1 //===-- asan_interceptors_memintrinsics.h -----------------------*- C++ -*-===// 2 // 3 // This file is distributed under the University of Illinois Open Source 4 // License. See LICENSE.TXT for details. 5 // 6 //===---------------------------------------------------------------------===// 7 // 8 // This file is a part of AddressSanitizer, an address sanity checker. 9 // 10 // ASan-private header for asan_memintrin.cc 11 //===---------------------------------------------------------------------===// 12 #ifndef ASAN_MEMINTRIN_H 13 #define ASAN_MEMINTRIN_H 14 15 #include "asan_interface_internal.h" 16 #include "asan_internal.h" 17 #include "asan_mapping.h" 18 #include "interception/interception.h" 19 20 DECLARE_REAL(void*, memcpy, void *to, const void *from, uptr size) 21 DECLARE_REAL(void*, memset, void *block, int c, uptr size) 22 23 namespace __asan { 24 25 // Return true if we can quickly decide that the region is unpoisoned. 26 // We assume that a redzone is at least 16 bytes. 27 static inline bool QuickCheckForUnpoisonedRegion(uptr beg, uptr size) { 28 if (size == 0) return true; 29 if (size <= 32) 30 return !AddressIsPoisoned(beg) && 31 !AddressIsPoisoned(beg + size - 1) && 32 !AddressIsPoisoned(beg + size / 2); 33 if (size <= 64) 34 return !AddressIsPoisoned(beg) && 35 !AddressIsPoisoned(beg + size / 4) && 36 !AddressIsPoisoned(beg + size - 1) && 37 !AddressIsPoisoned(beg + 3 * size / 4) && 38 !AddressIsPoisoned(beg + size / 2); 39 return false; 40 } 41 42 struct AsanInterceptorContext { 43 const char *interceptor_name; 44 }; 45 46 // We implement ACCESS_MEMORY_RANGE, ASAN_READ_RANGE, 47 // and ASAN_WRITE_RANGE as macro instead of function so 48 // that no extra frames are created, and stack trace contains 49 // relevant information only. 50 // We check all shadow bytes. 51 #define ACCESS_MEMORY_RANGE(ctx, offset, size, isWrite) do { \ 52 uptr __offset = (uptr)(offset); \ 53 uptr __size = (uptr)(size); \ 54 uptr __bad = 0; \ 55 if (__offset > __offset + __size) { \ 56 GET_STACK_TRACE_FATAL_HERE; \ 57 ReportStringFunctionSizeOverflow(__offset, __size, &stack); \ 58 } \ 59 if (!QuickCheckForUnpoisonedRegion(__offset, __size) && \ 60 (__bad = __asan_region_is_poisoned(__offset, __size))) { \ 61 AsanInterceptorContext *_ctx = (AsanInterceptorContext *)ctx; \ 62 bool suppressed = false; \ 63 if (_ctx) { \ 64 suppressed = IsInterceptorSuppressed(_ctx->interceptor_name); \ 65 if (!suppressed && HaveStackTraceBasedSuppressions()) { \ 66 GET_STACK_TRACE_FATAL_HERE; \ 67 suppressed = IsStackTraceSuppressed(&stack); \ 68 } \ 69 } \ 70 if (!suppressed) { \ 71 GET_CURRENT_PC_BP_SP; \ 72 ReportGenericError(pc, bp, sp, __bad, isWrite, __size, 0, false);\ 73 } \ 74 } \ 75 } while (0) 76 77 // memcpy is called during __asan_init() from the internals of printf(...). 78 // We do not treat memcpy with to==from as a bug. 79 // See http://llvm.org/bugs/show_bug.cgi?id=11763. 80 #define ASAN_MEMCPY_IMPL(ctx, to, from, size) \ 81 do { \ 82 if (UNLIKELY(!asan_inited)) return internal_memcpy(to, from, size); \ 83 if (asan_init_is_running) { \ 84 return REAL(memcpy)(to, from, size); \ 85 } \ 86 ENSURE_ASAN_INITED(); \ 87 if (flags()->replace_intrin) { \ 88 if (to != from) { \ 89 CHECK_RANGES_OVERLAP("memcpy", to, size, from, size); \ 90 } \ 91 ASAN_READ_RANGE(ctx, from, size); \ 92 ASAN_WRITE_RANGE(ctx, to, size); \ 93 } \ 94 return REAL(memcpy)(to, from, size); \ 95 } while (0) 96 97 // memset is called inside Printf. 98 #define ASAN_MEMSET_IMPL(ctx, block, c, size) \ 99 do { \ 100 if (UNLIKELY(!asan_inited)) return internal_memset(block, c, size); \ 101 if (asan_init_is_running) { \ 102 return REAL(memset)(block, c, size); \ 103 } \ 104 ENSURE_ASAN_INITED(); \ 105 if (flags()->replace_intrin) { \ 106 ASAN_WRITE_RANGE(ctx, block, size); \ 107 } \ 108 return REAL(memset)(block, c, size); \ 109 } while (0) 110 111 #define ASAN_MEMMOVE_IMPL(ctx, to, from, size) \ 112 do { \ 113 if (UNLIKELY(!asan_inited)) return internal_memmove(to, from, size); \ 114 ENSURE_ASAN_INITED(); \ 115 if (flags()->replace_intrin) { \ 116 ASAN_READ_RANGE(ctx, from, size); \ 117 ASAN_WRITE_RANGE(ctx, to, size); \ 118 } \ 119 return internal_memmove(to, from, size); \ 120 } while (0) 121 122 #define ASAN_READ_RANGE(ctx, offset, size) \ 123 ACCESS_MEMORY_RANGE(ctx, offset, size, false) 124 #define ASAN_WRITE_RANGE(ctx, offset, size) \ 125 ACCESS_MEMORY_RANGE(ctx, offset, size, true) 126 127 // Behavior of functions like "memcpy" or "strcpy" is undefined 128 // if memory intervals overlap. We report error in this case. 129 // Macro is used to avoid creation of new frames. 130 static inline bool RangesOverlap(const char *offset1, uptr length1, 131 const char *offset2, uptr length2) { 132 return !((offset1 + length1 <= offset2) || (offset2 + length2 <= offset1)); 133 } 134 #define CHECK_RANGES_OVERLAP(name, _offset1, length1, _offset2, length2) \ 135 do { \ 136 const char *offset1 = (const char *)_offset1; \ 137 const char *offset2 = (const char *)_offset2; \ 138 if (RangesOverlap(offset1, length1, offset2, length2)) { \ 139 GET_STACK_TRACE_FATAL_HERE; \ 140 bool suppressed = IsInterceptorSuppressed(name); \ 141 if (!suppressed && HaveStackTraceBasedSuppressions()) { \ 142 suppressed = IsStackTraceSuppressed(&stack); \ 143 } \ 144 if (!suppressed) { \ 145 ReportStringFunctionMemoryRangesOverlap(name, offset1, length1, \ 146 offset2, length2, &stack); \ 147 } \ 148 } \ 149 } while (0) 150 151 } // namespace __asan 152 153 #endif // ASAN_MEMINTRIN_H 154