search

ramosian-glider / sanitizers

0 stars 0 forks source link

asan should intercept printf family of functions and report unaddressable accesses to params #109

Closed ramosian-glider closed 9 years ago

ramosian-glider commented 9 years ago

Originally reported on Google Code with ID 108

Subj. 
Not sure how to implement it w/o duplicating most of the printf parsing machinery.
:(

Reported by konstantin.s.serebryany on 2012-09-10 06:54:57

ramosian-glider commented 9 years ago 
We now have a complete scanf() parser in sanitizer_common.
Should be possible to reuse part of that code for printf.

Reported by eugenis@google.com on 2013-03-28 08:41:46

ramosian-glider commented 9 years ago 
While studying the scanf interceptor implementation I noticed ASan doesn't intercept
wide-character methods, such as:

- vwscanf
- vswscanf
- vfwscanf
- wscanf
- fwscanf
- swscanf

Did I miss something or is this perhaps on purpose?

Kamil

Reported by kjiwa@google.com on 2013-04-12 18:09:29

ramosian-glider commented 9 years ago 
+eugenis

No, I think they are just not implemented.

Reported by samsonov@google.com on 2013-04-14 12:51:26

ramosian-glider commented 9 years ago 
Heh. Someone even wrote a blog post about asan's lack of printf interceptor. 
https://techtalk.intersec.com/2013/12/memory-part-5-debugging-tools/

Reported by konstantin.s.serebryany on 2013-12-14 18:43:54

ramosian-glider commented 9 years ago 
> While studying the scanf interceptor implementation
> I noticed ASan doesn't intercept wide-character methods, such as:

And even wcscpy, wcscmp, etc.

BTW does anyone plan to work on printf interceptors in near future? I could give it
a try.

Reported by tetra2005 on 2013-12-16 05:17:39

ramosian-glider commented 9 years ago 
>> BTW does anyone plan to work on printf interceptors in near future?
Not that I know of. Contributions are welcome! :)

Reported by konstantin.s.serebryany on 2013-12-16 05:19:30

ramosian-glider commented 9 years ago 
Cool, I'll cook something in couple of days.

Reported by tetra2005 on 2013-12-17 04:44:24

ramosian-glider commented 9 years ago 
http://llvm.org/viewvc/llvm-project?rev=199729&view=rev brings in the implementation.
For now it is hidden under the flag check_printf (off by default)

Reported by konstantin.s.serebryany on 2014-01-22 14:10:32

ramosian-glider commented 9 years ago 
Do we also care about wprintf?

Reported by konstantin.s.serebryany on 2014-02-10 11:33:19

ramosian-glider commented 9 years ago 
I'd ask a more general question: do we care about wide characters at all? This includes
wprintf, wcscpy, etc.

Reported by tetra2005 on 2014-02-10 12:57:51

ramosian-glider commented 9 years ago 
So far we've been adding w* interceptors lazily to support msan on the software we cared
about. (e.g. we already have wcslen, mbstowcs and a few others)
I wish we could come up with some better idea for catching bugs in those functions

other than writing 100500 interceptors. 
Maybe rebuild part of libc with instrumentation? 
Ahh. Let's keep this bug about regular printf only.

Reported by konstantin.s.serebryany on 2014-02-10 13:07:12

ramosian-glider commented 9 years ago 
http://llvm.org/viewvc/llvm-project?view=revision&revision=206872 enables check_printf
for asan and tsan. 

While there are many more related functions worth intercepting, I declare this bug
fixed. Our next step (and a long time desire) is to instrument glibc (or whatever other
libc) instead of relying on interceptors. 

Yuri, thanks for your work on this!

Reported by konstantin.s.serebryany on 2014-04-22 09:28:00

ramosian-glider commented 9 years ago 
Yeah, that's a nice feature.

> I wish we could come up with some better idea for catching bugs
> in those functions other than writing 100500 interceptors.

Perhaps autogenerate them with a script?

Reported by tetra2005 on 2014-04-22 10:58:16

ramosian-glider commented 9 years ago 
Adding Project:AddressSanitizer as part of GitHub migration.

Reported by ramosian.glider on 2015-07-30 09:13:00