thr3ads.net - llvm dev - [llvm-dev] dataflow sanitizer does not track the label of the data obtained through va

If this information is useful, please help other people find it:
Share via:

bird song via llvm-dev

2020-Oct-23 06:30 UTC

[llvm-dev] dataflow sanitizer does not track the label of the data obtained through va_arg

Example:
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <sanitizer/dfsan_interface.h>

dfsan_label global_labels[2048];

int test1(const char *format, int data)
{
    printf("label1:%hu\n", dfsan_get_label(data));
    printf(format, data);
    return 0;
}

int test2(const char *format, ...)
{
    va_list ap;
    int data;
    va_start(ap, format);
    data = va_arg(ap, int);
    printf("label2:%hu\n", dfsan_get_label(data));
    printf(format, data);
    va_end(ap);
    return 0;
}

int main(int argc, char **argv)
{
    char buf[0x20] = {0};
    *(int *)buf = 0x41414141;

    char tmp[16] = {0};
    for (size_t i = 0; i < sizeof(buf); i++)
    {
        snprintf(tmp, sizeof(tmp), "%zu", i);
        global_labels[i] = dfsan_create_label(tmp, NULL);
    }

    for (size_t i = 0; i < sizeof(buf); i++)
    {
        dfsan_set_label(global_labels[i], buf + i, 1);
    }

    int data = *(int *)buf;

    printf("label0:%hu\n", dfsan_get_label(data));

    test1("test1 %x\n", data);
    test2("test2 %x\n", data);
}

$ clang -fsanitize=dataflow test.cc
$ ./a.out
label0:35
label1:35
test1 41414141
label2:0
test2 41414141

The data in the test2 function does not get the label.

llvm dev - Oct 2020 - dataflow sanitizer does not track the label of the data obtained through va_arg

[llvm-dev] dataflow sanitizer does not track the label of the data obtained through va_arg