1//===-- msan_interceptors.cpp ---------------------------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file is a part of MemorySanitizer.
10//
11// Interceptors for standard library functions.
12//
13// FIXME: move as many interceptors as possible into
14// sanitizer_common/sanitizer_common_interceptors.h
15//===----------------------------------------------------------------------===//
16
17#define SANITIZER_COMMON_NO_REDEFINE_BUILTINS
18
19#include "interception/interception.h"
20#include "msan.h"
21#include "msan_chained_origin_depot.h"
22#include "msan_dl.h"
23#include "msan_origin.h"
24#include "msan_poisoning.h"
25#include "msan_report.h"
26#include "msan_thread.h"
27#include "sanitizer_common/sanitizer_allocator.h"
28#include "sanitizer_common/sanitizer_allocator_dlsym.h"
29#include "sanitizer_common/sanitizer_allocator_interface.h"
30#include "sanitizer_common/sanitizer_atomic.h"
31#include "sanitizer_common/sanitizer_common.h"
32#include "sanitizer_common/sanitizer_errno.h"
33#include "sanitizer_common/sanitizer_errno_codes.h"
34#include "sanitizer_common/sanitizer_glibc_version.h"
35#include "sanitizer_common/sanitizer_libc.h"
36#include "sanitizer_common/sanitizer_linux.h"
37#include "sanitizer_common/sanitizer_platform_limits_netbsd.h"
38#include "sanitizer_common/sanitizer_platform_limits_posix.h"
39#include "sanitizer_common/sanitizer_stackdepot.h"
40#include "sanitizer_common/sanitizer_tls_get_addr.h"
41#include "sanitizer_common/sanitizer_vector.h"
42
43#if SANITIZER_NETBSD
44#define fstat __fstat50
45#define gettimeofday __gettimeofday50
46#define getrusage __getrusage50
47#define tzset __tzset50
48#endif
49
50#include <stdarg.h>
51// ACHTUNG! No other system header includes in this file.
52// Ideally, we should get rid of stdarg.h as well.
53
54using namespace __msan;
55
56using __sanitizer::memory_order;
57using __sanitizer::atomic_load;
58using __sanitizer::atomic_store;
59using __sanitizer::atomic_uintptr_t;
60
61DECLARE_REAL(SIZE_T, strlen, const char *s)
62DECLARE_REAL(SIZE_T, strnlen, const char *s, SIZE_T maxlen)
63DECLARE_REAL(void *, memcpy, void *dest, const void *src, uptr n)
64DECLARE_REAL(void *, memset, void *dest, int c, uptr n)
65
66// True if this is a nested interceptor.
67static THREADLOCAL int in_interceptor_scope;
68
69void __msan_scoped_disable_interceptor_checks() { ++in_interceptor_scope; }
70void __msan_scoped_enable_interceptor_checks() { --in_interceptor_scope; }
71
72struct InterceptorScope {
73 InterceptorScope() { ++in_interceptor_scope; }
74 ~InterceptorScope() { --in_interceptor_scope; }
75};
76
77bool IsInInterceptorScope() {
78 return in_interceptor_scope;
79}
80
81struct DlsymAlloc : public DlSymAllocator<DlsymAlloc> {
82 static bool UseImpl() { return !msan_inited; }
83};
84
85#define ENSURE_MSAN_INITED() do { \
86 CHECK(!msan_init_is_running); \
87 if (!msan_inited) { \
88 __msan_init(); \
89 } \
90} while (0)
91
92// Check that [x, x+n) range is unpoisoned.
93#define CHECK_UNPOISONED_0(x, n) \
94 do { \
95 sptr __offset = __msan_test_shadow(x, n); \
96 if (__msan::IsInSymbolizerOrUnwider()) \
97 break; \
98 if (__offset >= 0 && __msan::flags()->report_umrs) { \
99 GET_CALLER_PC_BP; \
100 ReportUMRInsideAddressRange(__func__, x, n, __offset); \
101 __msan::PrintWarningWithOrigin( \
102 pc, bp, __msan_get_origin((const char *)x + __offset)); \
103 if (__msan::flags()->halt_on_error) { \
104 Printf("Exiting\n"); \
105 Die(); \
106 } \
107 } \
108 } while (0)
109
110// Check that [x, x+n) range is unpoisoned unless we are in a nested
111// interceptor.
112#define CHECK_UNPOISONED(x, n) \
113 do { \
114 if (!IsInInterceptorScope()) CHECK_UNPOISONED_0(x, n); \
115 } while (0)
116
117#define CHECK_UNPOISONED_STRING_OF_LEN(x, len, n) \
118 CHECK_UNPOISONED((x), \
119 common_flags()->strict_string_checks ? (len) + 1 : (n) )
120
121#define CHECK_UNPOISONED_STRING(x, n) \
122 CHECK_UNPOISONED_STRING_OF_LEN((x), internal_strlen(x), (n))
123
124#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
125INTERCEPTOR(SIZE_T, fread_unlocked, void *ptr, SIZE_T size, SIZE_T nmemb,
126 void *file) {
127 ENSURE_MSAN_INITED();
128 SIZE_T res = REAL(fread_unlocked)(ptr, size, nmemb, file);
129 if (res > 0)
130 __msan_unpoison(a: ptr, size: res *size);
131 return res;
132}
133#define MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED INTERCEPT_FUNCTION(fread_unlocked)
134#else
135#define MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED
136#endif
137
138#if !SANITIZER_NETBSD
139INTERCEPTOR(void *, mempcpy, void *dest, const void *src, SIZE_T n) {
140 return (char *)__msan_memcpy(dst: dest, src, size: n) + n;
141}
142#define MSAN_MAYBE_INTERCEPT_MEMPCPY INTERCEPT_FUNCTION(mempcpy)
143#else
144#define MSAN_MAYBE_INTERCEPT_MEMPCPY
145#endif
146
147INTERCEPTOR(void *, memccpy, void *dest, const void *src, int c, SIZE_T n) {
148 ENSURE_MSAN_INITED();
149 void *res = REAL(memccpy)(dest, src, c, n);
150 CHECK(!res || (res >= dest && res <= (char *)dest + n));
151 SIZE_T sz = res ? (char *)res - (char *)dest : n;
152 CHECK_UNPOISONED(src, sz);
153 __msan_unpoison(a: dest, size: sz);
154 return res;
155}
156
157INTERCEPTOR(void *, bcopy, const void *src, void *dest, SIZE_T n) {
158 return __msan_memmove(dest, src, n);
159}
160
161INTERCEPTOR(int, posix_memalign, void **memptr, SIZE_T alignment, SIZE_T size) {
162 GET_MALLOC_STACK_TRACE;
163 CHECK_NE(memptr, 0);
164 int res = msan_posix_memalign(memptr, alignment, size, stack: &stack);
165 if (!res)
166 __msan_unpoison(a: memptr, size: sizeof(*memptr));
167 return res;
168}
169
170#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
171INTERCEPTOR(void *, memalign, SIZE_T alignment, SIZE_T size) {
172 GET_MALLOC_STACK_TRACE;
173 return msan_memalign(alignment, size, stack: &stack);
174}
175#define MSAN_MAYBE_INTERCEPT_MEMALIGN INTERCEPT_FUNCTION(memalign)
176#else
177#define MSAN_MAYBE_INTERCEPT_MEMALIGN
178#endif
179
180INTERCEPTOR(void *, aligned_alloc, SIZE_T alignment, SIZE_T size) {
181 GET_MALLOC_STACK_TRACE;
182 return msan_aligned_alloc(alignment, size, stack: &stack);
183}
184
185#if !SANITIZER_NETBSD
186INTERCEPTOR(void *, __libc_memalign, SIZE_T alignment, SIZE_T size) {
187 GET_MALLOC_STACK_TRACE;
188 void *ptr = msan_memalign(alignment, size, stack: &stack);
189 if (ptr)
190 DTLS_on_libc_memalign(ptr, size);
191 return ptr;
192}
193#define MSAN_MAYBE_INTERCEPT___LIBC_MEMALIGN INTERCEPT_FUNCTION(__libc_memalign)
194#else
195#define MSAN_MAYBE_INTERCEPT___LIBC_MEMALIGN
196#endif
197
198INTERCEPTOR(void *, valloc, SIZE_T size) {
199 GET_MALLOC_STACK_TRACE;
200 return msan_valloc(size, stack: &stack);
201}
202
203#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
204INTERCEPTOR(void *, pvalloc, SIZE_T size) {
205 GET_MALLOC_STACK_TRACE;
206 return msan_pvalloc(size, stack: &stack);
207}
208#define MSAN_MAYBE_INTERCEPT_PVALLOC INTERCEPT_FUNCTION(pvalloc)
209#else
210#define MSAN_MAYBE_INTERCEPT_PVALLOC
211#endif
212
213INTERCEPTOR(void, free, void *ptr) {
214 if (UNLIKELY(!ptr))
215 return;
216 if (DlsymAlloc::PointerIsMine(ptr))
217 return DlsymAlloc::Free(ptr);
218 GET_MALLOC_STACK_TRACE;
219 MsanDeallocate(stack: &stack, ptr);
220}
221
222#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
223INTERCEPTOR(void, cfree, void *ptr) {
224 if (UNLIKELY(!ptr))
225 return;
226 if (DlsymAlloc::PointerIsMine(ptr))
227 return DlsymAlloc::Free(ptr);
228 GET_MALLOC_STACK_TRACE;
229 MsanDeallocate(stack: &stack, ptr);
230}
231# define MSAN_MAYBE_INTERCEPT_CFREE INTERCEPT_FUNCTION(cfree)
232#else
233#define MSAN_MAYBE_INTERCEPT_CFREE
234#endif
235
236#if !SANITIZER_NETBSD
237INTERCEPTOR(uptr, malloc_usable_size, void *ptr) {
238 return __sanitizer_get_allocated_size(p: ptr);
239}
240#define MSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE \
241 INTERCEPT_FUNCTION(malloc_usable_size)
242#else
243#define MSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE
244#endif
245
246#if (!SANITIZER_FREEBSD && !SANITIZER_NETBSD) || __GLIBC_PREREQ(2, 33)
247template <class T>
248static NOINLINE void clear_mallinfo(T *sret) {
249 ENSURE_MSAN_INITED();
250 internal_memset(sret, 0, sizeof(*sret));
251 __msan_unpoison(sret, sizeof(*sret));
252}
253#endif
254
255#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
256// Interceptors use NRVO and assume that sret will be pre-allocated in
257// caller frame.
258INTERCEPTOR(__sanitizer_struct_mallinfo, mallinfo,) {
259 __sanitizer_struct_mallinfo sret;
260 clear_mallinfo(sret: &sret);
261 return sret;
262}
263# define MSAN_MAYBE_INTERCEPT_MALLINFO INTERCEPT_FUNCTION(mallinfo)
264#else
265# define MSAN_MAYBE_INTERCEPT_MALLINFO
266#endif
267
268#if __GLIBC_PREREQ(2, 33)
269INTERCEPTOR(__sanitizer_struct_mallinfo2, mallinfo2) {
270 __sanitizer_struct_mallinfo2 sret;
271 clear_mallinfo(sret: &sret);
272 return sret;
273}
274# define MSAN_MAYBE_INTERCEPT_MALLINFO2 INTERCEPT_FUNCTION(mallinfo2)
275#else
276# define MSAN_MAYBE_INTERCEPT_MALLINFO2
277#endif
278
279#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
280INTERCEPTOR(int, mallopt, int cmd, int value) {
281 return 0;
282}
283#define MSAN_MAYBE_INTERCEPT_MALLOPT INTERCEPT_FUNCTION(mallopt)
284#else
285#define MSAN_MAYBE_INTERCEPT_MALLOPT
286#endif
287
288#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
289INTERCEPTOR(void, malloc_stats, void) {
290 // FIXME: implement, but don't call REAL(malloc_stats)!
291}
292#define MSAN_MAYBE_INTERCEPT_MALLOC_STATS INTERCEPT_FUNCTION(malloc_stats)
293#else
294#define MSAN_MAYBE_INTERCEPT_MALLOC_STATS
295#endif
296
297INTERCEPTOR(char *, strcpy, char *dest, const char *src) {
298 ENSURE_MSAN_INITED();
299 GET_STORE_STACK_TRACE;
300 SIZE_T n = internal_strlen(s: src);
301 CHECK_UNPOISONED_STRING(src + n, 0);
302 char *res = REAL(strcpy)(dest, src);
303 CopyShadowAndOrigin(dst: dest, src, size: n + 1, stack: &stack);
304 return res;
305}
306
307INTERCEPTOR(char *, strncpy, char *dest, const char *src, SIZE_T n) {
308 ENSURE_MSAN_INITED();
309 GET_STORE_STACK_TRACE;
310 SIZE_T copy_size = internal_strnlen(s: src, maxlen: n);
311 if (copy_size < n)
312 copy_size++; // trailing \0
313 char *res = REAL(strncpy)(dest, src, n);
314 CopyShadowAndOrigin(dst: dest, src, size: copy_size, stack: &stack);
315 __msan_unpoison(a: dest + copy_size, size: n - copy_size);
316 return res;
317}
318
319#if !SANITIZER_NETBSD
320INTERCEPTOR(char *, stpcpy, char *dest, const char *src) {
321 ENSURE_MSAN_INITED();
322 GET_STORE_STACK_TRACE;
323 SIZE_T n = internal_strlen(s: src);
324 CHECK_UNPOISONED_STRING(src + n, 0);
325 char *res = REAL(stpcpy)(dest, src);
326 CopyShadowAndOrigin(dst: dest, src, size: n + 1, stack: &stack);
327 return res;
328}
329
330INTERCEPTOR(char *, stpncpy, char *dest, const char *src, SIZE_T n) {
331 ENSURE_MSAN_INITED();
332 GET_STORE_STACK_TRACE;
333 SIZE_T copy_size = Min(a: n, b: internal_strnlen(s: src, maxlen: n) + 1);
334 char *res = REAL(stpncpy)(dest, src, n);
335 CopyShadowAndOrigin(dst: dest, src, size: copy_size, stack: &stack);
336 __msan_unpoison(a: dest + copy_size, size: n - copy_size);
337 return res;
338}
339# define MSAN_MAYBE_INTERCEPT_STPCPY INTERCEPT_FUNCTION(stpcpy)
340# define MSAN_MAYBE_INTERCEPT_STPNCPY INTERCEPT_FUNCTION(stpncpy)
341#else
342#define MSAN_MAYBE_INTERCEPT_STPCPY
343# define MSAN_MAYBE_INTERCEPT_STPNCPY
344#endif
345
346INTERCEPTOR(char *, strdup, char *src) {
347 ENSURE_MSAN_INITED();
348 GET_STORE_STACK_TRACE;
349 // On FreeBSD strdup() leverages strlen().
350 InterceptorScope interceptor_scope;
351 SIZE_T n = internal_strlen(s: src);
352 CHECK_UNPOISONED_STRING(src + n, 0);
353 char *res = REAL(strdup)(src);
354 CopyShadowAndOrigin(dst: res, src, size: n + 1, stack: &stack);
355 return res;
356}
357
358#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
359INTERCEPTOR(char *, __strdup, char *src) {
360 ENSURE_MSAN_INITED();
361 GET_STORE_STACK_TRACE;
362 SIZE_T n = internal_strlen(s: src);
363 CHECK_UNPOISONED_STRING(src + n, 0);
364 char *res = REAL(__strdup)(src);
365 CopyShadowAndOrigin(dst: res, src, size: n + 1, stack: &stack);
366 return res;
367}
368#define MSAN_MAYBE_INTERCEPT___STRDUP INTERCEPT_FUNCTION(__strdup)
369#else
370#define MSAN_MAYBE_INTERCEPT___STRDUP
371#endif
372
373#if !SANITIZER_NETBSD
374INTERCEPTOR(char *, gcvt, double number, SIZE_T ndigit, char *buf) {
375 ENSURE_MSAN_INITED();
376 char *res = REAL(gcvt)(number, ndigit, buf);
377 SIZE_T n = internal_strlen(s: buf);
378 __msan_unpoison(a: buf, size: n + 1);
379 return res;
380}
381#define MSAN_MAYBE_INTERCEPT_GCVT INTERCEPT_FUNCTION(gcvt)
382#else
383#define MSAN_MAYBE_INTERCEPT_GCVT
384#endif
385
386INTERCEPTOR(char *, strcat, char *dest, const char *src) {
387 ENSURE_MSAN_INITED();
388 GET_STORE_STACK_TRACE;
389 SIZE_T src_size = internal_strlen(s: src);
390 SIZE_T dest_size = internal_strlen(s: dest);
391 CHECK_UNPOISONED_STRING(src + src_size, 0);
392 CHECK_UNPOISONED_STRING(dest + dest_size, 0);
393 char *res = REAL(strcat)(dest, src);
394 CopyShadowAndOrigin(dst: dest + dest_size, src, size: src_size + 1, stack: &stack);
395 return res;
396}
397
398INTERCEPTOR(char *, strncat, char *dest, const char *src, SIZE_T n) {
399 ENSURE_MSAN_INITED();
400 GET_STORE_STACK_TRACE;
401 SIZE_T dest_size = internal_strlen(s: dest);
402 SIZE_T copy_size = internal_strnlen(s: src, maxlen: n);
403 CHECK_UNPOISONED_STRING(dest + dest_size, 0);
404 char *res = REAL(strncat)(dest, src, n);
405 CopyShadowAndOrigin(dst: dest + dest_size, src, size: copy_size, stack: &stack);
406 __msan_unpoison(a: dest + dest_size + copy_size, size: 1); // \0
407 return res;
408}
409
410// Hack: always pass nptr and endptr as part of __VA_ARGS_ to avoid having to
411// deal with empty __VA_ARGS__ in the case of INTERCEPTOR_STRTO.
412#define INTERCEPTOR_STRTO_BODY(ret_type, func, ...) \
413 ENSURE_MSAN_INITED(); \
414 ret_type res = REAL(func)(__VA_ARGS__); \
415 __msan_unpoison(endptr, sizeof(*endptr)); \
416 return res;
417
418// On s390x, long double return values are passed via implicit reference,
419// which needs to be unpoisoned. We make the implicit pointer explicit.
420#define INTERCEPTOR_STRTO_SRET_BODY(func, sret, ...) \
421 ENSURE_MSAN_INITED(); \
422 REAL(func)(sret, __VA_ARGS__); \
423 __msan_unpoison(sret, sizeof(*sret)); \
424 __msan_unpoison(endptr, sizeof(*endptr));
425
426#define INTERCEPTOR_STRTO(ret_type, func, char_type) \
427 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr) { \
428 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr); \
429 }
430
431#define INTERCEPTOR_STRTO_SRET(ret_type, func, char_type) \
432 INTERCEPTOR(void, func, ret_type *sret, const char_type *nptr, \
433 char_type **endptr) { \
434 INTERCEPTOR_STRTO_SRET_BODY(func, sret, nptr, endptr); \
435 }
436
437#define INTERCEPTOR_STRTO_BASE(ret_type, func, char_type) \
438 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr, \
439 int base) { \
440 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr, base); \
441 }
442
443#define INTERCEPTOR_STRTO_LOC(ret_type, func, char_type) \
444 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr, \
445 void *loc) { \
446 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr, loc); \
447 }
448
449#define INTERCEPTOR_STRTO_SRET_LOC(ret_type, func, char_type) \
450 INTERCEPTOR(void, func, ret_type *sret, const char_type *nptr, \
451 char_type **endptr, void *loc) { \
452 INTERCEPTOR_STRTO_SRET_BODY(func, sret, nptr, endptr, loc); \
453 }
454
455#define INTERCEPTOR_STRTO_BASE_LOC(ret_type, func, char_type) \
456 INTERCEPTOR(ret_type, func, const char_type *nptr, char_type **endptr, \
457 int base, void *loc) { \
458 INTERCEPTOR_STRTO_BODY(ret_type, func, nptr, endptr, base, loc); \
459 }
460
461#if SANITIZER_NETBSD
462#define INTERCEPTORS_STRTO(ret_type, func, char_type) \
463 INTERCEPTOR_STRTO(ret_type, func, char_type) \
464 INTERCEPTOR_STRTO_LOC(ret_type, func##_l, char_type)
465
466#define INTERCEPTORS_STRTO_SRET(ret_type, func, char_type) \
467 INTERCEPTOR_STRTO_SRET(ret_type, func, char_type) \
468 INTERCEPTOR_STRTO_SRET_LOC(ret_type, func##_l, char_type)
469
470#define INTERCEPTORS_STRTO_BASE(ret_type, func, char_type) \
471 INTERCEPTOR_STRTO_BASE(ret_type, func, char_type) \
472 INTERCEPTOR_STRTO_BASE_LOC(ret_type, func##_l, char_type)
473
474#else
475#define INTERCEPTORS_STRTO(ret_type, func, char_type) \
476 INTERCEPTOR_STRTO(ret_type, func, char_type) \
477 INTERCEPTOR_STRTO_LOC(ret_type, func##_l, char_type) \
478 INTERCEPTOR_STRTO_LOC(ret_type, __##func##_l, char_type) \
479 INTERCEPTOR_STRTO_LOC(ret_type, __##func##_internal, char_type)
480
481#define INTERCEPTORS_STRTO_SRET(ret_type, func, char_type) \
482 INTERCEPTOR_STRTO_SRET(ret_type, func, char_type) \
483 INTERCEPTOR_STRTO_SRET_LOC(ret_type, func##_l, char_type) \
484 INTERCEPTOR_STRTO_SRET_LOC(ret_type, __##func##_l, char_type) \
485 INTERCEPTOR_STRTO_SRET_LOC(ret_type, __##func##_internal, char_type)
486
487#define INTERCEPTORS_STRTO_BASE(ret_type, func, char_type) \
488 INTERCEPTOR_STRTO_BASE(ret_type, func, char_type) \
489 INTERCEPTOR_STRTO_BASE_LOC(ret_type, func##_l, char_type) \
490 INTERCEPTOR_STRTO_BASE_LOC(ret_type, __##func##_l, char_type) \
491 INTERCEPTOR_STRTO_BASE_LOC(ret_type, __##func##_internal, char_type)
492#endif
493
494INTERCEPTORS_STRTO(double, strtod, char)
495INTERCEPTORS_STRTO(float, strtof, char)
496#ifdef __s390x__
497INTERCEPTORS_STRTO_SRET(long double, strtold, char)
498#else
499INTERCEPTORS_STRTO(long double, strtold, char)
500#endif
501INTERCEPTORS_STRTO_BASE(long, strtol, char)
502INTERCEPTORS_STRTO_BASE(long long, strtoll, char)
503INTERCEPTORS_STRTO_BASE(unsigned long, strtoul, char)
504INTERCEPTORS_STRTO_BASE(unsigned long long, strtoull, char)
505INTERCEPTORS_STRTO_BASE(u64, strtouq, char)
506
507INTERCEPTORS_STRTO(double, wcstod, wchar_t)
508INTERCEPTORS_STRTO(float, wcstof, wchar_t)
509#ifdef __s390x__
510INTERCEPTORS_STRTO_SRET(long double, wcstold, wchar_t)
511#else
512INTERCEPTORS_STRTO(long double, wcstold, wchar_t)
513#endif
514INTERCEPTORS_STRTO_BASE(long, wcstol, wchar_t)
515INTERCEPTORS_STRTO_BASE(long long, wcstoll, wchar_t)
516INTERCEPTORS_STRTO_BASE(unsigned long, wcstoul, wchar_t)
517INTERCEPTORS_STRTO_BASE(unsigned long long, wcstoull, wchar_t)
518
519#if SANITIZER_GLIBC
520INTERCEPTORS_STRTO(double, __isoc23_strtod, char)
521INTERCEPTORS_STRTO(float, __isoc23_strtof, char)
522#ifdef __s390x__
523INTERCEPTORS_STRTO_SRET(long double, __isoc23_strtold, char)
524#else
525INTERCEPTORS_STRTO(long double, __isoc23_strtold, char)
526#endif
527INTERCEPTORS_STRTO_BASE(long, __isoc23_strtol, char)
528INTERCEPTORS_STRTO_BASE(long long, __isoc23_strtoll, char)
529INTERCEPTORS_STRTO_BASE(unsigned long, __isoc23_strtoul, char)
530INTERCEPTORS_STRTO_BASE(unsigned long long, __isoc23_strtoull, char)
531INTERCEPTORS_STRTO_BASE(u64, __isoc23_strtouq, char)
532
533INTERCEPTORS_STRTO(double, __isoc23_wcstod, wchar_t)
534INTERCEPTORS_STRTO(float, __isoc23_wcstof, wchar_t)
535#ifdef __s390x__
536INTERCEPTORS_STRTO_SRET(long double, __isoc23_wcstold, wchar_t)
537#else
538INTERCEPTORS_STRTO(long double, __isoc23_wcstold, wchar_t)
539#endif
540INTERCEPTORS_STRTO_BASE(long, __isoc23_wcstol, wchar_t)
541INTERCEPTORS_STRTO_BASE(long long, __isoc23_wcstoll, wchar_t)
542INTERCEPTORS_STRTO_BASE(unsigned long, __isoc23_wcstoul, wchar_t)
543INTERCEPTORS_STRTO_BASE(unsigned long long, __isoc23_wcstoull, wchar_t)
544#endif
545
546#if SANITIZER_NETBSD
547#define INTERCEPT_STRTO(func) \
548 INTERCEPT_FUNCTION(func); \
549 INTERCEPT_FUNCTION(func##_l);
550#else
551#define INTERCEPT_STRTO(func) \
552 INTERCEPT_FUNCTION(func); \
553 INTERCEPT_FUNCTION(func##_l); \
554 INTERCEPT_FUNCTION(__##func##_l); \
555 INTERCEPT_FUNCTION(__##func##_internal);
556
557#define INTERCEPT_STRTO_VER(func, ver) \
558 INTERCEPT_FUNCTION_VER(func, ver); \
559 INTERCEPT_FUNCTION_VER(func##_l, ver); \
560 INTERCEPT_FUNCTION_VER(__##func##_l, ver); \
561 INTERCEPT_FUNCTION_VER(__##func##_internal, ver);
562#endif
563
564
565// FIXME: support *wprintf in common format interceptors.
566INTERCEPTOR(int, vswprintf, void *str, uptr size, void *format, va_list ap) {
567 ENSURE_MSAN_INITED();
568 int res = REAL(vswprintf)(str, size, format, ap);
569 if (res >= 0) {
570 __msan_unpoison(a: str, size: 4 * (res + 1));
571 }
572 return res;
573}
574
575INTERCEPTOR(int, swprintf, void *str, uptr size, void *format, ...) {
576 ENSURE_MSAN_INITED();
577 va_list ap;
578 va_start(ap, format);
579 int res = vswprintf(str, size, format, ap);
580 va_end(ap);
581 return res;
582}
583
584#define INTERCEPTOR_STRFTIME_BODY(char_type, ret_type, func, s, ...) \
585 ENSURE_MSAN_INITED(); \
586 InterceptorScope interceptor_scope; \
587 ret_type res = REAL(func)(s, __VA_ARGS__); \
588 if (s) __msan_unpoison(s, sizeof(char_type) * (res + 1)); \
589 return res;
590
591INTERCEPTOR(SIZE_T, strftime, char *s, SIZE_T max, const char *format,
592 __sanitizer_tm *tm) {
593 INTERCEPTOR_STRFTIME_BODY(char, SIZE_T, strftime, s, max, format, tm);
594}
595
596INTERCEPTOR(SIZE_T, strftime_l, char *s, SIZE_T max, const char *format,
597 __sanitizer_tm *tm, void *loc) {
598 INTERCEPTOR_STRFTIME_BODY(char, SIZE_T, strftime_l, s, max, format, tm, loc);
599}
600
601#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
602INTERCEPTOR(SIZE_T, __strftime_l, char *s, SIZE_T max, const char *format,
603 __sanitizer_tm *tm, void *loc) {
604 INTERCEPTOR_STRFTIME_BODY(char, SIZE_T, __strftime_l, s, max, format, tm,
605 loc);
606}
607#define MSAN_MAYBE_INTERCEPT___STRFTIME_L INTERCEPT_FUNCTION(__strftime_l)
608#else
609#define MSAN_MAYBE_INTERCEPT___STRFTIME_L
610#endif
611
612INTERCEPTOR(SIZE_T, wcsftime, wchar_t *s, SIZE_T max, const wchar_t *format,
613 __sanitizer_tm *tm) {
614 INTERCEPTOR_STRFTIME_BODY(wchar_t, SIZE_T, wcsftime, s, max, format, tm);
615}
616
617INTERCEPTOR(SIZE_T, wcsftime_l, wchar_t *s, SIZE_T max, const wchar_t *format,
618 __sanitizer_tm *tm, void *loc) {
619 INTERCEPTOR_STRFTIME_BODY(wchar_t, SIZE_T, wcsftime_l, s, max, format, tm,
620 loc);
621}
622
623#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
624INTERCEPTOR(SIZE_T, __wcsftime_l, wchar_t *s, SIZE_T max, const wchar_t *format,
625 __sanitizer_tm *tm, void *loc) {
626 INTERCEPTOR_STRFTIME_BODY(wchar_t, SIZE_T, __wcsftime_l, s, max, format, tm,
627 loc);
628}
629#define MSAN_MAYBE_INTERCEPT___WCSFTIME_L INTERCEPT_FUNCTION(__wcsftime_l)
630#else
631#define MSAN_MAYBE_INTERCEPT___WCSFTIME_L
632#endif
633
634INTERCEPTOR(int, mbtowc, wchar_t *dest, const char *src, SIZE_T n) {
635 ENSURE_MSAN_INITED();
636 int res = REAL(mbtowc)(dest, src, n);
637 if (res != -1 && dest) __msan_unpoison(a: dest, size: sizeof(wchar_t));
638 return res;
639}
640
641INTERCEPTOR(SIZE_T, mbrtowc, wchar_t *dest, const char *src, SIZE_T n,
642 void *ps) {
643 ENSURE_MSAN_INITED();
644 SIZE_T res = REAL(mbrtowc)(dest, src, n, ps);
645 if (res != (SIZE_T)-1 && dest) __msan_unpoison(a: dest, size: sizeof(wchar_t));
646 return res;
647}
648
649// wchar_t *wmemcpy(wchar_t *dest, const wchar_t *src, SIZE_T n);
650INTERCEPTOR(wchar_t *, wmemcpy, wchar_t *dest, const wchar_t *src, SIZE_T n) {
651 ENSURE_MSAN_INITED();
652 GET_STORE_STACK_TRACE;
653 wchar_t *res = REAL(wmemcpy)(dest, src, n);
654 CopyShadowAndOrigin(dst: dest, src, size: n * sizeof(wchar_t), stack: &stack);
655 return res;
656}
657
658#if !SANITIZER_NETBSD
659INTERCEPTOR(wchar_t *, wmempcpy, wchar_t *dest, const wchar_t *src, SIZE_T n) {
660 ENSURE_MSAN_INITED();
661 GET_STORE_STACK_TRACE;
662 wchar_t *res = REAL(wmempcpy)(dest, src, n);
663 CopyShadowAndOrigin(dst: dest, src, size: n * sizeof(wchar_t), stack: &stack);
664 return res;
665}
666#define MSAN_MAYBE_INTERCEPT_WMEMPCPY INTERCEPT_FUNCTION(wmempcpy)
667#else
668#define MSAN_MAYBE_INTERCEPT_WMEMPCPY
669#endif
670
671INTERCEPTOR(wchar_t *, wmemset, wchar_t *s, wchar_t c, SIZE_T n) {
672 CHECK(MEM_IS_APP(s));
673 ENSURE_MSAN_INITED();
674 wchar_t *res = REAL(wmemset)(s, c, n);
675 __msan_unpoison(a: s, size: n * sizeof(wchar_t));
676 return res;
677}
678
679INTERCEPTOR(wchar_t *, wmemmove, wchar_t *dest, const wchar_t *src, SIZE_T n) {
680 ENSURE_MSAN_INITED();
681 GET_STORE_STACK_TRACE;
682 wchar_t *res = REAL(wmemmove)(dest, src, n);
683 MoveShadowAndOrigin(dst: dest, src, size: n * sizeof(wchar_t), stack: &stack);
684 return res;
685}
686
687INTERCEPTOR(int, wcscmp, const wchar_t *s1, const wchar_t *s2) {
688 ENSURE_MSAN_INITED();
689 int res = REAL(wcscmp)(s1, s2);
690 return res;
691}
692
693INTERCEPTOR(int, gettimeofday, void *tv, void *tz) {
694 ENSURE_MSAN_INITED();
695 int res = REAL(gettimeofday)(tv, tz);
696 if (tv)
697 __msan_unpoison(a: tv, size: 16);
698 if (tz)
699 __msan_unpoison(a: tz, size: 8);
700 return res;
701}
702
703#if !SANITIZER_NETBSD
704INTERCEPTOR(char *, fcvt, double x, int a, int *b, int *c) {
705 ENSURE_MSAN_INITED();
706 char *res = REAL(fcvt)(x, a, b, c);
707 __msan_unpoison(a: b, size: sizeof(*b));
708 __msan_unpoison(a: c, size: sizeof(*c));
709 if (res)
710 __msan_unpoison(a: res, size: internal_strlen(s: res) + 1);
711 return res;
712}
713#define MSAN_MAYBE_INTERCEPT_FCVT INTERCEPT_FUNCTION(fcvt)
714#else
715#define MSAN_MAYBE_INTERCEPT_FCVT
716#endif
717
718INTERCEPTOR(char *, getenv, char *name) {
719 if (msan_init_is_running)
720 return REAL(getenv)(name);
721 ENSURE_MSAN_INITED();
722 char *res = REAL(getenv)(name);
723 if (res)
724 __msan_unpoison(a: res, size: internal_strlen(s: res) + 1);
725 return res;
726}
727
728extern char **environ;
729
730static void UnpoisonEnviron() {
731 char **envp = environ;
732 for (; *envp; ++envp) {
733 __msan_unpoison(a: envp, size: sizeof(*envp));
734 __msan_unpoison(a: *envp, size: internal_strlen(s: *envp) + 1);
735 }
736 // Trailing NULL pointer.
737 __msan_unpoison(a: envp, size: sizeof(*envp));
738}
739
740INTERCEPTOR(int, setenv, const char *name, const char *value, int overwrite) {
741 ENSURE_MSAN_INITED();
742 CHECK_UNPOISONED_STRING(name, 0);
743 int res = REAL(setenv)(name, value, overwrite);
744 if (!res) UnpoisonEnviron();
745 return res;
746}
747
748INTERCEPTOR(int, putenv, char *string) {
749 ENSURE_MSAN_INITED();
750 int res = REAL(putenv)(string);
751 if (!res) UnpoisonEnviron();
752 return res;
753}
754
755#define SANITIZER_STAT_LINUX (SANITIZER_LINUX && __GLIBC_PREREQ(2, 33))
756#if SANITIZER_FREEBSD || SANITIZER_NETBSD || SANITIZER_STAT_LINUX
757INTERCEPTOR(int, fstat, int fd, void *buf) {
758 ENSURE_MSAN_INITED();
759 int res = REAL(fstat)(fd, buf);
760 if (!res)
761 __msan_unpoison(a: buf, size: __sanitizer::struct_stat_sz);
762 return res;
763}
764# define MSAN_MAYBE_INTERCEPT_FSTAT MSAN_INTERCEPT_FUNC(fstat)
765#else
766#define MSAN_MAYBE_INTERCEPT_FSTAT
767#endif
768
769#if SANITIZER_STAT_LINUX
770INTERCEPTOR(int, fstat64, int fd, void *buf) {
771 ENSURE_MSAN_INITED();
772 int res = REAL(fstat64)(fd, buf);
773 if (!res)
774 __msan_unpoison(a: buf, size: __sanitizer::struct_stat64_sz);
775 return res;
776}
777# define MSAN_MAYBE_INTERCEPT_FSTAT64 MSAN_INTERCEPT_FUNC(fstat64)
778#else
779# define MSAN_MAYBE_INTERCEPT_FSTAT64
780#endif
781
782#if SANITIZER_GLIBC
783INTERCEPTOR(int, __fxstat, int magic, int fd, void *buf) {
784 ENSURE_MSAN_INITED();
785 int res = REAL(__fxstat)(magic, fd, buf);
786 if (!res)
787 __msan_unpoison(a: buf, size: __sanitizer::struct_stat_sz);
788 return res;
789}
790# define MSAN_MAYBE_INTERCEPT___FXSTAT MSAN_INTERCEPT_FUNC(__fxstat)
791#else
792#define MSAN_MAYBE_INTERCEPT___FXSTAT
793#endif
794
795#if SANITIZER_GLIBC
796INTERCEPTOR(int, __fxstat64, int magic, int fd, void *buf) {
797 ENSURE_MSAN_INITED();
798 int res = REAL(__fxstat64)(magic, fd, buf);
799 if (!res)
800 __msan_unpoison(a: buf, size: __sanitizer::struct_stat64_sz);
801 return res;
802}
803# define MSAN_MAYBE_INTERCEPT___FXSTAT64 MSAN_INTERCEPT_FUNC(__fxstat64)
804#else
805# define MSAN_MAYBE_INTERCEPT___FXSTAT64
806#endif
807
808#if SANITIZER_FREEBSD || SANITIZER_NETBSD || SANITIZER_STAT_LINUX
809INTERCEPTOR(int, fstatat, int fd, char *pathname, void *buf, int flags) {
810 ENSURE_MSAN_INITED();
811 int res = REAL(fstatat)(fd, pathname, buf, flags);
812 if (!res) __msan_unpoison(a: buf, size: __sanitizer::struct_stat_sz);
813 return res;
814}
815# define MSAN_MAYBE_INTERCEPT_FSTATAT MSAN_INTERCEPT_FUNC(fstatat)
816#else
817# define MSAN_MAYBE_INTERCEPT_FSTATAT
818#endif
819
820#if SANITIZER_STAT_LINUX
821INTERCEPTOR(int, fstatat64, int fd, char *pathname, void *buf, int flags) {
822 ENSURE_MSAN_INITED();
823 int res = REAL(fstatat64)(fd, pathname, buf, flags);
824 if (!res)
825 __msan_unpoison(a: buf, size: __sanitizer::struct_stat64_sz);
826 return res;
827}
828# define MSAN_MAYBE_INTERCEPT_FSTATAT64 MSAN_INTERCEPT_FUNC(fstatat64)
829#else
830# define MSAN_MAYBE_INTERCEPT_FSTATAT64
831#endif
832
833#if SANITIZER_GLIBC
834INTERCEPTOR(int, __fxstatat, int magic, int fd, char *pathname, void *buf,
835 int flags) {
836 ENSURE_MSAN_INITED();
837 int res = REAL(__fxstatat)(magic, fd, pathname, buf, flags);
838 if (!res) __msan_unpoison(a: buf, size: __sanitizer::struct_stat_sz);
839 return res;
840}
841# define MSAN_MAYBE_INTERCEPT___FXSTATAT MSAN_INTERCEPT_FUNC(__fxstatat)
842#else
843# define MSAN_MAYBE_INTERCEPT___FXSTATAT
844#endif
845
846#if SANITIZER_GLIBC
847INTERCEPTOR(int, __fxstatat64, int magic, int fd, char *pathname, void *buf,
848 int flags) {
849 ENSURE_MSAN_INITED();
850 int res = REAL(__fxstatat64)(magic, fd, pathname, buf, flags);
851 if (!res) __msan_unpoison(a: buf, size: __sanitizer::struct_stat64_sz);
852 return res;
853}
854# define MSAN_MAYBE_INTERCEPT___FXSTATAT64 MSAN_INTERCEPT_FUNC(__fxstatat64)
855#else
856# define MSAN_MAYBE_INTERCEPT___FXSTATAT64
857#endif
858
859INTERCEPTOR(int, pipe, int pipefd[2]) {
860 if (msan_init_is_running)
861 return REAL(pipe)(pipefd);
862 ENSURE_MSAN_INITED();
863 int res = REAL(pipe)(pipefd);
864 if (!res)
865 __msan_unpoison(a: pipefd, size: sizeof(int[2]));
866 return res;
867}
868
869INTERCEPTOR(int, pipe2, int pipefd[2], int flags) {
870 ENSURE_MSAN_INITED();
871 int res = REAL(pipe2)(pipefd, flags);
872 if (!res)
873 __msan_unpoison(a: pipefd, size: sizeof(int[2]));
874 return res;
875}
876
877INTERCEPTOR(int, socketpair, int domain, int type, int protocol, int sv[2]) {
878 ENSURE_MSAN_INITED();
879 int res = REAL(socketpair)(domain, type, protocol, sv);
880 if (!res)
881 __msan_unpoison(a: sv, size: sizeof(int[2]));
882 return res;
883}
884
885#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
886INTERCEPTOR(char *, fgets_unlocked, char *s, int size, void *stream) {
887 ENSURE_MSAN_INITED();
888 char *res = REAL(fgets_unlocked)(s, size, stream);
889 if (res)
890 __msan_unpoison(a: s, size: internal_strlen(s) + 1);
891 return res;
892}
893#define MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED INTERCEPT_FUNCTION(fgets_unlocked)
894#else
895#define MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED
896#endif
897
898#define INTERCEPTOR_GETRLIMIT_BODY(func, resource, rlim) \
899 if (msan_init_is_running) \
900 return REAL(getrlimit)(resource, rlim); \
901 ENSURE_MSAN_INITED(); \
902 int res = REAL(func)(resource, rlim); \
903 if (!res) \
904 __msan_unpoison(rlim, __sanitizer::struct_rlimit_sz); \
905 return res
906
907INTERCEPTOR(int, getrlimit, int resource, void *rlim) {
908 INTERCEPTOR_GETRLIMIT_BODY(getrlimit, resource, rlim);
909}
910
911#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
912INTERCEPTOR(int, __getrlimit, int resource, void *rlim) {
913 INTERCEPTOR_GETRLIMIT_BODY(__getrlimit, resource, rlim);
914}
915
916INTERCEPTOR(int, getrlimit64, int resource, void *rlim) {
917 if (msan_init_is_running) return REAL(getrlimit64)(resource, rlim);
918 ENSURE_MSAN_INITED();
919 int res = REAL(getrlimit64)(resource, rlim);
920 if (!res) __msan_unpoison(a: rlim, size: __sanitizer::struct_rlimit64_sz);
921 return res;
922}
923
924INTERCEPTOR(int, prlimit, int pid, int resource, void *new_rlimit,
925 void *old_rlimit) {
926 if (msan_init_is_running)
927 return REAL(prlimit)(pid, resource, new_rlimit, old_rlimit);
928 ENSURE_MSAN_INITED();
929 CHECK_UNPOISONED(new_rlimit, __sanitizer::struct_rlimit_sz);
930 int res = REAL(prlimit)(pid, resource, new_rlimit, old_rlimit);
931 if (!res) __msan_unpoison(a: old_rlimit, size: __sanitizer::struct_rlimit_sz);
932 return res;
933}
934
935INTERCEPTOR(int, prlimit64, int pid, int resource, void *new_rlimit,
936 void *old_rlimit) {
937 if (msan_init_is_running)
938 return REAL(prlimit64)(pid, resource, new_rlimit, old_rlimit);
939 ENSURE_MSAN_INITED();
940 CHECK_UNPOISONED(new_rlimit, __sanitizer::struct_rlimit64_sz);
941 int res = REAL(prlimit64)(pid, resource, new_rlimit, old_rlimit);
942 if (!res) __msan_unpoison(a: old_rlimit, size: __sanitizer::struct_rlimit64_sz);
943 return res;
944}
945
946#define MSAN_MAYBE_INTERCEPT___GETRLIMIT INTERCEPT_FUNCTION(__getrlimit)
947#define MSAN_MAYBE_INTERCEPT_GETRLIMIT64 INTERCEPT_FUNCTION(getrlimit64)
948#define MSAN_MAYBE_INTERCEPT_PRLIMIT INTERCEPT_FUNCTION(prlimit)
949#define MSAN_MAYBE_INTERCEPT_PRLIMIT64 INTERCEPT_FUNCTION(prlimit64)
950#else
951#define MSAN_MAYBE_INTERCEPT___GETRLIMIT
952#define MSAN_MAYBE_INTERCEPT_GETRLIMIT64
953#define MSAN_MAYBE_INTERCEPT_PRLIMIT
954#define MSAN_MAYBE_INTERCEPT_PRLIMIT64
955#endif
956
957INTERCEPTOR(int, gethostname, char *name, SIZE_T len) {
958 ENSURE_MSAN_INITED();
959 int res = REAL(gethostname)(name, len);
960 if (!res || (res == -1 && errno == errno_ENAMETOOLONG)) {
961 SIZE_T real_len = internal_strnlen(s: name, maxlen: len);
962 if (real_len < len)
963 ++real_len;
964 __msan_unpoison(a: name, size: real_len);
965 }
966 return res;
967}
968
969#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
970INTERCEPTOR(int, epoll_wait, int epfd, void *events, int maxevents,
971 int timeout) {
972 ENSURE_MSAN_INITED();
973 int res = REAL(epoll_wait)(epfd, events, maxevents, timeout);
974 if (res > 0) {
975 __msan_unpoison(a: events, size: __sanitizer::struct_epoll_event_sz * res);
976 }
977 return res;
978}
979#define MSAN_MAYBE_INTERCEPT_EPOLL_WAIT INTERCEPT_FUNCTION(epoll_wait)
980#else
981#define MSAN_MAYBE_INTERCEPT_EPOLL_WAIT
982#endif
983
984#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
985INTERCEPTOR(int, epoll_pwait, int epfd, void *events, int maxevents,
986 int timeout, void *sigmask) {
987 ENSURE_MSAN_INITED();
988 int res = REAL(epoll_pwait)(epfd, events, maxevents, timeout, sigmask);
989 if (res > 0) {
990 __msan_unpoison(a: events, size: __sanitizer::struct_epoll_event_sz * res);
991 }
992 return res;
993}
994#define MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT INTERCEPT_FUNCTION(epoll_pwait)
995#else
996#define MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT
997#endif
998
999INTERCEPTOR(void *, calloc, SIZE_T nmemb, SIZE_T size) {
1000 GET_MALLOC_STACK_TRACE;
1001 if (DlsymAlloc::Use())
1002 return DlsymAlloc::Callocate(nmemb, size);
1003 return msan_calloc(nmemb, size, stack: &stack);
1004}
1005
1006INTERCEPTOR(void *, realloc, void *ptr, SIZE_T size) {
1007 if (DlsymAlloc::Use() || DlsymAlloc::PointerIsMine(ptr))
1008 return DlsymAlloc::Realloc(ptr, new_size: size);
1009 GET_MALLOC_STACK_TRACE;
1010 return msan_realloc(ptr, size, stack: &stack);
1011}
1012
1013INTERCEPTOR(void *, reallocarray, void *ptr, SIZE_T nmemb, SIZE_T size) {
1014 GET_MALLOC_STACK_TRACE;
1015 return msan_reallocarray(ptr, nmemb, size, stack: &stack);
1016}
1017
1018INTERCEPTOR(void *, malloc, SIZE_T size) {
1019 if (DlsymAlloc::Use())
1020 return DlsymAlloc::Allocate(size_in_bytes: size);
1021 GET_MALLOC_STACK_TRACE;
1022 return msan_malloc(size, stack: &stack);
1023}
1024
1025void __msan_allocated_memory(const void *data, uptr size) {
1026 if (flags()->poison_in_malloc) {
1027 GET_MALLOC_STACK_TRACE;
1028 stack.tag = STACK_TRACE_TAG_POISON;
1029 PoisonMemory(dst: data, size, stack: &stack);
1030 }
1031}
1032
1033void __msan_copy_shadow(void *dest, const void *src, uptr n) {
1034 GET_STORE_STACK_TRACE;
1035 MoveShadowAndOrigin(dst: dest, src, size: n, stack: &stack);
1036}
1037
1038void __sanitizer_dtor_callback(const void *data, uptr size) {
1039 if (flags()->poison_in_dtor) {
1040 GET_MALLOC_STACK_TRACE;
1041 stack.tag = STACK_TRACE_TAG_POISON;
1042 PoisonMemory(dst: data, size, stack: &stack);
1043 }
1044}
1045
1046void __sanitizer_dtor_callback_fields(const void *data, uptr size) {
1047 if (flags()->poison_in_dtor) {
1048 GET_MALLOC_STACK_TRACE;
1049 stack.tag = STACK_TRACE_TAG_FIELDS;
1050 PoisonMemory(dst: data, size, stack: &stack);
1051 }
1052}
1053
1054void __sanitizer_dtor_callback_vptr(const void *data) {
1055 if (flags()->poison_in_dtor) {
1056 GET_MALLOC_STACK_TRACE;
1057 stack.tag = STACK_TRACE_TAG_VPTR;
1058 PoisonMemory(dst: data, size: sizeof(void *), stack: &stack);
1059 }
1060}
1061
1062template <class Mmap>
1063static void *mmap_interceptor(Mmap real_mmap, void *addr, SIZE_T length,
1064 int prot, int flags, int fd, OFF64_T offset) {
1065 SIZE_T rounded_length = RoundUpTo(size: length, boundary: GetPageSize());
1066 void *end_addr = (char *)addr + (rounded_length - 1);
1067 if (addr && (!MEM_IS_APP(addr) || !MEM_IS_APP(end_addr))) {
1068 if (flags & map_fixed) {
1069 errno = errno_EINVAL;
1070 return (void *)-1;
1071 } else {
1072 addr = nullptr;
1073 }
1074 }
1075 void *res = real_mmap(addr, length, prot, flags, fd, offset);
1076 if (res != (void *)-1) {
1077 void *end_res = (char *)res + (rounded_length - 1);
1078 if (MEM_IS_APP(res) && MEM_IS_APP(end_res)) {
1079 __msan_unpoison(a: res, size: rounded_length);
1080 } else {
1081 // Application has attempted to map more memory than is supported by
1082 // MSAN. Act as if we ran out of memory.
1083 internal_munmap(addr: res, length);
1084 errno = errno_ENOMEM;
1085 return (void *)-1;
1086 }
1087 }
1088 return res;
1089}
1090
1091INTERCEPTOR(int, getrusage, int who, void *usage) {
1092 ENSURE_MSAN_INITED();
1093 int res = REAL(getrusage)(who, usage);
1094 if (res == 0) {
1095 __msan_unpoison(a: usage, size: __sanitizer::struct_rusage_sz);
1096 }
1097 return res;
1098}
1099
1100class SignalHandlerScope {
1101 public:
1102 SignalHandlerScope() {
1103 if (MsanThread *t = GetCurrentThread())
1104 t->EnterSignalHandler();
1105 }
1106 ~SignalHandlerScope() {
1107 if (MsanThread *t = GetCurrentThread())
1108 t->LeaveSignalHandler();
1109 }
1110};
1111
1112// sigactions_mu guarantees atomicity of sigaction() and signal() calls.
1113// Access to sigactions[] is gone with relaxed atomics to avoid data race with
1114// the signal handler.
1115const int kMaxSignals = 1024;
1116static atomic_uintptr_t sigactions[kMaxSignals];
1117static StaticSpinMutex sigactions_mu;
1118
1119static void SignalHandler(int signo) {
1120 SignalHandlerScope signal_handler_scope;
1121 ScopedThreadLocalStateBackup stlsb;
1122 UnpoisonParam(n: 1);
1123
1124 typedef void (*signal_cb)(int x);
1125 signal_cb cb =
1126 (signal_cb)atomic_load(a: &sigactions[signo], mo: memory_order_relaxed);
1127 cb(signo);
1128}
1129
1130static void SignalAction(int signo, void *si, void *uc) {
1131 SignalHandlerScope signal_handler_scope;
1132 ScopedThreadLocalStateBackup stlsb;
1133 UnpoisonParam(n: 3);
1134 __msan_unpoison(a: si, size: sizeof(__sanitizer_sigaction));
1135 __msan_unpoison(a: uc, size: ucontext_t_sz(uctx: uc));
1136
1137 typedef void (*sigaction_cb)(int, void *, void *);
1138 sigaction_cb cb =
1139 (sigaction_cb)atomic_load(a: &sigactions[signo], mo: memory_order_relaxed);
1140 cb(signo, si, uc);
1141 CHECK_UNPOISONED(uc, ucontext_t_sz(uc));
1142}
1143
1144static void read_sigaction(const __sanitizer_sigaction *act) {
1145 CHECK_UNPOISONED(&act->sa_flags, sizeof(act->sa_flags));
1146 if (act->sa_flags & __sanitizer::sa_siginfo)
1147 CHECK_UNPOISONED(&act->sigaction, sizeof(act->sigaction));
1148 else
1149 CHECK_UNPOISONED(&act->handler, sizeof(act->handler));
1150 CHECK_UNPOISONED(&act->sa_mask, sizeof(act->sa_mask));
1151}
1152
1153extern "C" int pthread_attr_init(void *attr);
1154extern "C" int pthread_attr_destroy(void *attr);
1155
1156static void *MsanThreadStartFunc(void *arg) {
1157 MsanThread *t = (MsanThread *)arg;
1158 SetCurrentThread(t);
1159 t->Init();
1160 SetSigProcMask(set: &t->starting_sigset_, oldset: nullptr);
1161 return t->ThreadStart();
1162}
1163
1164INTERCEPTOR(int, pthread_create, void *th, void *attr, void *(*callback)(void*),
1165 void * param) {
1166 ENSURE_MSAN_INITED(); // for GetTlsSize()
1167 __sanitizer_pthread_attr_t myattr;
1168 if (!attr) {
1169 pthread_attr_init(attr: &myattr);
1170 attr = &myattr;
1171 }
1172
1173 AdjustStackSize(attr);
1174
1175 MsanThread *t = MsanThread::Create(start_routine: callback, arg: param);
1176 ScopedBlockSignals block(&t->starting_sigset_);
1177 int res = REAL(pthread_create)(th, attr, MsanThreadStartFunc, t);
1178
1179 if (attr == &myattr)
1180 pthread_attr_destroy(attr: &myattr);
1181 if (!res) {
1182 __msan_unpoison(a: th, size: __sanitizer::pthread_t_sz);
1183 }
1184 return res;
1185}
1186
1187INTERCEPTOR(int, pthread_key_create, __sanitizer_pthread_key_t *key,
1188 void (*dtor)(void *value)) {
1189 if (msan_init_is_running) return REAL(pthread_key_create)(key, dtor);
1190 ENSURE_MSAN_INITED();
1191 int res = REAL(pthread_key_create)(key, dtor);
1192 if (!res && key)
1193 __msan_unpoison(a: key, size: sizeof(*key));
1194 return res;
1195}
1196
1197#if SANITIZER_NETBSD
1198INTERCEPTOR(int, __libc_thr_keycreate, __sanitizer_pthread_key_t *m,
1199 void (*dtor)(void *value))
1200ALIAS(WRAP(pthread_key_create));
1201#endif
1202
1203INTERCEPTOR(int, pthread_join, void *thread, void **retval) {
1204 ENSURE_MSAN_INITED();
1205 int res = REAL(pthread_join)(thread, retval);
1206 if (!res && retval)
1207 __msan_unpoison(a: retval, size: sizeof(*retval));
1208 return res;
1209}
1210
1211#if SANITIZER_GLIBC
1212INTERCEPTOR(int, pthread_tryjoin_np, void *thread, void **retval) {
1213 ENSURE_MSAN_INITED();
1214 int res = REAL(pthread_tryjoin_np)(thread, retval);
1215 if (!res && retval)
1216 __msan_unpoison(a: retval, size: sizeof(*retval));
1217 return res;
1218}
1219
1220INTERCEPTOR(int, pthread_timedjoin_np, void *thread, void **retval,
1221 const struct timespec *abstime) {
1222 int res = REAL(pthread_timedjoin_np)(thread, retval, abstime);
1223 if (!res && retval)
1224 __msan_unpoison(a: retval, size: sizeof(*retval));
1225 return res;
1226}
1227#endif
1228
1229DEFINE_INTERNAL_PTHREAD_FUNCTIONS
1230
1231extern char *tzname[2];
1232
1233INTERCEPTOR(void, tzset, int fake) {
1234 ENSURE_MSAN_INITED();
1235 InterceptorScope interceptor_scope;
1236 REAL(tzset)(fake);
1237 if (tzname[0])
1238 __msan_unpoison(a: tzname[0], size: internal_strlen(s: tzname[0]) + 1);
1239 if (tzname[1])
1240 __msan_unpoison(a: tzname[1], size: internal_strlen(s: tzname[1]) + 1);
1241 return;
1242}
1243
1244struct MSanAtExitRecord {
1245 void (*func)(void *arg);
1246 void *arg;
1247};
1248
1249struct InterceptorContext {
1250 Mutex atexit_mu;
1251 Vector<struct MSanAtExitRecord *> AtExitStack;
1252
1253 InterceptorContext()
1254 : AtExitStack() {
1255 }
1256};
1257
1258alignas(64) static char interceptor_placeholder[sizeof(InterceptorContext)];
1259InterceptorContext *interceptor_ctx() {
1260 return reinterpret_cast<InterceptorContext*>(&interceptor_placeholder[0]);
1261}
1262
1263void MSanAtExitWrapper() {
1264 MSanAtExitRecord *r;
1265 {
1266 Lock l(&interceptor_ctx()->atexit_mu);
1267
1268 uptr element = interceptor_ctx()->AtExitStack.Size() - 1;
1269 r = interceptor_ctx()->AtExitStack[element];
1270 interceptor_ctx()->AtExitStack.PopBack();
1271 }
1272
1273 UnpoisonParam(n: 1);
1274 ((void(*)())r->func)();
1275 InternalFree(p: r);
1276}
1277
1278void MSanCxaAtExitWrapper(void *arg) {
1279 UnpoisonParam(n: 1);
1280 MSanAtExitRecord *r = (MSanAtExitRecord *)arg;
1281 // libc before 2.27 had race which caused occasional double handler execution
1282 // https://sourceware.org/ml/libc-alpha/2017-08/msg01204.html
1283 if (!r->func)
1284 return;
1285 r->func(r->arg);
1286 r->func = nullptr;
1287}
1288
1289static int setup_at_exit_wrapper(void(*f)(), void *arg, void *dso);
1290
1291// Unpoison argument shadow for C++ module destructors.
1292INTERCEPTOR(int, __cxa_atexit, void (*func)(void *), void *arg,
1293 void *dso_handle) {
1294 if (msan_init_is_running) return REAL(__cxa_atexit)(func, arg, dso_handle);
1295 return setup_at_exit_wrapper(f: (void(*)())func, arg, dso: dso_handle);
1296}
1297
1298// Unpoison argument shadow for C++ module destructors.
1299INTERCEPTOR(int, atexit, void (*func)()) {
1300 // Avoid calling real atexit as it is unreachable on at least on Linux.
1301 if (msan_init_is_running)
1302 return REAL(__cxa_atexit)((void (*)(void *a))func, 0, 0);
1303 return setup_at_exit_wrapper(f: (void(*)())func, arg: 0, dso: 0);
1304}
1305
1306static int setup_at_exit_wrapper(void(*f)(), void *arg, void *dso) {
1307 ENSURE_MSAN_INITED();
1308 MSanAtExitRecord *r =
1309 (MSanAtExitRecord *)InternalAlloc(size: sizeof(MSanAtExitRecord));
1310 r->func = (void(*)(void *a))f;
1311 r->arg = arg;
1312 int res;
1313 if (!dso) {
1314 // NetBSD does not preserve the 2nd argument if dso is equal to 0
1315 // Store ctx in a local stack-like structure
1316
1317 Lock l(&interceptor_ctx()->atexit_mu);
1318
1319 res = REAL(__cxa_atexit)((void (*)(void *a))MSanAtExitWrapper, 0, 0);
1320 if (!res) {
1321 interceptor_ctx()->AtExitStack.PushBack(v: r);
1322 }
1323 } else {
1324 res = REAL(__cxa_atexit)(MSanCxaAtExitWrapper, r, dso);
1325 }
1326 return res;
1327}
1328
1329// NetBSD ships with openpty(3) in -lutil, that needs to be prebuilt explicitly
1330// with MSan.
1331#if SANITIZER_LINUX
1332INTERCEPTOR(int, openpty, int *aparent, int *aworker, char *name,
1333 const void *termp, const void *winp) {
1334 ENSURE_MSAN_INITED();
1335 InterceptorScope interceptor_scope;
1336 int res = REAL(openpty)(aparent, aworker, name, termp, winp);
1337 if (!res) {
1338 __msan_unpoison(a: aparent, size: sizeof(*aparent));
1339 __msan_unpoison(a: aworker, size: sizeof(*aworker));
1340 }
1341 return res;
1342}
1343#define MSAN_MAYBE_INTERCEPT_OPENPTY INTERCEPT_FUNCTION(openpty)
1344#else
1345#define MSAN_MAYBE_INTERCEPT_OPENPTY
1346#endif
1347
1348// NetBSD ships with forkpty(3) in -lutil, that needs to be prebuilt explicitly
1349// with MSan.
1350#if SANITIZER_LINUX
1351INTERCEPTOR(int, forkpty, int *aparent, char *name, const void *termp,
1352 const void *winp) {
1353 ENSURE_MSAN_INITED();
1354 InterceptorScope interceptor_scope;
1355 int res = REAL(forkpty)(aparent, name, termp, winp);
1356 if (res != -1)
1357 __msan_unpoison(a: aparent, size: sizeof(*aparent));
1358 return res;
1359}
1360#define MSAN_MAYBE_INTERCEPT_FORKPTY INTERCEPT_FUNCTION(forkpty)
1361#else
1362#define MSAN_MAYBE_INTERCEPT_FORKPTY
1363#endif
1364
1365struct MSanInterceptorContext {
1366 bool in_interceptor_scope;
1367};
1368
1369namespace __msan {
1370
1371int OnExit() {
1372 // FIXME: ask frontend whether we need to return failure.
1373 return 0;
1374}
1375
1376} // namespace __msan
1377
1378// A version of CHECK_UNPOISONED using a saved scope value. Used in common
1379// interceptors.
1380#define CHECK_UNPOISONED_CTX(ctx, x, n) \
1381 do { \
1382 if (!((MSanInterceptorContext *)ctx)->in_interceptor_scope) \
1383 CHECK_UNPOISONED_0(x, n); \
1384 } while (0)
1385
1386#define MSAN_INTERCEPT_FUNC(name) \
1387 do { \
1388 if (!INTERCEPT_FUNCTION(name)) \
1389 VReport(1, "MemorySanitizer: failed to intercept '%s'\n", #name); \
1390 } while (0)
1391
1392#define MSAN_INTERCEPT_FUNC_VER(name, ver) \
1393 do { \
1394 if (!INTERCEPT_FUNCTION_VER(name, ver)) \
1395 VReport(1, "MemorySanitizer: failed to intercept '%s@@%s'\n", #name, \
1396 ver); \
1397 } while (0)
1398#define MSAN_INTERCEPT_FUNC_VER_UNVERSIONED_FALLBACK(name, ver) \
1399 do { \
1400 if (!INTERCEPT_FUNCTION_VER(name, ver) && !INTERCEPT_FUNCTION(name)) \
1401 VReport(1, "MemorySanitizer: failed to intercept '%s@@%s' or '%s'\n", \
1402 #name, ver, #name); \
1403 } while (0)
1404
1405#define COMMON_INTERCEPT_FUNCTION(name) MSAN_INTERCEPT_FUNC(name)
1406#define COMMON_INTERCEPT_FUNCTION_VER(name, ver) \
1407 MSAN_INTERCEPT_FUNC_VER(name, ver)
1408#define COMMON_INTERCEPT_FUNCTION_VER_UNVERSIONED_FALLBACK(name, ver) \
1409 MSAN_INTERCEPT_FUNC_VER_UNVERSIONED_FALLBACK(name, ver)
1410#define COMMON_INTERCEPTOR_UNPOISON_PARAM(count) \
1411 UnpoisonParam(count)
1412#define COMMON_INTERCEPTOR_WRITE_RANGE(ctx, ptr, size) \
1413 __msan_unpoison(ptr, size)
1414#define COMMON_INTERCEPTOR_READ_RANGE(ctx, ptr, size) \
1415 CHECK_UNPOISONED_CTX(ctx, ptr, size)
1416#define COMMON_INTERCEPTOR_INITIALIZE_RANGE(ptr, size) \
1417 __msan_unpoison(ptr, size)
1418#define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \
1419 if (msan_init_is_running) \
1420 return REAL(func)(__VA_ARGS__); \
1421 ENSURE_MSAN_INITED(); \
1422 MSanInterceptorContext msan_ctx = {IsInInterceptorScope()}; \
1423 ctx = (void *)&msan_ctx; \
1424 (void)ctx; \
1425 InterceptorScope interceptor_scope; \
1426 __msan_unpoison(__errno_location(), sizeof(int));
1427#define COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path) \
1428 do { \
1429 } while (false)
1430#define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \
1431 do { \
1432 } while (false)
1433#define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \
1434 do { \
1435 } while (false)
1436#define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \
1437 do { \
1438 } while (false)
1439#define COMMON_INTERCEPTOR_SET_THREAD_NAME(ctx, name) \
1440 do { \
1441 } while (false) // FIXME
1442#define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \
1443 do { \
1444 } while (false) // FIXME
1445#define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name)
1446#define COMMON_INTERCEPTOR_ON_EXIT(ctx) OnExit()
1447#define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle) \
1448 do { \
1449 link_map *map = GET_LINK_MAP_BY_DLOPEN_HANDLE((handle)); \
1450 if (filename && map) \
1451 ForEachMappedRegion(map, __msan_unpoison); \
1452 } while (false)
1453
1454#define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED (!msan_inited)
1455
1456#define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) \
1457 if (MsanThread *t = GetCurrentThread()) { \
1458 *begin = t->tls_begin(); \
1459 *end = t->tls_end(); \
1460 } else { \
1461 *begin = *end = 0; \
1462 }
1463
1464#define COMMON_INTERCEPTOR_MEMSET_IMPL(ctx, block, c, size) \
1465 { \
1466 (void)ctx; \
1467 return __msan_memset(block, c, size); \
1468 }
1469#define COMMON_INTERCEPTOR_MEMMOVE_IMPL(ctx, to, from, size) \
1470 { \
1471 (void)ctx; \
1472 return __msan_memmove(to, from, size); \
1473 }
1474#define COMMON_INTERCEPTOR_MEMCPY_IMPL(ctx, to, from, size) \
1475 { \
1476 (void)ctx; \
1477 return __msan_memcpy(to, from, size); \
1478 }
1479
1480#define COMMON_INTERCEPTOR_COPY_STRING(ctx, to, from, size) \
1481 do { \
1482 GET_STORE_STACK_TRACE; \
1483 CopyShadowAndOrigin(to, from, size, &stack); \
1484 __msan_unpoison(to + size, 1); \
1485 } while (false)
1486
1487#define COMMON_INTERCEPTOR_MMAP_IMPL(ctx, mmap, addr, length, prot, flags, fd, \
1488 offset) \
1489 do { \
1490 return mmap_interceptor(REAL(mmap), addr, sz, prot, flags, fd, off); \
1491 } while (false)
1492
1493#include "sanitizer_common/sanitizer_platform_interceptors.h"
1494#include "sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc"
1495#include "sanitizer_common/sanitizer_common_interceptors.inc"
1496
1497static uptr signal_impl(int signo, uptr cb);
1498static int sigaction_impl(int signo, const __sanitizer_sigaction *act,
1499 __sanitizer_sigaction *oldact);
1500
1501#define SIGNAL_INTERCEPTOR_SIGACTION_IMPL(signo, act, oldact) \
1502 { return sigaction_impl(signo, act, oldact); }
1503
1504#define SIGNAL_INTERCEPTOR_SIGNAL_IMPL(func, signo, handler) \
1505 { \
1506 handler = signal_impl(signo, handler); \
1507 InterceptorScope interceptor_scope; \
1508 return REAL(func)(signo, handler); \
1509 }
1510
1511#define SIGNAL_INTERCEPTOR_ENTER() ENSURE_MSAN_INITED()
1512
1513#include "sanitizer_common/sanitizer_signal_interceptors.inc"
1514
1515static int sigaction_impl(int signo, const __sanitizer_sigaction *act,
1516 __sanitizer_sigaction *oldact) {
1517 ENSURE_MSAN_INITED();
1518 if (signo <= 0 || signo >= kMaxSignals) {
1519 errno = errno_EINVAL;
1520 return -1;
1521 }
1522 if (act) read_sigaction(act);
1523 int res;
1524 if (flags()->wrap_signals) {
1525 SpinMutexLock lock(&sigactions_mu);
1526 uptr old_cb = atomic_load(a: &sigactions[signo], mo: memory_order_relaxed);
1527 __sanitizer_sigaction new_act;
1528 __sanitizer_sigaction *pnew_act = act ? &new_act : nullptr;
1529 if (act) {
1530 REAL(memcpy)(pnew_act, act, sizeof(__sanitizer_sigaction));
1531 uptr cb = (uptr)pnew_act->sigaction;
1532 uptr new_cb = (pnew_act->sa_flags & __sanitizer::sa_siginfo)
1533 ? (uptr)SignalAction
1534 : (uptr)SignalHandler;
1535 if (cb != __sanitizer::sig_ign && cb != __sanitizer::sig_dfl) {
1536 atomic_store(a: &sigactions[signo], v: cb, mo: memory_order_relaxed);
1537 pnew_act->sigaction = (decltype(pnew_act->sigaction))new_cb;
1538 }
1539 }
1540 res = REAL(SIGACTION_SYMNAME)(signo, pnew_act, oldact);
1541 if (res == 0 && oldact) {
1542 uptr cb = (uptr)oldact->sigaction;
1543 if (cb == (uptr)SignalAction || cb == (uptr)SignalHandler) {
1544 oldact->sigaction = (decltype(oldact->sigaction))old_cb;
1545 }
1546 }
1547 } else {
1548 res = REAL(SIGACTION_SYMNAME)(signo, act, oldact);
1549 }
1550
1551 if (res == 0 && oldact) {
1552 __msan_unpoison(a: oldact, size: sizeof(__sanitizer_sigaction));
1553 }
1554 return res;
1555}
1556
1557static uptr signal_impl(int signo, uptr cb) {
1558 ENSURE_MSAN_INITED();
1559 if (signo <= 0 || signo >= kMaxSignals) {
1560 errno = errno_EINVAL;
1561 return -1;
1562 }
1563 if (flags()->wrap_signals) {
1564 SpinMutexLock lock(&sigactions_mu);
1565 if (cb != __sanitizer::sig_ign && cb != __sanitizer::sig_dfl) {
1566 atomic_store(a: &sigactions[signo], v: cb, mo: memory_order_relaxed);
1567 cb = (uptr)&SignalHandler;
1568 }
1569 }
1570 return cb;
1571}
1572
1573#define COMMON_SYSCALL_PRE_READ_RANGE(p, s) CHECK_UNPOISONED(p, s)
1574#define COMMON_SYSCALL_PRE_WRITE_RANGE(p, s) \
1575 do { \
1576 } while (false)
1577#define COMMON_SYSCALL_POST_READ_RANGE(p, s) \
1578 do { \
1579 } while (false)
1580#define COMMON_SYSCALL_POST_WRITE_RANGE(p, s) __msan_unpoison(p, s)
1581#include "sanitizer_common/sanitizer_common_syscalls.inc"
1582#include "sanitizer_common/sanitizer_syscalls_netbsd.inc"
1583
1584INTERCEPTOR(const char *, strsignal, int sig) {
1585 void *ctx;
1586 COMMON_INTERCEPTOR_ENTER(ctx, strsignal, sig);
1587 const char *res = REAL(strsignal)(sig);
1588 if (res)
1589 __msan_unpoison(a: res, size: internal_strlen(s: res) + 1);
1590 return res;
1591}
1592
1593INTERCEPTOR(int, dladdr, void *addr, void *info) {
1594 void *ctx;
1595 COMMON_INTERCEPTOR_ENTER(ctx, dladdr, addr, info);
1596 int res = REAL(dladdr)(addr, info);
1597 if (res != 0)
1598 UnpoisonDllAddrInfo(info);
1599 return res;
1600}
1601
1602#if SANITIZER_GLIBC
1603INTERCEPTOR(int, dladdr1, void *addr, void *info, void **extra_info,
1604 int flags) {
1605 void *ctx;
1606 COMMON_INTERCEPTOR_ENTER(ctx, dladdr1, addr, info, extra_info, flags);
1607 int res = REAL(dladdr1)(addr, info, extra_info, flags);
1608 if (res != 0) {
1609 UnpoisonDllAddrInfo(info);
1610 UnpoisonDllAddr1ExtraInfo(extra_info, flags);
1611 }
1612 return res;
1613}
1614# define MSAN_MAYBE_INTERCEPT_DLADDR1 MSAN_INTERCEPT_FUNC(dladdr1)
1615#else
1616#define MSAN_MAYBE_INTERCEPT_DLADDR1
1617#endif
1618
1619INTERCEPTOR(char *, dlerror, int fake) {
1620 void *ctx;
1621 COMMON_INTERCEPTOR_ENTER(ctx, dlerror, fake);
1622 char *res = REAL(dlerror)(fake);
1623 if (res)
1624 __msan_unpoison(a: res, size: internal_strlen(s: res) + 1);
1625 return res;
1626}
1627
1628typedef int (*dl_iterate_phdr_cb)(__sanitizer_dl_phdr_info *info, SIZE_T size,
1629 void *data);
1630struct dl_iterate_phdr_data {
1631 dl_iterate_phdr_cb callback;
1632 void *data;
1633};
1634
1635static int msan_dl_iterate_phdr_cb(__sanitizer_dl_phdr_info *info, SIZE_T size,
1636 void *data) {
1637 if (info) {
1638 __msan_unpoison(a: info, size);
1639 if (info->dlpi_phdr && info->dlpi_phnum)
1640 __msan_unpoison(a: info->dlpi_phdr, size: struct_ElfW_Phdr_sz * info->dlpi_phnum);
1641 if (info->dlpi_name)
1642 __msan_unpoison(a: info->dlpi_name, size: internal_strlen(s: info->dlpi_name) + 1);
1643 }
1644 dl_iterate_phdr_data *cbdata = (dl_iterate_phdr_data *)data;
1645 UnpoisonParam(n: 3);
1646 return cbdata->callback(info, size, cbdata->data);
1647}
1648
1649INTERCEPTOR(void *, shmat, int shmid, const void *shmaddr, int shmflg) {
1650 ENSURE_MSAN_INITED();
1651 void *p = REAL(shmat)(shmid, shmaddr, shmflg);
1652 if (p != (void *)-1) {
1653 __sanitizer_shmid_ds ds;
1654 int res = REAL(shmctl)(shmid, shmctl_ipc_stat, &ds);
1655 if (!res) {
1656 __msan_unpoison(a: p, size: ds.shm_segsz);
1657 }
1658 }
1659 return p;
1660}
1661
1662INTERCEPTOR(int, dl_iterate_phdr, dl_iterate_phdr_cb callback, void *data) {
1663 void *ctx;
1664 COMMON_INTERCEPTOR_ENTER(ctx, dl_iterate_phdr, callback, data);
1665 dl_iterate_phdr_data cbdata;
1666 cbdata.callback = callback;
1667 cbdata.data = data;
1668 int res = REAL(dl_iterate_phdr)(msan_dl_iterate_phdr_cb, (void *)&cbdata);
1669 return res;
1670}
1671
1672// wchar_t *wcschr(const wchar_t *wcs, wchar_t wc);
1673INTERCEPTOR(wchar_t *, wcschr, void *s, wchar_t wc, void *ps) {
1674 ENSURE_MSAN_INITED();
1675 wchar_t *res = REAL(wcschr)(s, wc, ps);
1676 return res;
1677}
1678
1679// wchar_t *wcscpy(wchar_t *dest, const wchar_t *src);
1680INTERCEPTOR(wchar_t *, wcscpy, wchar_t *dest, const wchar_t *src) {
1681 ENSURE_MSAN_INITED();
1682 GET_STORE_STACK_TRACE;
1683 wchar_t *res = REAL(wcscpy)(dest, src);
1684 CopyShadowAndOrigin(dst: dest, src, size: sizeof(wchar_t) * (internal_wcslen(s: src) + 1),
1685 stack: &stack);
1686 return res;
1687}
1688
1689INTERCEPTOR(wchar_t *, wcsncpy, wchar_t *dest, const wchar_t *src, SIZE_T n) {
1690 ENSURE_MSAN_INITED();
1691 GET_STORE_STACK_TRACE;
1692 SIZE_T copy_size = internal_wcsnlen(s: src, maxlen: n);
1693 if (copy_size < n) copy_size++; // trailing \0
1694 wchar_t *res = REAL(wcsncpy)(dest, src, n);
1695 CopyShadowAndOrigin(dst: dest, src, size: copy_size * sizeof(wchar_t), stack: &stack);
1696 __msan_unpoison(a: dest + copy_size, size: (n - copy_size) * sizeof(wchar_t));
1697 return res;
1698}
1699
1700// These interface functions reside here so that they can use
1701// REAL(memset), etc.
1702void __msan_unpoison(const void *a, uptr size) {
1703 if (!MEM_IS_APP(a)) return;
1704 SetShadow(ptr: a, size, value: 0);
1705}
1706
1707void __msan_poison(const void *a, uptr size) {
1708 if (!MEM_IS_APP(a)) return;
1709 SetShadow(ptr: a, size, value: __msan::flags()->poison_heap_with_zeroes ? 0 : -1);
1710}
1711
1712void __msan_poison_stack(void *a, uptr size) {
1713 if (!MEM_IS_APP(a)) return;
1714 SetShadow(ptr: a, size, value: __msan::flags()->poison_stack_with_zeroes ? 0 : -1);
1715}
1716
1717void __msan_unpoison_param(uptr n) { UnpoisonParam(n); }
1718
1719void __msan_clear_and_unpoison(void *a, uptr size) {
1720 REAL(memset)(a, 0, size);
1721 SetShadow(ptr: a, size, value: 0);
1722}
1723
1724void *__msan_memcpy(void *dest, const void *src, SIZE_T n) {
1725 if (!msan_inited) return internal_memcpy(dest, src, n);
1726 if (msan_init_is_running || __msan::IsInSymbolizerOrUnwider())
1727 return REAL(memcpy)(dest, src, n);
1728 ENSURE_MSAN_INITED();
1729 GET_STORE_STACK_TRACE;
1730 void *res = REAL(memcpy)(dest, src, n);
1731 CopyShadowAndOrigin(dst: dest, src, size: n, stack: &stack);
1732 return res;
1733}
1734
1735void *__msan_memset(void *s, int c, SIZE_T n) {
1736 if (!msan_inited) return internal_memset(s, c, n);
1737 if (msan_init_is_running) return REAL(memset)(s, c, n);
1738 ENSURE_MSAN_INITED();
1739 void *res = REAL(memset)(s, c, n);
1740 __msan_unpoison(a: s, size: n);
1741 return res;
1742}
1743
1744void *__msan_memmove(void *dest, const void *src, SIZE_T n) {
1745 if (!msan_inited) return internal_memmove(dest, src, n);
1746 if (msan_init_is_running) return REAL(memmove)(dest, src, n);
1747 ENSURE_MSAN_INITED();
1748 GET_STORE_STACK_TRACE;
1749 void *res = REAL(memmove)(dest, src, n);
1750 MoveShadowAndOrigin(dst: dest, src, size: n, stack: &stack);
1751 return res;
1752}
1753
1754void __msan_unpoison_string(const char* s) {
1755 if (!MEM_IS_APP(s)) return;
1756 __msan_unpoison(a: s, size: internal_strlen(s) + 1);
1757}
1758
1759namespace __msan {
1760
1761void InitializeInterceptors() {
1762 static int inited = 0;
1763 CHECK_EQ(inited, 0);
1764
1765 __interception::DoesNotSupportStaticLinking();
1766
1767 new(interceptor_ctx()) InterceptorContext();
1768
1769 InitializeCommonInterceptors();
1770 InitializeSignalInterceptors();
1771
1772 INTERCEPT_FUNCTION(posix_memalign);
1773 MSAN_MAYBE_INTERCEPT_MEMALIGN;
1774 MSAN_MAYBE_INTERCEPT___LIBC_MEMALIGN;
1775 INTERCEPT_FUNCTION(valloc);
1776 MSAN_MAYBE_INTERCEPT_PVALLOC;
1777 INTERCEPT_FUNCTION(malloc);
1778 INTERCEPT_FUNCTION(calloc);
1779 INTERCEPT_FUNCTION(realloc);
1780 INTERCEPT_FUNCTION(reallocarray);
1781 INTERCEPT_FUNCTION(free);
1782 MSAN_MAYBE_INTERCEPT_CFREE;
1783 MSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE;
1784 MSAN_MAYBE_INTERCEPT_MALLINFO;
1785 MSAN_MAYBE_INTERCEPT_MALLINFO2;
1786 MSAN_MAYBE_INTERCEPT_MALLOPT;
1787 MSAN_MAYBE_INTERCEPT_MALLOC_STATS;
1788 INTERCEPT_FUNCTION(fread);
1789 MSAN_MAYBE_INTERCEPT_FREAD_UNLOCKED;
1790 INTERCEPT_FUNCTION(memccpy);
1791 MSAN_MAYBE_INTERCEPT_MEMPCPY;
1792 INTERCEPT_FUNCTION(bcopy);
1793 INTERCEPT_FUNCTION(wmemset);
1794 INTERCEPT_FUNCTION(wmemcpy);
1795 MSAN_MAYBE_INTERCEPT_WMEMPCPY;
1796 INTERCEPT_FUNCTION(wmemmove);
1797 INTERCEPT_FUNCTION(strcpy);
1798 MSAN_MAYBE_INTERCEPT_STPCPY;
1799 MSAN_MAYBE_INTERCEPT_STPNCPY;
1800 INTERCEPT_FUNCTION(strdup);
1801 MSAN_MAYBE_INTERCEPT___STRDUP;
1802 INTERCEPT_FUNCTION(strncpy);
1803 MSAN_MAYBE_INTERCEPT_GCVT;
1804 INTERCEPT_FUNCTION(strcat);
1805 INTERCEPT_FUNCTION(strncat);
1806 INTERCEPT_STRTO(strtod);
1807 INTERCEPT_STRTO(strtof);
1808#ifdef SANITIZER_NLDBL_VERSION
1809 INTERCEPT_STRTO_VER(strtold, SANITIZER_NLDBL_VERSION);
1810#else
1811 INTERCEPT_STRTO(strtold);
1812#endif
1813 INTERCEPT_STRTO(strtol);
1814 INTERCEPT_STRTO(strtoul);
1815 INTERCEPT_STRTO(strtoll);
1816 INTERCEPT_STRTO(strtoull);
1817 INTERCEPT_STRTO(strtouq);
1818 INTERCEPT_STRTO(wcstod);
1819 INTERCEPT_STRTO(wcstof);
1820#ifdef SANITIZER_NLDBL_VERSION
1821 INTERCEPT_STRTO_VER(wcstold, SANITIZER_NLDBL_VERSION);
1822#else
1823 INTERCEPT_STRTO(wcstold);
1824#endif
1825 INTERCEPT_STRTO(wcstol);
1826 INTERCEPT_STRTO(wcstoul);
1827 INTERCEPT_STRTO(wcstoll);
1828 INTERCEPT_STRTO(wcstoull);
1829#if SANITIZER_GLIBC
1830 INTERCEPT_STRTO(__isoc23_strtod);
1831 INTERCEPT_STRTO(__isoc23_strtof);
1832 INTERCEPT_STRTO(__isoc23_strtold);
1833 INTERCEPT_STRTO(__isoc23_strtol);
1834 INTERCEPT_STRTO(__isoc23_strtoul);
1835 INTERCEPT_STRTO(__isoc23_strtoll);
1836 INTERCEPT_STRTO(__isoc23_strtoull);
1837 INTERCEPT_STRTO(__isoc23_strtouq);
1838 INTERCEPT_STRTO(__isoc23_wcstod);
1839 INTERCEPT_STRTO(__isoc23_wcstof);
1840 INTERCEPT_STRTO(__isoc23_wcstold);
1841 INTERCEPT_STRTO(__isoc23_wcstol);
1842 INTERCEPT_STRTO(__isoc23_wcstoul);
1843 INTERCEPT_STRTO(__isoc23_wcstoll);
1844 INTERCEPT_STRTO(__isoc23_wcstoull);
1845#endif
1846
1847#ifdef SANITIZER_NLDBL_VERSION
1848 INTERCEPT_FUNCTION_VER(vswprintf, SANITIZER_NLDBL_VERSION);
1849 INTERCEPT_FUNCTION_VER(swprintf, SANITIZER_NLDBL_VERSION);
1850#else
1851 INTERCEPT_FUNCTION(vswprintf);
1852 INTERCEPT_FUNCTION(swprintf);
1853#endif
1854 INTERCEPT_FUNCTION(strftime);
1855 INTERCEPT_FUNCTION(strftime_l);
1856 MSAN_MAYBE_INTERCEPT___STRFTIME_L;
1857 INTERCEPT_FUNCTION(wcsftime);
1858 INTERCEPT_FUNCTION(wcsftime_l);
1859 MSAN_MAYBE_INTERCEPT___WCSFTIME_L;
1860 INTERCEPT_FUNCTION(mbtowc);
1861 INTERCEPT_FUNCTION(mbrtowc);
1862 INTERCEPT_FUNCTION(wcslen);
1863 INTERCEPT_FUNCTION(wcsnlen);
1864 INTERCEPT_FUNCTION(wcschr);
1865 INTERCEPT_FUNCTION(wcscpy);
1866 INTERCEPT_FUNCTION(wcsncpy);
1867 INTERCEPT_FUNCTION(wcscmp);
1868 INTERCEPT_FUNCTION(getenv);
1869 INTERCEPT_FUNCTION(setenv);
1870 INTERCEPT_FUNCTION(putenv);
1871 INTERCEPT_FUNCTION(gettimeofday);
1872 MSAN_MAYBE_INTERCEPT_FCVT;
1873 MSAN_MAYBE_INTERCEPT_FSTAT;
1874 MSAN_MAYBE_INTERCEPT_FSTAT64;
1875 MSAN_MAYBE_INTERCEPT___FXSTAT;
1876 MSAN_MAYBE_INTERCEPT_FSTATAT;
1877 MSAN_MAYBE_INTERCEPT_FSTATAT64;
1878 MSAN_MAYBE_INTERCEPT___FXSTATAT;
1879 MSAN_MAYBE_INTERCEPT___FXSTAT64;
1880 MSAN_MAYBE_INTERCEPT___FXSTATAT64;
1881 INTERCEPT_FUNCTION(pipe);
1882 INTERCEPT_FUNCTION(pipe2);
1883 INTERCEPT_FUNCTION(socketpair);
1884 MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED;
1885 INTERCEPT_FUNCTION(getrlimit);
1886 MSAN_MAYBE_INTERCEPT___GETRLIMIT;
1887 MSAN_MAYBE_INTERCEPT_GETRLIMIT64;
1888 MSAN_MAYBE_INTERCEPT_PRLIMIT;
1889 MSAN_MAYBE_INTERCEPT_PRLIMIT64;
1890 INTERCEPT_FUNCTION(gethostname);
1891 MSAN_MAYBE_INTERCEPT_EPOLL_WAIT;
1892 MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT;
1893 INTERCEPT_FUNCTION(strsignal);
1894 INTERCEPT_FUNCTION(dladdr);
1895 MSAN_MAYBE_INTERCEPT_DLADDR1;
1896 INTERCEPT_FUNCTION(dlerror);
1897 INTERCEPT_FUNCTION(dl_iterate_phdr);
1898 INTERCEPT_FUNCTION(getrusage);
1899#if defined(__mips__)
1900 INTERCEPT_FUNCTION_VER(pthread_create, "GLIBC_2.2");
1901#else
1902 INTERCEPT_FUNCTION(pthread_create);
1903#endif
1904 INTERCEPT_FUNCTION(pthread_join);
1905 INTERCEPT_FUNCTION(pthread_key_create);
1906#if SANITIZER_GLIBC
1907 INTERCEPT_FUNCTION(pthread_tryjoin_np);
1908 INTERCEPT_FUNCTION(pthread_timedjoin_np);
1909#endif
1910
1911#if SANITIZER_NETBSD
1912 INTERCEPT_FUNCTION(__libc_thr_keycreate);
1913#endif
1914
1915 INTERCEPT_FUNCTION(pthread_join);
1916 INTERCEPT_FUNCTION(tzset);
1917 INTERCEPT_FUNCTION(atexit);
1918 INTERCEPT_FUNCTION(__cxa_atexit);
1919 INTERCEPT_FUNCTION(shmat);
1920 MSAN_MAYBE_INTERCEPT_OPENPTY;
1921 MSAN_MAYBE_INTERCEPT_FORKPTY;
1922
1923 inited = 1;
1924}
1925} // namespace __msan
1926