llvm-project

Форк
0
/
ubsan_handlers.cpp 
960 строк · 33.9 Кб
1
//===-- ubsan_handlers.cpp ------------------------------------------------===//
2
//
3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4
// See https://llvm.org/LICENSE.txt for license information.
5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6
//
7
//===----------------------------------------------------------------------===//
8
//
9
// Error logging entry points for the UBSan runtime.
10
//
11
//===----------------------------------------------------------------------===//
12

13
#include "ubsan_platform.h"
14
#if CAN_SANITIZE_UB
15
#include "ubsan_handlers.h"
16
#include "ubsan_diag.h"
17
#include "ubsan_flags.h"
18
#include "ubsan_monitor.h"
19
#include "ubsan_value.h"
20

21
#include "sanitizer_common/sanitizer_common.h"
22

23
using namespace __sanitizer;
24
using namespace __ubsan;
25

26
namespace __ubsan {
27
bool ignoreReport(SourceLocation SLoc, ReportOptions Opts, ErrorType ET) {
28
  // We are not allowed to skip error report: if we are in unrecoverable
29
  // handler, we have to terminate the program right now, and therefore
30
  // have to print some diagnostic.
31
  //
32
  // Even if source location is disabled, it doesn't mean that we have
33
  // already report an error to the user: some concurrently running
34
  // thread could have acquired it, but not yet printed the report.
35
  if (Opts.FromUnrecoverableHandler)
36
    return false;
37
  return SLoc.isDisabled() || IsPCSuppressed(ET, Opts.pc, SLoc.getFilename());
38
}
39

40
/// Situations in which we might emit a check for the suitability of a
41
/// pointer or glvalue. Needs to be kept in sync with CodeGenFunction.h in
42
/// clang.
43
enum TypeCheckKind {
44
  /// Checking the operand of a load. Must be suitably sized and aligned.
45
  TCK_Load,
46
  /// Checking the destination of a store. Must be suitably sized and aligned.
47
  TCK_Store,
48
  /// Checking the bound value in a reference binding. Must be suitably sized
49
  /// and aligned, but is not required to refer to an object (until the
50
  /// reference is used), per core issue 453.
51
  TCK_ReferenceBinding,
52
  /// Checking the object expression in a non-static data member access. Must
53
  /// be an object within its lifetime.
54
  TCK_MemberAccess,
55
  /// Checking the 'this' pointer for a call to a non-static member function.
56
  /// Must be an object within its lifetime.
57
  TCK_MemberCall,
58
  /// Checking the 'this' pointer for a constructor call.
59
  TCK_ConstructorCall,
60
  /// Checking the operand of a static_cast to a derived pointer type. Must be
61
  /// null or an object within its lifetime.
62
  TCK_DowncastPointer,
63
  /// Checking the operand of a static_cast to a derived reference type. Must
64
  /// be an object within its lifetime.
65
  TCK_DowncastReference,
66
  /// Checking the operand of a cast to a base object. Must be suitably sized
67
  /// and aligned.
68
  TCK_Upcast,
69
  /// Checking the operand of a cast to a virtual base object. Must be an
70
  /// object within its lifetime.
71
  TCK_UpcastToVirtualBase,
72
  /// Checking the value assigned to a _Nonnull pointer. Must not be null.
73
  TCK_NonnullAssign,
74
  /// Checking the operand of a dynamic_cast or a typeid expression.  Must be
75
  /// null or an object within its lifetime.
76
  TCK_DynamicOperation
77
};
78

79
extern const char *const TypeCheckKinds[] = {
80
    "load of", "store to", "reference binding to", "member access within",
81
    "member call on", "constructor call on", "downcast of", "downcast of",
82
    "upcast of", "cast to virtual base of", "_Nonnull binding to",
83
    "dynamic operation on"};
84
}
85

86
static void handleTypeMismatchImpl(TypeMismatchData *Data, ValueHandle Pointer,
87
                                   ReportOptions Opts) {
88
  Location Loc = Data->Loc.acquire();
89

90
  uptr Alignment = (uptr)1 << Data->LogAlignment;
91
  ErrorType ET;
92
  if (!Pointer)
93
    ET = (Data->TypeCheckKind == TCK_NonnullAssign)
94
             ? ErrorType::NullPointerUseWithNullability
95
             : ErrorType::NullPointerUse;
96
  else if (Pointer & (Alignment - 1))
97
    ET = ErrorType::MisalignedPointerUse;
98
  else
99
    ET = ErrorType::InsufficientObjectSize;
100

101
  // Use the SourceLocation from Data to track deduplication, even if it's
102
  // invalid.
103
  if (ignoreReport(Loc.getSourceLocation(), Opts, ET))
104
    return;
105

106
  SymbolizedStackHolder FallbackLoc;
107
  if (Data->Loc.isInvalid()) {
108
    FallbackLoc.reset(getCallerLocation(Opts.pc));
109
    Loc = FallbackLoc;
110
  }
111

112
  ScopedReport R(Opts, Loc, ET);
113

114
  switch (ET) {
115
  case ErrorType::NullPointerUse:
116
  case ErrorType::NullPointerUseWithNullability:
117
    Diag(Loc, DL_Error, ET, "%0 null pointer of type %1")
118
        << TypeCheckKinds[Data->TypeCheckKind] << Data->Type;
119
    break;
120
  case ErrorType::MisalignedPointerUse:
121
    Diag(Loc, DL_Error, ET, "%0 misaligned address %1 for type %3, "
122
                        "which requires %2 byte alignment")
123
        << TypeCheckKinds[Data->TypeCheckKind] << (void *)Pointer << Alignment
124
        << Data->Type;
125
    break;
126
  case ErrorType::InsufficientObjectSize:
127
    Diag(Loc, DL_Error, ET, "%0 address %1 with insufficient space "
128
                        "for an object of type %2")
129
        << TypeCheckKinds[Data->TypeCheckKind] << (void *)Pointer << Data->Type;
130
    break;
131
  default:
132
    UNREACHABLE("unexpected error type!");
133
  }
134

135
  if (Pointer)
136
    Diag(Pointer, DL_Note, ET, "pointer points here");
137
}
138

139
void __ubsan::__ubsan_handle_type_mismatch_v1(TypeMismatchData *Data,
140
                                              ValueHandle Pointer) {
141
  GET_REPORT_OPTIONS(false);
142
  handleTypeMismatchImpl(Data, Pointer, Opts);
143
}
144
void __ubsan::__ubsan_handle_type_mismatch_v1_abort(TypeMismatchData *Data,
145
                                                    ValueHandle Pointer) {
146
  GET_REPORT_OPTIONS(true);
147
  handleTypeMismatchImpl(Data, Pointer, Opts);
148
  Die();
149
}
150

151
static void handleAlignmentAssumptionImpl(AlignmentAssumptionData *Data,
152
                                          ValueHandle Pointer,
153
                                          ValueHandle Alignment,
154
                                          ValueHandle Offset,
155
                                          ReportOptions Opts) {
156
  Location Loc = Data->Loc.acquire();
157
  SourceLocation AssumptionLoc = Data->AssumptionLoc.acquire();
158

159
  ErrorType ET = ErrorType::AlignmentAssumption;
160

161
  if (ignoreReport(Loc.getSourceLocation(), Opts, ET))
162
    return;
163

164
  ScopedReport R(Opts, Loc, ET);
165

166
  uptr RealPointer = Pointer - Offset;
167
  uptr LSB = LeastSignificantSetBitIndex(RealPointer);
168
  uptr ActualAlignment = uptr(1) << LSB;
169

170
  uptr Mask = Alignment - 1;
171
  uptr MisAlignmentOffset = RealPointer & Mask;
172

173
  if (!Offset) {
174
    Diag(Loc, DL_Error, ET,
175
         "assumption of %0 byte alignment for pointer of type %1 failed")
176
        << Alignment << Data->Type;
177
  } else {
178
    Diag(Loc, DL_Error, ET,
179
         "assumption of %0 byte alignment (with offset of %1 byte) for pointer "
180
         "of type %2 failed")
181
        << Alignment << Offset << Data->Type;
182
  }
183

184
  if (!AssumptionLoc.isInvalid())
185
    Diag(AssumptionLoc, DL_Note, ET, "alignment assumption was specified here");
186

187
  Diag(RealPointer, DL_Note, ET,
188
       "%0address is %1 aligned, misalignment offset is %2 bytes")
189
      << (Offset ? "offset " : "") << ActualAlignment << MisAlignmentOffset;
190
}
191

192
void __ubsan::__ubsan_handle_alignment_assumption(AlignmentAssumptionData *Data,
193
                                                  ValueHandle Pointer,
194
                                                  ValueHandle Alignment,
195
                                                  ValueHandle Offset) {
196
  GET_REPORT_OPTIONS(false);
197
  handleAlignmentAssumptionImpl(Data, Pointer, Alignment, Offset, Opts);
198
}
199
void __ubsan::__ubsan_handle_alignment_assumption_abort(
200
    AlignmentAssumptionData *Data, ValueHandle Pointer, ValueHandle Alignment,
201
    ValueHandle Offset) {
202
  GET_REPORT_OPTIONS(true);
203
  handleAlignmentAssumptionImpl(Data, Pointer, Alignment, Offset, Opts);
204
  Die();
205
}
206

207
/// \brief Common diagnostic emission for various forms of integer overflow.
208
template <typename T>
209
static void handleIntegerOverflowImpl(OverflowData *Data, ValueHandle LHS,
210
                                      const char *Operator, T RHS,
211
                                      ReportOptions Opts) {
212
  SourceLocation Loc = Data->Loc.acquire();
213
  bool IsSigned = Data->Type.isSignedIntegerTy();
214
  ErrorType ET = IsSigned ? ErrorType::SignedIntegerOverflow
215
                          : ErrorType::UnsignedIntegerOverflow;
216

217
  if (ignoreReport(Loc, Opts, ET))
218
    return;
219

220
  // If this is an unsigned overflow in non-fatal mode, potentially ignore it.
221
  if (!IsSigned && !Opts.FromUnrecoverableHandler &&
222
      flags()->silence_unsigned_overflow)
223
    return;
224

225
  ScopedReport R(Opts, Loc, ET);
226

227
  Diag(Loc, DL_Error, ET, "%0 integer overflow: "
228
                          "%1 %2 %3 cannot be represented in type %4")
229
      << (IsSigned ? "signed" : "unsigned") << Value(Data->Type, LHS)
230
      << Operator << RHS << Data->Type;
231
}
232

233
#define UBSAN_OVERFLOW_HANDLER(handler_name, op, unrecoverable)                \
234
  void __ubsan::handler_name(OverflowData *Data, ValueHandle LHS,              \
235
                             ValueHandle RHS) {                                \
236
    GET_REPORT_OPTIONS(unrecoverable);                                         \
237
    handleIntegerOverflowImpl(Data, LHS, op, Value(Data->Type, RHS), Opts);    \
238
    if (unrecoverable)                                                         \
239
      Die();                                                                   \
240
  }
241

242
UBSAN_OVERFLOW_HANDLER(__ubsan_handle_add_overflow, "+", false)
243
UBSAN_OVERFLOW_HANDLER(__ubsan_handle_add_overflow_abort, "+", true)
244
UBSAN_OVERFLOW_HANDLER(__ubsan_handle_sub_overflow, "-", false)
245
UBSAN_OVERFLOW_HANDLER(__ubsan_handle_sub_overflow_abort, "-", true)
246
UBSAN_OVERFLOW_HANDLER(__ubsan_handle_mul_overflow, "*", false)
247
UBSAN_OVERFLOW_HANDLER(__ubsan_handle_mul_overflow_abort, "*", true)
248

249
static void handleNegateOverflowImpl(OverflowData *Data, ValueHandle OldVal,
250
                                     ReportOptions Opts) {
251
  SourceLocation Loc = Data->Loc.acquire();
252
  bool IsSigned = Data->Type.isSignedIntegerTy();
253
  ErrorType ET = IsSigned ? ErrorType::SignedIntegerOverflow
254
                          : ErrorType::UnsignedIntegerOverflow;
255

256
  if (ignoreReport(Loc, Opts, ET))
257
    return;
258

259
  if (!IsSigned && flags()->silence_unsigned_overflow)
260
    return;
261

262
  ScopedReport R(Opts, Loc, ET);
263

264
  if (IsSigned)
265
    Diag(Loc, DL_Error, ET,
266
         "negation of %0 cannot be represented in type %1; "
267
         "cast to an unsigned type to negate this value to itself")
268
        << Value(Data->Type, OldVal) << Data->Type;
269
  else
270
    Diag(Loc, DL_Error, ET, "negation of %0 cannot be represented in type %1")
271
        << Value(Data->Type, OldVal) << Data->Type;
272
}
273

274
void __ubsan::__ubsan_handle_negate_overflow(OverflowData *Data,
275
                                             ValueHandle OldVal) {
276
  GET_REPORT_OPTIONS(false);
277
  handleNegateOverflowImpl(Data, OldVal, Opts);
278
}
279
void __ubsan::__ubsan_handle_negate_overflow_abort(OverflowData *Data,
280
                                                    ValueHandle OldVal) {
281
  GET_REPORT_OPTIONS(true);
282
  handleNegateOverflowImpl(Data, OldVal, Opts);
283
  Die();
284
}
285

286
static void handleDivremOverflowImpl(OverflowData *Data, ValueHandle LHS,
287
                                     ValueHandle RHS, ReportOptions Opts) {
288
  SourceLocation Loc = Data->Loc.acquire();
289
  Value LHSVal(Data->Type, LHS);
290
  Value RHSVal(Data->Type, RHS);
291

292
  ErrorType ET;
293
  if (RHSVal.isMinusOne())
294
    ET = ErrorType::SignedIntegerOverflow;
295
  else if (Data->Type.isIntegerTy())
296
    ET = ErrorType::IntegerDivideByZero;
297
  else
298
    ET = ErrorType::FloatDivideByZero;
299

300
  if (ignoreReport(Loc, Opts, ET))
301
    return;
302

303
  ScopedReport R(Opts, Loc, ET);
304

305
  switch (ET) {
306
  case ErrorType::SignedIntegerOverflow:
307
    Diag(Loc, DL_Error, ET,
308
         "division of %0 by -1 cannot be represented in type %1")
309
        << LHSVal << Data->Type;
310
    break;
311
  default:
312
    Diag(Loc, DL_Error, ET, "division by zero");
313
    break;
314
  }
315
}
316

317
void __ubsan::__ubsan_handle_divrem_overflow(OverflowData *Data,
318
                                             ValueHandle LHS, ValueHandle RHS) {
319
  GET_REPORT_OPTIONS(false);
320
  handleDivremOverflowImpl(Data, LHS, RHS, Opts);
321
}
322
void __ubsan::__ubsan_handle_divrem_overflow_abort(OverflowData *Data,
323
                                                    ValueHandle LHS,
324
                                                    ValueHandle RHS) {
325
  GET_REPORT_OPTIONS(true);
326
  handleDivremOverflowImpl(Data, LHS, RHS, Opts);
327
  Die();
328
}
329

330
static void handleShiftOutOfBoundsImpl(ShiftOutOfBoundsData *Data,
331
                                       ValueHandle LHS, ValueHandle RHS,
332
                                       ReportOptions Opts) {
333
  SourceLocation Loc = Data->Loc.acquire();
334
  Value LHSVal(Data->LHSType, LHS);
335
  Value RHSVal(Data->RHSType, RHS);
336

337
  ErrorType ET;
338
  if (RHSVal.isNegative() ||
339
      RHSVal.getPositiveIntValue() >= Data->LHSType.getIntegerBitWidth())
340
    ET = ErrorType::InvalidShiftExponent;
341
  else
342
    ET = ErrorType::InvalidShiftBase;
343

344
  if (ignoreReport(Loc, Opts, ET))
345
    return;
346

347
  ScopedReport R(Opts, Loc, ET);
348

349
  if (ET == ErrorType::InvalidShiftExponent) {
350
    if (RHSVal.isNegative())
351
      Diag(Loc, DL_Error, ET, "shift exponent %0 is negative") << RHSVal;
352
    else
353
      Diag(Loc, DL_Error, ET,
354
           "shift exponent %0 is too large for %1-bit type %2")
355
          << RHSVal << Data->LHSType.getIntegerBitWidth() << Data->LHSType;
356
  } else {
357
    if (LHSVal.isNegative())
358
      Diag(Loc, DL_Error, ET, "left shift of negative value %0") << LHSVal;
359
    else
360
      Diag(Loc, DL_Error, ET,
361
           "left shift of %0 by %1 places cannot be represented in type %2")
362
          << LHSVal << RHSVal << Data->LHSType;
363
  }
364
}
365

366
void __ubsan::__ubsan_handle_shift_out_of_bounds(ShiftOutOfBoundsData *Data,
367
                                                 ValueHandle LHS,
368
                                                 ValueHandle RHS) {
369
  GET_REPORT_OPTIONS(false);
370
  handleShiftOutOfBoundsImpl(Data, LHS, RHS, Opts);
371
}
372
void __ubsan::__ubsan_handle_shift_out_of_bounds_abort(
373
                                                     ShiftOutOfBoundsData *Data,
374
                                                     ValueHandle LHS,
375
                                                     ValueHandle RHS) {
376
  GET_REPORT_OPTIONS(true);
377
  handleShiftOutOfBoundsImpl(Data, LHS, RHS, Opts);
378
  Die();
379
}
380

381
static void handleOutOfBoundsImpl(OutOfBoundsData *Data, ValueHandle Index,
382
                                  ReportOptions Opts) {
383
  SourceLocation Loc = Data->Loc.acquire();
384
  ErrorType ET = ErrorType::OutOfBoundsIndex;
385

386
  if (ignoreReport(Loc, Opts, ET))
387
    return;
388

389
  ScopedReport R(Opts, Loc, ET);
390

391
  Value IndexVal(Data->IndexType, Index);
392
  Diag(Loc, DL_Error, ET, "index %0 out of bounds for type %1")
393
    << IndexVal << Data->ArrayType;
394
}
395

396
void __ubsan::__ubsan_handle_out_of_bounds(OutOfBoundsData *Data,
397
                                           ValueHandle Index) {
398
  GET_REPORT_OPTIONS(false);
399
  handleOutOfBoundsImpl(Data, Index, Opts);
400
}
401
void __ubsan::__ubsan_handle_out_of_bounds_abort(OutOfBoundsData *Data,
402
                                                 ValueHandle Index) {
403
  GET_REPORT_OPTIONS(true);
404
  handleOutOfBoundsImpl(Data, Index, Opts);
405
  Die();
406
}
407

408
static void handleBuiltinUnreachableImpl(UnreachableData *Data,
409
                                         ReportOptions Opts) {
410
  ErrorType ET = ErrorType::UnreachableCall;
411
  ScopedReport R(Opts, Data->Loc, ET);
412
  Diag(Data->Loc, DL_Error, ET,
413
       "execution reached an unreachable program point");
414
}
415

416
void __ubsan::__ubsan_handle_builtin_unreachable(UnreachableData *Data) {
417
  GET_REPORT_OPTIONS(true);
418
  handleBuiltinUnreachableImpl(Data, Opts);
419
  Die();
420
}
421

422
static void handleMissingReturnImpl(UnreachableData *Data, ReportOptions Opts) {
423
  ErrorType ET = ErrorType::MissingReturn;
424
  ScopedReport R(Opts, Data->Loc, ET);
425
  Diag(Data->Loc, DL_Error, ET,
426
       "execution reached the end of a value-returning function "
427
       "without returning a value");
428
}
429

430
void __ubsan::__ubsan_handle_missing_return(UnreachableData *Data) {
431
  GET_REPORT_OPTIONS(true);
432
  handleMissingReturnImpl(Data, Opts);
433
  Die();
434
}
435

436
static void handleVLABoundNotPositive(VLABoundData *Data, ValueHandle Bound,
437
                                      ReportOptions Opts) {
438
  SourceLocation Loc = Data->Loc.acquire();
439
  ErrorType ET = ErrorType::NonPositiveVLAIndex;
440

441
  if (ignoreReport(Loc, Opts, ET))
442
    return;
443

444
  ScopedReport R(Opts, Loc, ET);
445

446
  Diag(Loc, DL_Error, ET, "variable length array bound evaluates to "
447
                          "non-positive value %0")
448
      << Value(Data->Type, Bound);
449
}
450

451
void __ubsan::__ubsan_handle_vla_bound_not_positive(VLABoundData *Data,
452
                                                    ValueHandle Bound) {
453
  GET_REPORT_OPTIONS(false);
454
  handleVLABoundNotPositive(Data, Bound, Opts);
455
}
456
void __ubsan::__ubsan_handle_vla_bound_not_positive_abort(VLABoundData *Data,
457
                                                          ValueHandle Bound) {
458
  GET_REPORT_OPTIONS(true);
459
  handleVLABoundNotPositive(Data, Bound, Opts);
460
  Die();
461
}
462

463
static bool looksLikeFloatCastOverflowDataV1(void *Data) {
464
  // First field is either a pointer to filename or a pointer to a
465
  // TypeDescriptor.
466
  u8 *FilenameOrTypeDescriptor;
467
  internal_memcpy(&FilenameOrTypeDescriptor, Data,
468
                  sizeof(FilenameOrTypeDescriptor));
469

470
  // Heuristic: For float_cast_overflow, the TypeKind will be either TK_Integer
471
  // (0x0), TK_Float (0x1) or TK_Unknown (0xff). If both types are known,
472
  // adding both bytes will be 0 or 1 (for BE or LE). If it were a filename,
473
  // adding two printable characters will not yield such a value. Otherwise,
474
  // if one of them is 0xff, this is most likely TK_Unknown type descriptor.
475
  u16 MaybeFromTypeKind =
476
      FilenameOrTypeDescriptor[0] + FilenameOrTypeDescriptor[1];
477
  return MaybeFromTypeKind < 2 || FilenameOrTypeDescriptor[0] == 0xff ||
478
         FilenameOrTypeDescriptor[1] == 0xff;
479
}
480

481
static void handleFloatCastOverflow(void *DataPtr, ValueHandle From,
482
                                    ReportOptions Opts) {
483
  SymbolizedStackHolder CallerLoc;
484
  Location Loc;
485
  const TypeDescriptor *FromType, *ToType;
486
  ErrorType ET = ErrorType::FloatCastOverflow;
487

488
  if (looksLikeFloatCastOverflowDataV1(DataPtr)) {
489
    auto Data = reinterpret_cast<FloatCastOverflowData *>(DataPtr);
490
    CallerLoc.reset(getCallerLocation(Opts.pc));
491
    Loc = CallerLoc;
492
    FromType = &Data->FromType;
493
    ToType = &Data->ToType;
494
  } else {
495
    auto Data = reinterpret_cast<FloatCastOverflowDataV2 *>(DataPtr);
496
    SourceLocation SLoc = Data->Loc.acquire();
497
    if (ignoreReport(SLoc, Opts, ET))
498
      return;
499
    Loc = SLoc;
500
    FromType = &Data->FromType;
501
    ToType = &Data->ToType;
502
  }
503

504
  ScopedReport R(Opts, Loc, ET);
505

506
  Diag(Loc, DL_Error, ET,
507
       "%0 is outside the range of representable values of type %2")
508
      << Value(*FromType, From) << *FromType << *ToType;
509
}
510

511
void __ubsan::__ubsan_handle_float_cast_overflow(void *Data, ValueHandle From) {
512
  GET_REPORT_OPTIONS(false);
513
  handleFloatCastOverflow(Data, From, Opts);
514
}
515
void __ubsan::__ubsan_handle_float_cast_overflow_abort(void *Data,
516
                                                       ValueHandle From) {
517
  GET_REPORT_OPTIONS(true);
518
  handleFloatCastOverflow(Data, From, Opts);
519
  Die();
520
}
521

522
static void handleLoadInvalidValue(InvalidValueData *Data, ValueHandle Val,
523
                                   ReportOptions Opts) {
524
  SourceLocation Loc = Data->Loc.acquire();
525
  // This check could be more precise if we used different handlers for
526
  // -fsanitize=bool and -fsanitize=enum.
527
  bool IsBool = (0 == internal_strcmp(Data->Type.getTypeName(), "'bool'")) ||
528
                (0 == internal_strncmp(Data->Type.getTypeName(), "'BOOL'", 6));
529
  ErrorType ET =
530
      IsBool ? ErrorType::InvalidBoolLoad : ErrorType::InvalidEnumLoad;
531

532
  if (ignoreReport(Loc, Opts, ET))
533
    return;
534

535
  ScopedReport R(Opts, Loc, ET);
536

537
  Diag(Loc, DL_Error, ET,
538
       "load of value %0, which is not a valid value for type %1")
539
      << Value(Data->Type, Val) << Data->Type;
540
}
541

542
void __ubsan::__ubsan_handle_load_invalid_value(InvalidValueData *Data,
543
                                                ValueHandle Val) {
544
  GET_REPORT_OPTIONS(false);
545
  handleLoadInvalidValue(Data, Val, Opts);
546
}
547
void __ubsan::__ubsan_handle_load_invalid_value_abort(InvalidValueData *Data,
548
                                                      ValueHandle Val) {
549
  GET_REPORT_OPTIONS(true);
550
  handleLoadInvalidValue(Data, Val, Opts);
551
  Die();
552
}
553

554
static void handleImplicitConversion(ImplicitConversionData *Data,
555
                                     ReportOptions Opts, ValueHandle Src,
556
                                     ValueHandle Dst) {
557
  SourceLocation Loc = Data->Loc.acquire();
558
  const TypeDescriptor &SrcTy = Data->FromType;
559
  const TypeDescriptor &DstTy = Data->ToType;
560
  bool SrcSigned = SrcTy.isSignedIntegerTy();
561
  bool DstSigned = DstTy.isSignedIntegerTy();
562
  ErrorType ET = ErrorType::GenericUB;
563

564
  switch (Data->Kind) {
565
  case ICCK_IntegerTruncation: { // Legacy, no longer used.
566
    // Let's figure out what it should be as per the new types, and upgrade.
567
    // If both types are unsigned, then it's an unsigned truncation.
568
    // Else, it is a signed truncation.
569
    if (!SrcSigned && !DstSigned) {
570
      ET = ErrorType::ImplicitUnsignedIntegerTruncation;
571
    } else {
572
      ET = ErrorType::ImplicitSignedIntegerTruncation;
573
    }
574
    break;
575
  }
576
  case ICCK_UnsignedIntegerTruncation:
577
    ET = ErrorType::ImplicitUnsignedIntegerTruncation;
578
    break;
579
  case ICCK_SignedIntegerTruncation:
580
    ET = ErrorType::ImplicitSignedIntegerTruncation;
581
    break;
582
  case ICCK_IntegerSignChange:
583
    ET = ErrorType::ImplicitIntegerSignChange;
584
    break;
585
  case ICCK_SignedIntegerTruncationOrSignChange:
586
    ET = ErrorType::ImplicitSignedIntegerTruncationOrSignChange;
587
    break;
588
  }
589

590
  if (ignoreReport(Loc, Opts, ET))
591
    return;
592

593
  ScopedReport R(Opts, Loc, ET);
594

595
  // In the case we have a bitfield, we want to explicitly say so in the
596
  // error message.
597
  // FIXME: is it possible to dump the values as hex with fixed width?
598
  if (Data->BitfieldBits)
599
    Diag(Loc, DL_Error, ET,
600
         "implicit conversion from type %0 of value %1 (%2-bit, %3signed) to "
601
         "type %4 changed the value to %5 (%6-bit bitfield, %7signed)")
602
        << SrcTy << Value(SrcTy, Src) << SrcTy.getIntegerBitWidth()
603
        << (SrcSigned ? "" : "un") << DstTy << Value(DstTy, Dst)
604
        << Data->BitfieldBits << (DstSigned ? "" : "un");
605
  else
606
    Diag(Loc, DL_Error, ET,
607
         "implicit conversion from type %0 of value %1 (%2-bit, %3signed) to "
608
         "type %4 changed the value to %5 (%6-bit, %7signed)")
609
        << SrcTy << Value(SrcTy, Src) << SrcTy.getIntegerBitWidth()
610
        << (SrcSigned ? "" : "un") << DstTy << Value(DstTy, Dst)
611
        << DstTy.getIntegerBitWidth() << (DstSigned ? "" : "un");
612
}
613

614
void __ubsan::__ubsan_handle_implicit_conversion(ImplicitConversionData *Data,
615
                                                 ValueHandle Src,
616
                                                 ValueHandle Dst) {
617
  GET_REPORT_OPTIONS(false);
618
  handleImplicitConversion(Data, Opts, Src, Dst);
619
}
620
void __ubsan::__ubsan_handle_implicit_conversion_abort(
621
    ImplicitConversionData *Data, ValueHandle Src, ValueHandle Dst) {
622
  GET_REPORT_OPTIONS(true);
623
  handleImplicitConversion(Data, Opts, Src, Dst);
624
  Die();
625
}
626

627
static void handleInvalidBuiltin(InvalidBuiltinData *Data, ReportOptions Opts) {
628
  SourceLocation Loc = Data->Loc.acquire();
629
  ErrorType ET = ErrorType::InvalidBuiltin;
630

631
  if (ignoreReport(Loc, Opts, ET))
632
    return;
633

634
  ScopedReport R(Opts, Loc, ET);
635

636
  Diag(Loc, DL_Error, ET,
637
       "passing zero to %0, which is not a valid argument")
638
    << ((Data->Kind == BCK_CTZPassedZero) ? "ctz()" : "clz()");
639
}
640

641
void __ubsan::__ubsan_handle_invalid_builtin(InvalidBuiltinData *Data) {
642
  GET_REPORT_OPTIONS(true);
643
  handleInvalidBuiltin(Data, Opts);
644
}
645
void __ubsan::__ubsan_handle_invalid_builtin_abort(InvalidBuiltinData *Data) {
646
  GET_REPORT_OPTIONS(true);
647
  handleInvalidBuiltin(Data, Opts);
648
  Die();
649
}
650

651
static void handleInvalidObjCCast(InvalidObjCCast *Data, ValueHandle Pointer,
652
                                  ReportOptions Opts) {
653
  SourceLocation Loc = Data->Loc.acquire();
654
  ErrorType ET = ErrorType::InvalidObjCCast;
655

656
  if (ignoreReport(Loc, Opts, ET))
657
    return;
658

659
  ScopedReport R(Opts, Loc, ET);
660

661
  const char *GivenClass = getObjCClassName(Pointer);
662
  const char *GivenClassStr = GivenClass ? GivenClass : "<unknown type>";
663

664
  Diag(Loc, DL_Error, ET,
665
       "invalid ObjC cast, object is a '%0', but expected a %1")
666
      << GivenClassStr << Data->ExpectedType;
667
}
668

669
void __ubsan::__ubsan_handle_invalid_objc_cast(InvalidObjCCast *Data,
670
                                               ValueHandle Pointer) {
671
  GET_REPORT_OPTIONS(false);
672
  handleInvalidObjCCast(Data, Pointer, Opts);
673
}
674
void __ubsan::__ubsan_handle_invalid_objc_cast_abort(InvalidObjCCast *Data,
675
                                                     ValueHandle Pointer) {
676
  GET_REPORT_OPTIONS(true);
677
  handleInvalidObjCCast(Data, Pointer, Opts);
678
  Die();
679
}
680

681
static void handleNonNullReturn(NonNullReturnData *Data, SourceLocation *LocPtr,
682
                                ReportOptions Opts, bool IsAttr) {
683
  if (!LocPtr)
684
    UNREACHABLE("source location pointer is null!");
685

686
  SourceLocation Loc = LocPtr->acquire();
687
  ErrorType ET = IsAttr ? ErrorType::InvalidNullReturn
688
                        : ErrorType::InvalidNullReturnWithNullability;
689

690
  if (ignoreReport(Loc, Opts, ET))
691
    return;
692

693
  ScopedReport R(Opts, Loc, ET);
694

695
  Diag(Loc, DL_Error, ET,
696
       "null pointer returned from function declared to never return null");
697
  if (!Data->AttrLoc.isInvalid())
698
    Diag(Data->AttrLoc, DL_Note, ET, "%0 specified here")
699
        << (IsAttr ? "returns_nonnull attribute"
700
                   : "_Nonnull return type annotation");
701
}
702

703
void __ubsan::__ubsan_handle_nonnull_return_v1(NonNullReturnData *Data,
704
                                               SourceLocation *LocPtr) {
705
  GET_REPORT_OPTIONS(false);
706
  handleNonNullReturn(Data, LocPtr, Opts, true);
707
}
708

709
void __ubsan::__ubsan_handle_nonnull_return_v1_abort(NonNullReturnData *Data,
710
                                                     SourceLocation *LocPtr) {
711
  GET_REPORT_OPTIONS(true);
712
  handleNonNullReturn(Data, LocPtr, Opts, true);
713
  Die();
714
}
715

716
void __ubsan::__ubsan_handle_nullability_return_v1(NonNullReturnData *Data,
717
                                                   SourceLocation *LocPtr) {
718
  GET_REPORT_OPTIONS(false);
719
  handleNonNullReturn(Data, LocPtr, Opts, false);
720
}
721

722
void __ubsan::__ubsan_handle_nullability_return_v1_abort(
723
    NonNullReturnData *Data, SourceLocation *LocPtr) {
724
  GET_REPORT_OPTIONS(true);
725
  handleNonNullReturn(Data, LocPtr, Opts, false);
726
  Die();
727
}
728

729
static void handleNonNullArg(NonNullArgData *Data, ReportOptions Opts,
730
                             bool IsAttr) {
731
  SourceLocation Loc = Data->Loc.acquire();
732
  ErrorType ET = IsAttr ? ErrorType::InvalidNullArgument
733
                        : ErrorType::InvalidNullArgumentWithNullability;
734

735
  if (ignoreReport(Loc, Opts, ET))
736
    return;
737

738
  ScopedReport R(Opts, Loc, ET);
739

740
  Diag(Loc, DL_Error, ET,
741
       "null pointer passed as argument %0, which is declared to "
742
       "never be null")
743
      << Data->ArgIndex;
744
  if (!Data->AttrLoc.isInvalid())
745
    Diag(Data->AttrLoc, DL_Note, ET, "%0 specified here")
746
        << (IsAttr ? "nonnull attribute" : "_Nonnull type annotation");
747
}
748

749
void __ubsan::__ubsan_handle_nonnull_arg(NonNullArgData *Data) {
750
  GET_REPORT_OPTIONS(false);
751
  handleNonNullArg(Data, Opts, true);
752
}
753

754
void __ubsan::__ubsan_handle_nonnull_arg_abort(NonNullArgData *Data) {
755
  GET_REPORT_OPTIONS(true);
756
  handleNonNullArg(Data, Opts, true);
757
  Die();
758
}
759

760
void __ubsan::__ubsan_handle_nullability_arg(NonNullArgData *Data) {
761
  GET_REPORT_OPTIONS(false);
762
  handleNonNullArg(Data, Opts, false);
763
}
764

765
void __ubsan::__ubsan_handle_nullability_arg_abort(NonNullArgData *Data) {
766
  GET_REPORT_OPTIONS(true);
767
  handleNonNullArg(Data, Opts, false);
768
  Die();
769
}
770

771
static void handlePointerOverflowImpl(PointerOverflowData *Data,
772
                                      ValueHandle Base,
773
                                      ValueHandle Result,
774
                                      ReportOptions Opts) {
775
  SourceLocation Loc = Data->Loc.acquire();
776
  ErrorType ET;
777

778
  if (Base == 0 && Result == 0)
779
    ET = ErrorType::NullptrWithOffset;
780
  else if (Base == 0 && Result != 0)
781
    ET = ErrorType::NullptrWithNonZeroOffset;
782
  else if (Base != 0 && Result == 0)
783
    ET = ErrorType::NullptrAfterNonZeroOffset;
784
  else
785
    ET = ErrorType::PointerOverflow;
786

787
  if (ignoreReport(Loc, Opts, ET))
788
    return;
789

790
  ScopedReport R(Opts, Loc, ET);
791

792
  if (ET == ErrorType::NullptrWithOffset) {
793
    Diag(Loc, DL_Error, ET, "applying zero offset to null pointer");
794
  } else if (ET == ErrorType::NullptrWithNonZeroOffset) {
795
    Diag(Loc, DL_Error, ET, "applying non-zero offset %0 to null pointer")
796
        << Result;
797
  } else if (ET == ErrorType::NullptrAfterNonZeroOffset) {
798
    Diag(
799
        Loc, DL_Error, ET,
800
        "applying non-zero offset to non-null pointer %0 produced null pointer")
801
        << (void *)Base;
802
  } else if ((sptr(Base) >= 0) == (sptr(Result) >= 0)) {
803
    if (Base > Result)
804
      Diag(Loc, DL_Error, ET,
805
           "addition of unsigned offset to %0 overflowed to %1")
806
          << (void *)Base << (void *)Result;
807
    else
808
      Diag(Loc, DL_Error, ET,
809
           "subtraction of unsigned offset from %0 overflowed to %1")
810
          << (void *)Base << (void *)Result;
811
  } else {
812
    Diag(Loc, DL_Error, ET,
813
         "pointer index expression with base %0 overflowed to %1")
814
        << (void *)Base << (void *)Result;
815
  }
816
}
817

818
void __ubsan::__ubsan_handle_pointer_overflow(PointerOverflowData *Data,
819
                                              ValueHandle Base,
820
                                              ValueHandle Result) {
821
  GET_REPORT_OPTIONS(false);
822
  handlePointerOverflowImpl(Data, Base, Result, Opts);
823
}
824

825
void __ubsan::__ubsan_handle_pointer_overflow_abort(PointerOverflowData *Data,
826
                                                    ValueHandle Base,
827
                                                    ValueHandle Result) {
828
  GET_REPORT_OPTIONS(true);
829
  handlePointerOverflowImpl(Data, Base, Result, Opts);
830
  Die();
831
}
832

833
static void handleCFIBadIcall(CFICheckFailData *Data, ValueHandle Function,
834
                              ReportOptions Opts) {
835
  if (Data->CheckKind != CFITCK_ICall && Data->CheckKind != CFITCK_NVMFCall)
836
    Die();
837

838
  SourceLocation Loc = Data->Loc.acquire();
839
  ErrorType ET = ErrorType::CFIBadType;
840

841
  if (ignoreReport(Loc, Opts, ET))
842
    return;
843

844
  ScopedReport R(Opts, Loc, ET);
845

846
  const char *CheckKindStr = Data->CheckKind == CFITCK_NVMFCall
847
                                 ? "non-virtual pointer to member function call"
848
                                 : "indirect function call";
849
  Diag(Loc, DL_Error, ET,
850
       "control flow integrity check for type %0 failed during %1")
851
      << Data->Type << CheckKindStr;
852

853
  SymbolizedStackHolder FLoc(getSymbolizedLocation(Function));
854
  const char *FName = FLoc.get()->info.function;
855
  if (!FName)
856
    FName = "(unknown)";
857
  Diag(FLoc, DL_Note, ET, "%0 defined here") << FName;
858

859
  // If the failure involved different DSOs for the check location and icall
860
  // target, report the DSO names.
861
  const char *DstModule = FLoc.get()->info.module;
862
  if (!DstModule)
863
    DstModule = "(unknown)";
864

865
  const char *SrcModule = Symbolizer::GetOrInit()->GetModuleNameForPc(Opts.pc);
866
  if (!SrcModule)
867
    SrcModule = "(unknown)";
868

869
  if (internal_strcmp(SrcModule, DstModule))
870
    Diag(Loc, DL_Note, ET,
871
         "check failed in %0, destination function located in %1")
872
        << SrcModule << DstModule;
873
}
874

875
namespace __ubsan {
876

877
#ifdef UBSAN_CAN_USE_CXXABI
878

879
#ifdef _WIN32
880

881
extern "C" void __ubsan_handle_cfi_bad_type_default(CFICheckFailData *Data,
882
                                                    ValueHandle Vtable,
883
                                                    bool ValidVtable,
884
                                                    ReportOptions Opts) {
885
  Die();
886
}
887

888
WIN_WEAK_ALIAS(__ubsan_handle_cfi_bad_type, __ubsan_handle_cfi_bad_type_default)
889
#else
890
SANITIZER_WEAK_ATTRIBUTE
891
#endif
892
void __ubsan_handle_cfi_bad_type(CFICheckFailData *Data, ValueHandle Vtable,
893
                                 bool ValidVtable, ReportOptions Opts);
894

895
#else
896
void __ubsan_handle_cfi_bad_type(CFICheckFailData *Data, ValueHandle Vtable,
897
                                 bool ValidVtable, ReportOptions Opts) {
898
  Die();
899
}
900
#endif
901

902
}  // namespace __ubsan
903

904
void __ubsan::__ubsan_handle_cfi_check_fail(CFICheckFailData *Data,
905
                                            ValueHandle Value,
906
                                            uptr ValidVtable) {
907
  GET_REPORT_OPTIONS(false);
908
  if (Data->CheckKind == CFITCK_ICall || Data->CheckKind == CFITCK_NVMFCall)
909
    handleCFIBadIcall(Data, Value, Opts);
910
  else
911
    __ubsan_handle_cfi_bad_type(Data, Value, ValidVtable, Opts);
912
}
913

914
void __ubsan::__ubsan_handle_cfi_check_fail_abort(CFICheckFailData *Data,
915
                                                  ValueHandle Value,
916
                                                  uptr ValidVtable) {
917
  GET_REPORT_OPTIONS(true);
918
  if (Data->CheckKind == CFITCK_ICall || Data->CheckKind == CFITCK_NVMFCall)
919
    handleCFIBadIcall(Data, Value, Opts);
920
  else
921
    __ubsan_handle_cfi_bad_type(Data, Value, ValidVtable, Opts);
922
  Die();
923
}
924

925
static bool handleFunctionTypeMismatch(FunctionTypeMismatchData *Data,
926
                                       ValueHandle Function,
927
                                       ReportOptions Opts) {
928
  SourceLocation CallLoc = Data->Loc.acquire();
929
  ErrorType ET = ErrorType::FunctionTypeMismatch;
930
  if (ignoreReport(CallLoc, Opts, ET))
931
    return true;
932

933
  ScopedReport R(Opts, CallLoc, ET);
934

935
  SymbolizedStackHolder FLoc(getSymbolizedLocation(Function));
936
  const char *FName = FLoc.get()->info.function;
937
  if (!FName)
938
    FName = "(unknown)";
939

940
  Diag(CallLoc, DL_Error, ET,
941
       "call to function %0 through pointer to incorrect function type %1")
942
      << FName << Data->Type;
943
  Diag(FLoc, DL_Note, ET, "%0 defined here") << FName;
944
  return true;
945
}
946

947
void __ubsan::__ubsan_handle_function_type_mismatch(
948
    FunctionTypeMismatchData *Data, ValueHandle Function) {
949
  GET_REPORT_OPTIONS(false);
950
  handleFunctionTypeMismatch(Data, Function, Opts);
951
}
952

953
void __ubsan::__ubsan_handle_function_type_mismatch_abort(
954
    FunctionTypeMismatchData *Data, ValueHandle Function) {
955
  GET_REPORT_OPTIONS(true);
956
  if (handleFunctionTypeMismatch(Data, Function, Opts))
957
    Die();
958
}
959

960
#endif  // CAN_SANITIZE_UB
961

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.