Improve alloca() memory safety

Now that all the bugs have been wormed out of the ASAN memory module we can successfully check for underruns on large stack allocations.
2025-01-31 03:27:39 +00:00 · 2022-04-01 22:44:43 -07:00 · 2022-04-01 22:44:43 -07:00 · 38cb6e71ca
commit 38cb6e71ca
parent 1ff1854107
4 changed files with 10 additions and 13 deletions
--- a/examples/hello.c
+++ b/examples/hello.c
@ -9,6 +9,8 @@
 #endif
 #include "libc/stdio/stdio.h"

+STATIC_YOINK("mmap");  // TODO: fix bandaid for MODE=asan
+
 int main() {
  printf("%s\n", "hello world");
  return 0;
--- a/libc/intrin/asan.c
+++ b/libc/intrin/asan.c
@ -1240,8 +1240,7 @@ void __asan_unpoison_stack_memory(uintptr_t addr, size_t size) {
 }

 void __asan_alloca_poison(uintptr_t addr, size_t size) {
-  /* TODO(jart): Make sense of this function. */
-  /* __asan_poison(addr - 32, 32, kAsanAllocaUnderrun); */
+  __asan_poison(addr - 32, 32, kAsanAllocaUnderrun);
  __asan_poison(ROUNDUP(addr + size, 32), 32, kAsanAllocaOverrun);
  __asan_unpoison(addr, ROUNDUP(addr + size, 32) - (addr + size) + 32 + size);
 }
--- a/third_party/python/Modules/faulthandler.c
+++ b/third_party/python/Modules/faulthandler.c
@ -1121,18 +1121,18 @@ faulthandler_fatal_error_py(PyObject *self, PyObject *args)

 #if defined(HAVE_SIGALTSTACK) && defined(HAVE_SIGACTION)
 #define FAULTHANDLER_STACK_OVERFLOW
-static
+static dontinline
 uintptr_t
 stack_overflow(uintptr_t min_sp, uintptr_t max_sp, size_t *depth)
 {
    /* allocate 4096 bytes on the stack at each call */
-    unsigned char buffer[4096];
+    unsigned char buffer[3500]; // [jart] or not
    uintptr_t sp = (uintptr_t)&buffer;
    *depth += 1;
    if (sp < min_sp || max_sp < sp)
        return sp;
    buffer[0] = 1;
-    buffer[4095] = 0;
+    buffer[3500-1] = 0;
    return stack_overflow(min_sp, max_sp, depth);
 }

--- a/third_party/quickjs/qjsc.c
+++ b/third_party/quickjs/qjsc.c
@ -26,6 +26,7 @@
 #include "libc/fmt/fmt.h"
 #include "libc/log/log.h"
 #include "libc/mem/mem.h"
+#include "libc/runtime/gc.internal.h"
 #include "libc/stdio/stdio.h"
 #include "libc/str/str.h"
 #include "libc/x/x.h"
@ -476,7 +477,7 @@ int main(int argc, char **argv)
 {
    int c, i, verbose;
    const char *out_filename, *cname;
-    char cfilename[1024];
+    char *cfilename = gc(malloc(1024));
    FILE *fo;
    JSRuntime *rt;
    JSContext *ctx;
@ -603,14 +604,9 @@ int main(int argc, char **argv)
        }
    }
    if (output_type == OUTPUT_EXECUTABLE) {
-#if defined(_WIN32) || defined(__ANDROID__)
-        /* XXX: find a /tmp directory ? */
-        snprintf(cfilename, sizeof(cfilename), "out%d.c", getpid());
-#else
-        snprintf(cfilename, sizeof(cfilename), "/tmp/out%d.c", getpid());
-#endif
+        snprintf(cfilename, 1024, "/tmp/out%d.c", getpid());
    } else {
-        pstrcpy(cfilename, sizeof(cfilename), out_filename);
+        pstrcpy(cfilename, 1024, out_filename);
    }
    fo = fopen(cfilename, "w");
    if (!fo) {