search

gopalshankar / address-sanitizer

Automatically exported from code.google.com/p/address-sanitizer
0 stars 0 forks source link

Support source fortification #247

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Right now we disable source fortification by defining _FORTIFY_SOURCE=0
This may hide a number of bugs that could otherwise be detected by various _chk 
functions (__printf_chk, __strcpy_chk etc.)
A better approach would be to wrap all the _chk functions and let the users 
enable source fortification.

A suggestion from Jakub Jelinek:

>Well, -D_FORTIFY_SOURCE=2 does things that asan doesn't and can't do, so
>disabling fortification if you build with -fsanitize=address sounds like 
>a very bad idea to me.
>IMHO libasan should intercept also the __*_chk calls, test + branch to 
>__chk_fail if they should fail, otherwise fall through to the 
>intercepted original function.
>For *printf* family __printf_chk etc. also fail on %n if it isn't in 
>read-only string literal.

Original issue reported on code.google.com by ramosian.glider@gmail.com on 22 Nov 2013 at 1:48

GoogleCodeExporter commented 9 years ago 
(see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148)

Original comment by ramosian.glider@gmail.com on 22 Nov 2013 at 2:39

GoogleCodeExporter commented 9 years ago 
See also http://llvm.org/bugs/show_bug.cgi?id=18775,
where clang does not support -D_FORTIFY_SOURCE=2

Original comment by konstant...@gmail.com on 11 Feb 2014 at 11:01

GoogleCodeExporter commented 9 years ago 
I think this is becoming more important now that Ubuntu enabled 
-D_FORTIFY_SOURCE=2 by default. Note that there is not easy way to disable it - 
passing -D_FORTIFY_SOURCE=0 when -fsanitize=address is active would cause ugly 
warnings about macro redefinition.

Original comment by tetra20...@gmail.com on 14 Jan 2015 at 11:22

GoogleCodeExporter commented 9 years ago 
Tizen enables -D_FORTIFY_SOURCE by default as well. Looks like this feature has 
become very popular...

Original comment by tetra20...@gmail.com on 26 Jan 2015 at 9:44

GoogleCodeExporter commented 9 years ago 
Does it mean that these bugs are out-of-date and clang now supports 
FORTIFY_SOURCE?
http://llvm.org/bugs/show_bug.cgi?id=18775
http://llvm.org/bugs/show_bug.cgi?id=16821

I guess we should support it then.

Original comment by euge...@google.com on 26 Jan 2015 at 10:15

GoogleCodeExporter commented 9 years ago 
> Does it mean that these bugs are out-of-date
> and clang now supports FORTIFY_SOURCE?

I'm not sure - all my targets use GCC. Simple examples seem to work with TOT 
Clang though.

Will you accept libasan patch with fortified interceptors or should we wait 
until fortification is stable in Clang?

Original comment by tetra20...@gmail.com on 26 Jan 2015 at 10:49

GoogleCodeExporter commented 9 years ago 
Sure, I don't see any harm in it.

Original comment by euge...@google.com on 26 Jan 2015 at 11:52