search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
28.01k stars 11.57k forks source link

MSan: memory sanitizer reports a false positive? with fts code #17641

Open llvmbot opened 11 years ago

llvmbot commented 11 years ago
Bugzilla Link 17267
Version unspecified
OS Linux
Reporter LLVM Bugzilla Contributor
CC @eugenis,@myxoid,@vitalybuka

Extended Description

Hi. I get this problem when executing this code: https://raw.github.com/rheit/zdoom/master/tools/zipdir/zipdir.c compiled with memory sanitizer:

==30138== WARNING: MemorySanitizer: use-of-uninitialized-value

​0 0x7fdae305ab93 in add_dirs /home/edward-san/zdoom/trunk/tools/zipdir/zipdir.c:609

#​1 0x7fdae3079227 in main /home/edward-san/zdoom/trunk/tools/zipdir/zipdir.c:1623
#​2 0x7fdae1dbcea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
#​3 0x7fdae3057d7c in _start (/home/edward-san/zdoom/trunk/debug_san/tools/zipdir/zipdir+0x69d7c)

Uninitialized value was created by a heap allocation

​0 0x7fdae3026a83 in __interceptor_malloc /home/edward-san/srcllvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:836

#​1 0x7fdae1e8a56f in fts_alloc /build/buildd/eglibc-2.17/io/fts.c:990
#​2 0x7fdae1e8a56f in fts_open /build/buildd/eglibc-2.17/io/fts.c:143

SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/edward-san/zdoom/trunk/tools/zipdir/zipdir.c:609 add_dirs Exiting

I reduced the code to this:

$ cat fts_read_bug.c

include

int main() { char const argv[] = {"/usr/local/include", 0}; FTS fts; FTSENT *ent;

fts = fts_open(argv, FTS_LOGICAL, 0);

if (fts == 0)
    return -1;

ent = fts_read(fts);

if (ent != 0 &&
    ent->fts_info == FTS_D)
    return 1;

fts_close(fts);
return 0;

}

In this case, the message is: ==13273== WARNING: MemorySanitizer: use-of-uninitialized-value

​0 0x7f5b6f7899b5 in main /home/edward-san/llvm/fts_read_bug.c:16

#​1 0x7f5b6e916ea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
#​2 0x7f5b6f7893fc in _start (/home/edward-san/llvm/a.out+0x683fc)

Uninitialized value was created by a heap allocation

​0 0x7f5b6f758103 in __interceptor_malloc /home/edward-san/srcllvm/projects/compiler-rt/lib/msan/msan_interceptors.cc:836

#​1 0x7f5b6e9e456f in fts_alloc /build/buildd/eglibc-2.17/io/fts.c:990
#​2 0x7f5b6e9e456f in fts_open /build/buildd/eglibc-2.17/io/fts.c:143

SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/edward-san/llvm/fts_read_bug.c:16 main Exiting

I have no idea of why it happens.

eugenis commented 3 years ago

I see that we have an interceptor in sanitizer_common_interceptors.inc, but it's enabled for *BSD only, and it's also incomplete: to work with MSan, the interceptor would need to

  1. wrap the comparator function with COMMON_INTERCEPTOR_UNPOISON_PARAM (see scandir interceptor for an example)
  2. unpoison (COMMON_INTERCEPTOR_WRITE) all the string members of struct FTSENT.

This should be pretty straightforward to do.

a174c156-eb86-479f-a1ec-f3ad5c8dfd51 commented 3 years ago

We've had to disable certain tests due this.

We see the use-of-uninitialized-value issue with fts_read.

Would it be hard to set up a build and contribute an interceptor?

vitalybuka commented 6 years ago

Do we still want this fixed?

eugenis commented 11 years ago

Only those that write memory that can be accessed by the caller. Looks like we need to intercept fts_read and fts_children, and unpoison the resulting FTSENT object (list of FTSENT-s in the second case).

llvmbot commented 11 years ago

do you also mean the other functions in fts.h, like:

FTSENT fts_children (FTS , int); int fts_close (FTS ); FTS fts_open (char const , int, int ()(const FTSENT , const FTSENT )); FTSENT fts_read (FTS ); int fts_set (FTS , FTSENT *, int) __THROW;

?

eugenis commented 11 years ago

We miss an interceptor for fts_read.

llvmbot commented 11 years ago

assigned to @eugenis

pmqs commented 9 months ago

I'm seeing this error on Ubuntu 23.10

clang details are

$ clang-17 -v
Ubuntu clang version 17.0.2 (1~exp1ubuntu2.1)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/10
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/11
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/12
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/13
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/9
Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/13
Candidate multilib: .;@m64
Selected multilib: .;@m64

Test file is /tmp/fts_read_bug.c

#include <fts.h>
#include <stdio.h>

int main()
{
    char * const argv[] = {"/usr/local/include", 0};
    FTS *fts;
    FTSENT *ent;

    fts = fts_open(argv, FTS_LOGICAL, 0);

    if (fts == 0)
        return -1;

    ent = fts_read(fts);

    printf("fts_info is %u\n", ent->fts_info);

   fts_close(fts);
    return 0;
}

Building & running

$ clang-17 /tmp/fts_read_bug.c -g  -fsanitize=memory -fno-omit-frame-pointer -o /tmp/f && /tmp/f
==851821==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x5592ece7ef05 in main /tmp/fts_read_bug.c:17:5
    #1 0x7fc1ff2280cf in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #2 0x7fc1ff228188 in __libc_start_main csu/../csu/libc-start.c:360:3
    #3 0x5592ecdee2c4 in _start (/tmp/f+0x322c4) (BuildId: f312355cb2652b1390b3e71fe955ebbfa0545bca)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /tmp/fts_read_bug.c:17:5 in main
Exiting
pmqs commented 1 month ago

Issue is still present with Ubuntu 24.04 + clang 18

$ clang-18  -v
Ubuntu clang version 18.1.3 (1)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/13
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/14
Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/14
Candidate multilib: .;@m64
Selected multilib: .;@m64