[llvm-dev] [ASan][Windows] Interceptor function type not compatible with intercepted function

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[llvm-dev] [ASan][Windows] Interceptor function type not compatible with intercepted function

Sudhindra kulkarni via llvm-dev
Hi,

I triggered a build failure on a Windows-sanitizer by making the sanity checking in `ASAN_INTERCEPT_FUNC` a bit stricter.
My best guess is that the type of the defined interceptor is not compatible (in C++ typing terms) with the “real” function.

This seems to be the case for the following 2 functions:

CreateThread “no conversion”:
From: 'DWORD  (__cdecl *)(void *               , __sanitizer::uptr, DWORD (__cdecl *)(void *), void *, DWORD, void * )'
To  : 'HANDLE (__cdecl *)(LPSECURITY_ATTRIBUTES, SIZE_T           , LPTHREAD_START_ROUTINE   , LPVOID, DWORD, LPDWORD)'

__C_specific_handler:
From: 'int                   (__cdecl *)(void *             , void *, void *    , void *               )'
To:   'EXCEPTION_DISPOSITION (__cdecl *)(_EXCEPTION_RECORD *, void *, _CONTEXT *, _DISPATCHER_CONTEXT *)'


Can someone on the Windows side take a quick look and revert my temporary fix?

Thanks!
Julian


Bot failure:

My temporary fix:




_______________________________________________
LLVM Developers mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
Reply | Threaded
Open this post in threaded view
|

Re: [llvm-dev] [ASan][Windows] Interceptor function type not compatible with intercepted function

Sudhindra kulkarni via llvm-dev
While I'm not an active LLVM dev at the moment, this piqued my interest.

It looks like the interceptor function is trying to return a DWORD from CreateThread, where it should be returning a HANDLE (which is basically a void*, something I've exploited in the past for statically checking resource leaks & handle misuse). The C specific handler looks like the same thing, returning int instead of EXCEPTION_DISPOSITION. I bet that'd fix it.

On Fri, Apr 26, 2019, 4:10 PM Julian Lettner via llvm-dev <[hidden email]> wrote:
Hi,

I triggered a build failure on a Windows-sanitizer by making the sanity checking in `ASAN_INTERCEPT_FUNC` a bit stricter.
My best guess is that the type of the defined interceptor is not compatible (in C++ typing terms) with the “real” function.

This seems to be the case for the following 2 functions:

CreateThread “no conversion”:
From: 'DWORD  (__cdecl *)(void *               , __sanitizer::uptr, DWORD (__cdecl *)(void *), void *, DWORD, void * )'
To  : 'HANDLE (__cdecl *)(LPSECURITY_ATTRIBUTES, SIZE_T           , LPTHREAD_START_ROUTINE   , LPVOID, DWORD, LPDWORD)'

__C_specific_handler:
From: 'int                   (__cdecl *)(void *             , void *, void *    , void *               )'
To:   'EXCEPTION_DISPOSITION (__cdecl *)(_EXCEPTION_RECORD *, void *, _CONTEXT *, _DISPATCHER_CONTEXT *)'


Can someone on the Windows side take a quick look and revert my temporary fix?

Thanks!
Julian


Bot failure:

My temporary fix:



_______________________________________________
LLVM Developers mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev

_______________________________________________
LLVM Developers mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
Reply | Threaded
Open this post in threaded view
|

Re: [llvm-dev] [ASan][Windows] Interceptor function type not compatible with intercepted function

Sudhindra kulkarni via llvm-dev
It looks like the parameters of the interceptors were written in more familiar/basic types rather than their official Windows formats. I've seen that done in another project to avoid pulling in some of the more obscure Windows headers, although that doesn't seem to be a problem here. Maybe it was done to avoid noisy casts in the interceptor body, I don't know. Ideally the fix is to "just" use the correct types, but maybe it's not that simple. Try it and see what happens.



On Fri, Apr 26, 2019 at 6:42 PM <Alexander G. Riccio> via llvm-dev <[hidden email]> wrote:
While I'm not an active LLVM dev at the moment, this piqued my interest.

It looks like the interceptor function is trying to return a DWORD from CreateThread, where it should be returning a HANDLE (which is basically a void*, something I've exploited in the past for statically checking resource leaks & handle misuse). The C specific handler looks like the same thing, returning int instead of EXCEPTION_DISPOSITION. I bet that'd fix it.

On Fri, Apr 26, 2019, 4:10 PM Julian Lettner via llvm-dev <[hidden email]> wrote:
Hi,

I triggered a build failure on a Windows-sanitizer by making the sanity checking in `ASAN_INTERCEPT_FUNC` a bit stricter.
My best guess is that the type of the defined interceptor is not compatible (in C++ typing terms) with the “real” function.

This seems to be the case for the following 2 functions:

CreateThread “no conversion”:
From: 'DWORD  (__cdecl *)(void *               , __sanitizer::uptr, DWORD (__cdecl *)(void *), void *, DWORD, void * )'
To  : 'HANDLE (__cdecl *)(LPSECURITY_ATTRIBUTES, SIZE_T           , LPTHREAD_START_ROUTINE   , LPVOID, DWORD, LPDWORD)'

__C_specific_handler:
From: 'int                   (__cdecl *)(void *             , void *, void *    , void *               )'
To:   'EXCEPTION_DISPOSITION (__cdecl *)(_EXCEPTION_RECORD *, void *, _CONTEXT *, _DISPATCHER_CONTEXT *)'


Can someone on the Windows side take a quick look and revert my temporary fix?

Thanks!
Julian


Bot failure:

My temporary fix:



_______________________________________________
LLVM Developers mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
_______________________________________________
LLVM Developers mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev

_______________________________________________
LLVM Developers mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
Reply | Threaded
Open this post in threaded view
|

Re: [llvm-dev] [ASan][Windows] Interceptor function type not compatible with intercepted function

Sudhindra kulkarni via llvm-dev
On Fri, Apr 26, 2019 at 4:14 PM David Major via llvm-dev <[hidden email]> wrote:
It looks like the parameters of the interceptors were written in more familiar/basic types rather than their official Windows formats. I've seen that done in another project to avoid pulling in some of the more obscure Windows headers, although that doesn't seem to be a problem here. Maybe it was done to avoid noisy casts in the interceptor body, I don't know. Ideally the fix is to "just" use the correct types, but maybe it's not that simple. Try it and see what happens.

I think we can get away with forward declaring the types as needed to avoid a hard dependency on windows.h.

It looks like this may have found a real bug, though, since the real CreateThread returns a full pointer (HANDLE) and ours appears to return DWORD, which is too small.

_______________________________________________
LLVM Developers mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev