From: Sam Kerner Date: Wed, 15 Apr 2020 20:07:28 +0000 (-0700) Subject: Fix DataFlowSanitizer implementation of strchr() so that strchr(..., '\0') returns... X-Git-Tag: llvmorg-12-init~8917 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=10070e31a55c26d8cf990a5a5d6b09b8f413f433;p=platform%2Fupstream%2Fllvm.git Fix DataFlowSanitizer implementation of strchr() so that strchr(..., '\0') returns a pointer to '\0'. Summary: Fixes https://bugs.llvm.org/show_bug.cgi?id=22392 Reviewers: pcc, morehouse Reviewed By: morehouse Subscribers: morehouse, #sanitizers Tags: #sanitizers Differential Revision: https://reviews.llvm.org/D77996 --- diff --git a/compiler-rt/lib/dfsan/dfsan_custom.cpp b/compiler-rt/lib/dfsan/dfsan_custom.cpp index 84f0271..78790a8 100644 --- a/compiler-rt/lib/dfsan/dfsan_custom.cpp +++ b/compiler-rt/lib/dfsan/dfsan_custom.cpp @@ -84,7 +84,13 @@ SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strchr(const char *s, int c, *ret_label = dfsan_union(dfsan_read_label(s, i + 1), dfsan_union(s_label, c_label)); } - return s[i] == 0 ? nullptr : const_cast(s+i); + + // If s[i] is the \0 at the end of the string, and \0 is not the + // character we are searching for, then return null. + if (s[i] == 0 && c != 0) { + return nullptr; + } + return const_cast(s + i); } } } diff --git a/compiler-rt/test/dfsan/custom.cpp b/compiler-rt/test/dfsan/custom.cpp index 71422f7..96c897a 100644 --- a/compiler-rt/test/dfsan/custom.cpp +++ b/compiler-rt/test/dfsan/custom.cpp @@ -250,6 +250,17 @@ void test_strchr() { #else ASSERT_LABEL(crv, i_label); #endif + + // `man strchr` says: + // The terminating null byte is considered part of the string, so that if c + // is specified as '\0', these functions return a pointer to the terminator. + crv = strchr(str1, '\0'); + assert(crv == &str1[4]); +#ifdef STRICT_DATA_DEPENDENCIES + ASSERT_ZERO_LABEL(crv); +#else + ASSERT_LABEL(crv, i_label); +#endif } void test_calloc() {