https://bugs.llvm.org/show_bug.cgi?id=45583
Bug ID: 45583
Summary: DFSan does not trasfer labels on realloc
Product: compiler-rt
Version: 10.0
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: dfsan
Assignee: unassignedb...@nondot.org
Reporter: elia.f.gere...@gmail.com
CC: llvm-bugs@lists.llvm.org
Created attachment 23382
--> https://bugs.llvm.org/attachment.cgi?id=23382&action=edit
Reproducer (glibc)
When a dynamically allocated buffer is moved due to a `realloc`,
DataFlowSanitizer does not correctly transfer the taint labels to the shadow
memory for the new location. I am attaching a reproducer that works with glibc
2.30.
This bug is caused by `realloc` being marked as `discard` in
`compiler-rt/lib/dfsan/done_abilist.txt`, while instead it needs a custom
wrapper to be handled correctly. Moreover, marking `realloc` as `discard` while
it should not be also silences the warning which tells the user that a custom
wrapper is missing, effectively masking the incorrect behavior.
Implementing the custom wrapper is not obvious since it probably requires to
use allocator introspection to have good performance. It is necessary to
retrieve the size of the old chunk passed to `realloc`. Allocator
introspection, however, is not standard and is thus different for every
allocator on every platform.
In the meantime, if this bug is confirmed, it could be a good idea to remove
`realloc` from the `done_abilist.txt` file so that a warning is shown when
`realloc` is called.
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
