Skip to content

Commit f4cd21c

Browse files
sthibaulsthibaul
committed
[sanitizer] Fix sanitizing glob_t when flags contain GLOB_DOOFFS
e.g. glob_t g; memset(&g, 0, sizeof(g); g.gl_offs = 1; glob("*", GLOB_DOOFFS, NULL, &g); will reserve one NULL entry at the beginning of g.gl_pathv, in addition to the gl.gl_pathc results.
1 parent e278e1b commit f4cd21c

File tree

1 file changed

+11
-6
lines changed

1 file changed

+11
-6
lines changed

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2409,13 +2409,18 @@ INTERCEPTOR(int, timespec_get, struct __sanitizer_timespec *ts, int base) {
24092409
#endif
24102410

24112411
#if SANITIZER_INTERCEPT_GLOB
2412-
static void unpoison_glob_t(void *ctx, __sanitizer_glob_t *pglob) {
2412+
static void unpoison_glob_t(void *ctx, int flags, __sanitizer_glob_t *pglob) {
2413+
SIZE_T offs;
24132414
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, pglob, sizeof(*pglob));
2415+
if (flags & GLOB_DOOFFS)
2416+
offs = pglob->gl_offs;
2417+
else
2418+
offs = 0;
24142419
// +1 for NULL pointer at the end.
24152420
if (pglob->gl_pathv)
24162421
COMMON_INTERCEPTOR_WRITE_RANGE(
2417-
ctx, pglob->gl_pathv, (pglob->gl_pathc + 1) * sizeof(*pglob->gl_pathv));
2418-
for (SIZE_T i = 0; i < pglob->gl_pathc; ++i) {
2422+
ctx, pglob->gl_pathv, (offs + pglob->gl_pathc + 1) * sizeof(*pglob->gl_pathv));
2423+
for (SIZE_T i = offs; i < offs + pglob->gl_pathc; ++i) {
24192424
char *p = pglob->gl_pathv[i];
24202425
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, p, internal_strlen(p) + 1);
24212426
}
@@ -2429,7 +2434,7 @@ INTERCEPTOR(int, glob, const char *pattern, int flags,
24292434
COMMON_INTERCEPTOR_ENTER(ctx, glob, pattern, flags, errfunc, pglob);
24302435
COMMON_INTERCEPTOR_READ_STRING(ctx, pattern, 0);
24312436
int res = REAL(glob)(pattern, flags, errfunc, pglob);
2432-
if ((!res || res == glob_nomatch) && pglob) unpoison_glob_t(ctx, pglob);
2437+
if ((!res || res == glob_nomatch) && pglob) unpoison_glob_t(ctx, flags, pglob);
24332438
return res;
24342439
}
24352440
#else
@@ -2493,7 +2498,7 @@ INTERCEPTOR(int, glob, const char *pattern, int flags,
24932498
Swap(pglob->gl_stat, glob_copy.gl_stat);
24942499
}
24952500
pglob_copy = 0;
2496-
if ((!res || res == glob_nomatch) && pglob) unpoison_glob_t(ctx, pglob);
2501+
if ((!res || res == glob_nomatch) && pglob) unpoison_glob_t(ctx, flags, pglob);
24972502
return res;
24982503
}
24992504
#endif // SANITIZER_SOLARIS
@@ -2529,7 +2534,7 @@ INTERCEPTOR(int, glob64, const char *pattern, int flags,
25292534
Swap(pglob->gl_stat, glob_copy.gl_stat);
25302535
}
25312536
pglob_copy = 0;
2532-
if ((!res || res == glob_nomatch) && pglob) unpoison_glob_t(ctx, pglob);
2537+
if ((!res || res == glob_nomatch) && pglob) unpoison_glob_t(ctx, flags, pglob);
25332538
return res;
25342539
}
25352540
#define INIT_GLOB64 \

0 commit comments

Comments
 (0)