Skip to content

Commit 95ec081

Browse files
sthibaulsthibaul
committed
[sanitizer] Fix sanitizing glob_t when flags contain GLOB_DOOFFS
e.g. glob_t g; memset(&g, 0, sizeof(g); g.gl_offs = 1; glob("*", GLOB_DOOFFS, NULL, &g); will reserve one NULL entry at the beginning of g.gl_pathv, in addition to the gl.gl_pathc results.
1 parent 8f683c3 commit 95ec081

File tree

1 file changed

+11
-6
lines changed

1 file changed

+11
-6
lines changed

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2468,13 +2468,18 @@ INTERCEPTOR(int, timespec_get, struct __sanitizer_timespec *ts, int base) {
24682468
#endif
24692469

24702470
#if SANITIZER_INTERCEPT_GLOB
2471-
static void unpoison_glob_t(void *ctx, __sanitizer_glob_t *pglob) {
2471+
static void unpoison_glob_t(void *ctx, int flags, __sanitizer_glob_t *pglob) {
2472+
SIZE_T offs;
24722473
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, pglob, sizeof(*pglob));
2474+
if (flags & GLOB_DOOFFS)
2475+
offs = pglob->gl_offs;
2476+
else
2477+
offs = 0;
24732478
// +1 for NULL pointer at the end.
24742479
if (pglob->gl_pathv)
24752480
COMMON_INTERCEPTOR_WRITE_RANGE(
2476-
ctx, pglob->gl_pathv, (pglob->gl_pathc + 1) * sizeof(*pglob->gl_pathv));
2477-
for (SIZE_T i = 0; i < pglob->gl_pathc; ++i) {
2481+
ctx, pglob->gl_pathv, (offs + pglob->gl_pathc + 1) * sizeof(*pglob->gl_pathv));
2482+
for (SIZE_T i = offs; i < offs + pglob->gl_pathc; ++i) {
24782483
char *p = pglob->gl_pathv[i];
24792484
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, p, internal_strlen(p) + 1);
24802485
}
@@ -2488,7 +2493,7 @@ INTERCEPTOR(int, glob, const char *pattern, int flags,
24882493
COMMON_INTERCEPTOR_ENTER(ctx, glob, pattern, flags, errfunc, pglob);
24892494
COMMON_INTERCEPTOR_READ_STRING(ctx, pattern, 0);
24902495
int res = REAL(glob)(pattern, flags, errfunc, pglob);
2491-
if ((!res || res == glob_nomatch) && pglob) unpoison_glob_t(ctx, pglob);
2496+
if ((!res || res == glob_nomatch) && pglob) unpoison_glob_t(ctx, flags, pglob);
24922497
return res;
24932498
}
24942499
#else
@@ -2552,7 +2557,7 @@ INTERCEPTOR(int, glob, const char *pattern, int flags,
25522557
Swap(pglob->gl_stat, glob_copy.gl_stat);
25532558
}
25542559
pglob_copy = 0;
2555-
if ((!res || res == glob_nomatch) && pglob) unpoison_glob_t(ctx, pglob);
2560+
if ((!res || res == glob_nomatch) && pglob) unpoison_glob_t(ctx, flags, pglob);
25562561
return res;
25572562
}
25582563
#endif // SANITIZER_SOLARIS
@@ -2588,7 +2593,7 @@ INTERCEPTOR(int, glob64, const char *pattern, int flags,
25882593
Swap(pglob->gl_stat, glob_copy.gl_stat);
25892594
}
25902595
pglob_copy = 0;
2591-
if ((!res || res == glob_nomatch) && pglob) unpoison_glob_t(ctx, pglob);
2596+
if ((!res || res == glob_nomatch) && pglob) unpoison_glob_t(ctx, flags, pglob);
25922597
return res;
25932598
}
25942599
#define INIT_GLOB64 \

0 commit comments

Comments
 (0)