From 38cb6e71cab351e67951e838696b50532aa838ea Mon Sep 17 00:00:00 2001 From: Justine Tunney Date: Fri, 1 Apr 2022 22:44:43 -0700 Subject: [PATCH] Improve alloca() memory safety Now that all the bugs have been wormed out of the ASAN memory module we can successfully check for underruns on large stack allocations. --- examples/hello.c | 2 ++ libc/intrin/asan.c | 3 +-- third_party/python/Modules/faulthandler.c | 6 +++--- third_party/quickjs/qjsc.c | 12 ++++-------- 4 files changed, 10 insertions(+), 13 deletions(-) diff --git a/examples/hello.c b/examples/hello.c index 8486ab30a..a9c3249f3 100644 --- a/examples/hello.c +++ b/examples/hello.c @@ -9,6 +9,8 @@ #endif #include "libc/stdio/stdio.h" +STATIC_YOINK("mmap"); // TODO: fix bandaid for MODE=asan + int main() { printf("%s\n", "hello world"); return 0; diff --git a/libc/intrin/asan.c b/libc/intrin/asan.c index 753137f9b..3269dfaf6 100644 --- a/libc/intrin/asan.c +++ b/libc/intrin/asan.c @@ -1240,8 +1240,7 @@ void __asan_unpoison_stack_memory(uintptr_t addr, size_t size) { } void __asan_alloca_poison(uintptr_t addr, size_t size) { - /* TODO(jart): Make sense of this function. */ - /* __asan_poison(addr - 32, 32, kAsanAllocaUnderrun); */ + __asan_poison(addr - 32, 32, kAsanAllocaUnderrun); __asan_poison(ROUNDUP(addr + size, 32), 32, kAsanAllocaOverrun); __asan_unpoison(addr, ROUNDUP(addr + size, 32) - (addr + size) + 32 + size); } diff --git a/third_party/python/Modules/faulthandler.c b/third_party/python/Modules/faulthandler.c index 17ee78346..c2f35e6c7 100644 --- a/third_party/python/Modules/faulthandler.c +++ b/third_party/python/Modules/faulthandler.c @@ -1121,18 +1121,18 @@ faulthandler_fatal_error_py(PyObject *self, PyObject *args) #if defined(HAVE_SIGALTSTACK) && defined(HAVE_SIGACTION) #define FAULTHANDLER_STACK_OVERFLOW -static +static dontinline uintptr_t stack_overflow(uintptr_t min_sp, uintptr_t max_sp, size_t *depth) { /* allocate 4096 bytes on the stack at each call */ - unsigned char buffer[4096]; + unsigned char buffer[3500]; // [jart] or not uintptr_t sp = (uintptr_t)&buffer; *depth += 1; if (sp < min_sp || max_sp < sp) return sp; buffer[0] = 1; - buffer[4095] = 0; + buffer[3500-1] = 0; return stack_overflow(min_sp, max_sp, depth); } diff --git a/third_party/quickjs/qjsc.c b/third_party/quickjs/qjsc.c index ebfb2399f..885f0b2ee 100644 --- a/third_party/quickjs/qjsc.c +++ b/third_party/quickjs/qjsc.c @@ -26,6 +26,7 @@ #include "libc/fmt/fmt.h" #include "libc/log/log.h" #include "libc/mem/mem.h" +#include "libc/runtime/gc.internal.h" #include "libc/stdio/stdio.h" #include "libc/str/str.h" #include "libc/x/x.h" @@ -476,7 +477,7 @@ int main(int argc, char **argv) { int c, i, verbose; const char *out_filename, *cname; - char cfilename[1024]; + char *cfilename = gc(malloc(1024)); FILE *fo; JSRuntime *rt; JSContext *ctx; @@ -603,14 +604,9 @@ int main(int argc, char **argv) } } if (output_type == OUTPUT_EXECUTABLE) { -#if defined(_WIN32) || defined(__ANDROID__) - /* XXX: find a /tmp directory ? */ - snprintf(cfilename, sizeof(cfilename), "out%d.c", getpid()); -#else - snprintf(cfilename, sizeof(cfilename), "/tmp/out%d.c", getpid()); -#endif + snprintf(cfilename, 1024, "/tmp/out%d.c", getpid()); } else { - pstrcpy(cfilename, sizeof(cfilename), out_filename); + pstrcpy(cfilename, 1024, out_filename); } fo = fopen(cfilename, "w"); if (!fo) {