ASAN: interceptors for fgets, fputs and puts

[Lekensteyn]

The following program contains a use-after-free, but this is currently not detected by ASAN:

#include <string.h>
#include <stdio.h>
#include <stdlib.h>

int main() {
    char *s = strdup("food");
    free(s);
    puts(s);
}

fread/fwrite were handled in #793. Would it be worth adding interceptors for fgets, fputs and puts as well? glibc 2.27 also seems to have a fortified __fgets_chk that could potentially be intercepted as well.

[Lekensteyn]

Fixed in https://reviews.llvm.org/D46545 and r334670 ("[ASAN] Fix fputs interception for 32-bit macOS").

The android test is still skipped due to fopen failing for some reason (could it be related to other errors in #316?). Original failure http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-android/builds/11563 (unchecked fopen result), with assertions added there is http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-android/builds/11600

FAIL: AddressSanitizer-aarch64-android :: TestCases/Posix/fgets_fputs.cc (126 of 1137)
******************** TEST 'AddressSanitizer-aarch64-android :: TestCases/Posix/fgets_fputs.cc' FAILED ********************
Script:
--
: 'RUN: at line 1';     /var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm/projects/compiler-rt/test/sanitizer_common/android_commands/android_compile.py  /var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm_build64/bin/clang  --driver-mode=g++ -fsanitize=address -mno-omit-leaf-frame-pointer -fno-omit-frame-pointer -fno-optimize-sibling-calls -gline-tables-only  --target=aarch64-linux-android --sysroot=/var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/android_ndk/standalone-aarch64/sysroot -B/var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/android_ndk/standalone-aarch64 -pie -fuse-ld=gold -Wl,--enable-new-dtags  -shared-libasan -g /var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm/projects/compiler-rt/test/asan/TestCases/Posix/fgets_fputs.cc -o /var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/compiler_rt_build_android_aarch64/test/asan/AARCH64AndroidConfig/TestCases/Posix/Output/fgets_fputs.cc.tmp
: 'RUN: at line 2';   echo data > /var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/compiler_rt_build_android_aarch64/test/asan/AARCH64AndroidConfig/TestCases/Posix/Output/fgets_fputs.cc.tmp-testdata
: 'RUN: at line 3';   not  /var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/compiler_rt_build_android_aarch64/test/asan/AARCH64AndroidConfig/TestCases/Posix/Output/fgets_fputs.cc.tmp 1 /var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/compiler_rt_build_android_aarch64/test/asan/AARCH64AndroidConfig/TestCases/Posix/Output/fgets_fputs.cc.tmp-testdata 2>&1 | FileCheck /var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm/projects/compiler-rt/test/asan/TestCases/Posix/fgets_fputs.cc --check-prefix=CHECK-FGETS
: 'RUN: at line 4';   not  /var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/compiler_rt_build_android_aarch64/test/asan/AARCH64AndroidConfig/TestCases/Posix/Output/fgets_fputs.cc.tmp 2 2>&1 | FileCheck /var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm/projects/compiler-rt/test/asan/TestCases/Posix/fgets_fputs.cc --check-prefix=CHECK-FPUTS
: 'RUN: at line 5';   not  /var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/compiler_rt_build_android_aarch64/test/asan/AARCH64AndroidConfig/TestCases/Posix/Output/fgets_fputs.cc.tmp 3 2>&1 | FileCheck /var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm/projects/compiler-rt/test/asan/TestCases/Posix/fgets_fputs.cc --check-prefix=CHECK-PUTS
--
Exit Code: 1

Command Output (stderr):
--
/var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm/projects/compiler-rt/test/asan/TestCases/
Posix/fgets_fputs.cc:51:17: error: expected string not found in input
// CHECK-FGETS: {{.*ERROR: AddressSanitizer: stack-buffer-overflow}}
                ^
<stdin>:1:1: note: scanning from here
/var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm/projects/compiler-rt/test/asan/TestCases/
Posix/fgets_fputs.cc:15: int test_fgets(const char *): assertion "fp" failed
^
<stdin>:1:3: note: possible intended match here
/var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm/projects/compiler-rt/test/asan/TestCases/
Posix/fgets_fputs.cc:15: int test_fgets(const char *): assertion "fp" failed
  ^

[Lekensteyn]

@vitalybuka It looks like you are the admin for sanitizer-buildbot6, do you think you can get more information about why the fgets_fputs test fails? I was still not able to reproduce the issue locally.

Otherwise, can I push a patch that removes XFAIL: android and precedes the assert(fp) with perror("fopen"); printf("fopen(%s) = %p\n", testfile, fp);? (Is this appropriate in LLVM development?)

[vitalybuka]

I can try tomorrow.

…

On Thu, Jun 14, 2018 at 2:18 PM Peter Wu ***@***.***> wrote: @vitalybuka <https://github.com/vitalybuka> It looks like you are the admin for sanitizer-buildbot6, do you think you can get more information about why the fgets_fputs test fails? I was still not able to reproduce the issue locally. Otherwise, can I push a patch that removes XFAIL: android and precedes the assert(fp) with perror("fopen"); printf("fopen(%s) = %p\n", testfile, fp);? (Is this appropriate in LLVM development?) — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#952 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABdeF5Z5ZLXYSKhzoEZnx6PqUxPLuKmUks5t8tMxgaJpZM4T1WJC> .

[Lekensteyn]

@vitalybuka Good to know about this peculiarity of %run. Also, the test relies on the first two bytes being non-\0 which should work for ELF and Mach-O binaries.

Is it possible to create files on the device directly? I think that this issue is also the reason why test/asan/TestCases/Linux/activation-options.cc fails on Android.

[vitalybuka]

I don't see direct ways now. https://github.com/llvm-project/llvm-project-20170507/tree/master/compiler-rt/test/sanitizer_common/android_commands should be expended for that.

@eugenis Did I miss something?