Fix stack abuse in llama.cc

This change also incorporates improvements for MODE=asan. It's been confirmed that o/asan/third_party/ggml/llama.com will work. Fixes #829
2025-05-28 00:02:28 +00:00 · 2023-06-08 06:44:54 -07:00 · 2023-06-08 06:44:54 -07:00 · 4d629fd424
commit 4d629fd424
parent 32682f0ce7
12 changed files with 73 additions and 76 deletions
--- a/libc/intrin/stpcpy.c
+++ b/libc/intrin/stpcpy.c
@ -16,30 +16,14 @@
 │ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR             │
 │ PERFORMANCE OF THIS SOFTWARE.                                                │
 ╚─────────────────────────────────────────────────────────────────────────────*/
+#include "libc/dce.h"
+#include "libc/intrin/asan.internal.h"
 #include "libc/str/str.h"
 #ifndef __aarch64__

-// TODO(jart): ASAN support here is important.
-
 typedef char xmm_u __attribute__((__vector_size__(16), __aligned__(1)));
 typedef char xmm_t __attribute__((__vector_size__(16), __aligned__(16)));

-#ifdef __x86_64__
-static inline noasan size_t stpcpy_sse2(char *d, const char *s, size_t i) {
-  xmm_t v, z = {0};
-  for (;;) {
-    v = *(xmm_t *)(s + i);
-    if (!__builtin_ia32_pmovmskb128(v == z)) {
-      *(xmm_u *)(d + i) = v;
-      i += 16;
-    } else {
-      break;
-    }
-  }
-  return i;
-}
-#endif
-
 /**
 * Copies bytes from 𝑠 to 𝑑 until a NUL is encountered.
 *
@ -49,15 +33,27 @@ static inline noasan size_t stpcpy_sse2(char *d, const char *s, size_t i) {
 * @return pointer to nul byte
 * @asyncsignalsafe
 */
-char *stpcpy(char *d, const char *s) {
+noasan char *stpcpy(char *d, const char *s) {
  size_t i = 0;
+  if (IsAsan()) {
+    __asan_verify(d, strlen(s) + 1);
+  }
 #ifdef __x86_64__
  for (; (uintptr_t)(s + i) & 15; ++i) {
    if (!(d[i] = s[i])) {
      return d + i;
    }
  }
-  i = stpcpy_sse2(d, s, i);
+  for (;;) {
+    xmm_t z = {0};
+    xmm_t v = *(xmm_t *)(s + i);
+    if (!__builtin_ia32_pmovmskb128(v == z)) {
+      *(xmm_u *)(d + i) = v;
+      i += 16;
+    } else {
+      break;
+    }
+  }
 #endif
  for (;;) {
    if (!(d[i] = s[i])) {
--- a/libc/intrin/strcmp.c
+++ b/libc/intrin/strcmp.c
@ -29,11 +29,13 @@
 * @return is <0, 0, or >0 based on uint8_t comparison
 * @asyncsignalsafe
 */
-int strcmp(const char *a, const char *b) {
+noasan int strcmp(const char *a, const char *b) {
  int c;
  size_t i = 0;
  uint64_t v, w, d;
  if (a == b) return 0;
+  if (IsAsan()) __asan_verify_str(a);
+  if (IsAsan()) __asan_verify_str(b);
  if ((c = (*a & 255) - (*b & 255))) return c;
  if (!IsTiny() && ((uintptr_t)a & 7) == ((uintptr_t)b & 7)) {
    for (; (uintptr_t)(a + i) & 7; ++i) {
@ -53,10 +55,6 @@ int strcmp(const char *a, const char *b) {
  } else {
    while (a[i] == b[i] && b[i]) ++i;
  }
-  if (IsAsan()) {
-    __asan_verify(a, i + 1);
-    __asan_verify(b, i + 1);
-  }
  return (a[i] & 255) - (b[i] & 255);
 }

--- a/libc/intrin/strcpy.c
+++ b/libc/intrin/strcpy.c
@ -16,30 +16,15 @@
 │ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR             │
 │ PERFORMANCE OF THIS SOFTWARE.                                                │
 ╚─────────────────────────────────────────────────────────────────────────────*/
+#include "libc/dce.h"
+#include "libc/intrin/asan.internal.h"
+#include "libc/intrin/kprintf.h"
 #include "libc/str/str.h"
 #ifndef __aarch64__

-// TODO(jart): ASAN support here is important.
-
 typedef char xmm_u __attribute__((__vector_size__(16), __aligned__(1)));
 typedef char xmm_t __attribute__((__vector_size__(16), __aligned__(16)));

-#ifdef __x86_64__
-static inline noasan size_t strcpy_sse2(char *d, const char *s, size_t i) {
-  xmm_t v, z = {0};
-  for (;;) {
-    v = *(xmm_t *)(s + i);
-    if (!__builtin_ia32_pmovmskb128(v == z)) {
-      *(xmm_u *)(d + i) = v;
-      i += 16;
-    } else {
-      break;
-    }
-  }
-  return i;
-}
-#endif
-
 /**
 * Copies bytes from 𝑠 to 𝑑 until a NUL is encountered.
 *
@ -49,15 +34,27 @@ static inline noasan size_t strcpy_sse2(char *d, const char *s, size_t i) {
 * @return original dest
 * @asyncsignalsafe
 */
-char *strcpy(char *d, const char *s) {
+noasan char *strcpy(char *d, const char *s) {
  size_t i = 0;
+  if (IsAsan()) {
+    __asan_verify(d, strlen(s) + 1);
+  }
 #ifdef __x86_64__
  for (; (uintptr_t)(s + i) & 15; ++i) {
    if (!(d[i] = s[i])) {
      return d;
    }
  }
-  i = strcpy_sse2(d, s, i);
+  for (;;) {
+    xmm_t z = {0};
+    xmm_t v = *(xmm_t *)(s + i);
+    if (!__builtin_ia32_pmovmskb128(v == z)) {
+      *(xmm_u *)(d + i) = v;
+      i += 16;
+    } else {
+      break;
+    }
+  }
 #endif
  for (;;) {
    if (!(d[i] = s[i])) {
--- a/libc/str/strcasecmp.c
+++ b/libc/str/strcasecmp.c
@ -34,13 +34,11 @@ noasan int strcasecmp(const char *a, const char *b) {
  size_t i = 0;
  uint64_t v, w, d;
  if (a == b) return 0;
+  if (IsAsan()) __asan_verify_str(a);
+  if (IsAsan()) __asan_verify_str(b);
  if (((uintptr_t)a & 7) == ((uintptr_t)b & 7)) {
    for (; (uintptr_t)(a + i) & 7; ++i) {
    CheckEm:
-      if (IsAsan()) {
-        __asan_verify(a, i + 1);
-        __asan_verify(b, i + 1);
-      }
      if ((x = kToLower[a[i] & 255]) != (y = kToLower[b[i] & 255]) || !y) {
        return x - y;
      }
@ -56,10 +54,6 @@ noasan int strcasecmp(const char *a, const char *b) {
    }
  } else {
    while ((x = kToLower[a[i] & 255]) == (y = kToLower[b[i] & 255]) && y) ++i;
-    if (IsAsan()) {
-      __asan_verify(a, i + 1);
-      __asan_verify(b, i + 1);
-    }
    return x - y;
  }
 }