caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a6714922d100fc9ca90cfc4dc4bb0df875206197
clang-p2996/compiler-rt/test/scudo/secondary.cpp
Kostya Kortchinsky 3beafffcca [scudo] Modify Scudo to use its own Secondary Allocator 
Summary:
The Sanitizer Secondary Allocator was not entirely ideal was Scudo for several
reasons: decent amount of unneeded code, redundant checks already performed by
the front end, unneeded data structures, difficulty to properly protect the
secondary chunks header.

Given that the second allocator is pretty straight forward, Scudo will use its
own, trimming all the unneeded code off of the Sanitizer one. A significant
difference in terms of security is that now each secondary chunk is preceded
and followed by a guard page, thus mitigating overflows into and from the
chunk.

A test was added as well to illustrate the overflow & underflow situations
into the guard pages.

Reviewers: kcc

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D24737

llvm-svn: 281938
2016-09-19 21:11:55 +00:00

55 lines
1.4 KiB
C++
Raw Blame History

// RUN: %clang_scudo %s -o %t
// RUN: %run %t after 2>&1 | FileCheck %s
// RUN: %run %t before 2>&1 | FileCheck %s
// Test that we hit a guard page when writing past the end of a chunk
// allocated by the Secondary allocator, or writing too far in front of it.
#include <malloc.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>
#include <assert.h>
void handler(int signo, siginfo_t *info, void *uctx) {
if (info->si_code == SEGV_ACCERR) {
fprintf(stderr, "SCUDO SIGSEGV\n");
exit(0);
}
exit(1);
}
int main(int argc, char **argv)
{
// The size must be large enough to be serviced by the secondary allocator.
long page_size = sysconf(_SC_PAGESIZE);
size_t size = (1U << 17) + page_size;
struct sigaction a;
assert(argc == 2);
memset(&a, 0, sizeof(a));
a.sa_sigaction = handler;
a.sa_flags = SA_SIGINFO;
char *p = (char *)malloc(size);
if (!p)
return 1;
memset(p, 'A', size); // This should not trigger anything.
// Set up the SIGSEGV handler now, as the rest should trigger an AV.
sigaction(SIGSEGV, &a, nullptr);
if (!strcmp(argv[1], "after")) {
for (int i = 0; i < page_size; i++)
p[size + i] = 'A';
}
if (!strcmp(argv[1], "before")) {
for (int i = 1; i < page_size; i++)
p[-i] = 'A';
}
free(p);
return 1; // A successful test means we shouldn't reach this.
}
// CHECK: SCUDO SIGSEGV
Reference in New Issue View Git Blame Copy Permalink