjmp.h>
+#include <assert.h>
+#include <sanitizer/asan_interface.h>
+
+static jmp_buf jenv;
+
+void external_callme(void (*callback)(void)) {
+  if (setjmp(jenv) == 0) {
+    callback();
+  }
+}
+
+void external_longjmp(char *msg) {
+  longjmp(jenv, 1);
+}
+
+void external_check_stack(void) {
+  char buf[256] = "";
+  for (int i = 0; i < 256; i++) {
+    assert(!__asan_address_is_poisoned(buf + i));
+  }
+}
+#else
+/* main program */
+extern void external_callme(void (*callback)(void));
+extern void external_longjmp(char *msg);
+extern void external_check_stack(void);
+
+static void callback(void) {
+  char msg[16];   /* Note: this triggers addition of a redzone. */
+  /* Note: msg is passed to prevent compiler optimization from removing it. */
+  external_longjmp(msg);
+}
+
+int main() {
+  external_callme(callback);
+  external_check_stack();
+  return 0;
+}
+#endif