1//===-- asan_interceptors_memintrinsics.h -----------------------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===---------------------------------------------------------------------===//
8//
9// This file is a part of AddressSanitizer, an address sanity checker.
10//
11// ASan-private header for asan_interceptors_memintrinsics.cpp
12//===---------------------------------------------------------------------===//
13#ifndef ASAN_MEMINTRIN_H
14#define ASAN_MEMINTRIN_H
15
16#include "asan_interface_internal.h"
17#include "asan_internal.h"
18#include "asan_mapping.h"
19#include "interception/interception.h"
20
21DECLARE_REAL(void *, memcpy, void *to, const void *from, uptr size)
22DECLARE_REAL(void *, memset, void *block, int c, uptr size)
23
24namespace __asan {
25
26// Return true if we can quickly decide that the region is unpoisoned.
27// We assume that a redzone is at least 16 bytes.
28static inline bool QuickCheckForUnpoisonedRegion(uptr beg, uptr size) {
29  if (UNLIKELY(size == 0 || size > sizeof(uptr) * ASAN_SHADOW_GRANULARITY))
30    return !size;
31
32  uptr last = beg + size - 1;
33  uptr shadow_first = MEM_TO_SHADOW(beg);
34  uptr shadow_last = MEM_TO_SHADOW(last);
35  uptr uptr_first = RoundDownTo(shadow_first, sizeof(uptr));
36  uptr uptr_last = RoundDownTo(shadow_last, sizeof(uptr));
37  if (LIKELY(((*reinterpret_cast<const uptr *>(uptr_first) |
38               *reinterpret_cast<const uptr *>(uptr_last)) == 0)))
39    return true;
40  u8 shadow = AddressIsPoisoned(last);
41  for (; shadow_first < shadow_last; ++shadow_first)
42    shadow |= *((u8 *)shadow_first);
43  return !shadow;
44}
45
46struct AsanInterceptorContext {
47  const char *interceptor_name;
48};
49
50// We implement ACCESS_MEMORY_RANGE, ASAN_READ_RANGE,
51// and ASAN_WRITE_RANGE as macro instead of function so
52// that no extra frames are created, and stack trace contains
53// relevant information only.
54// We check all shadow bytes.
55#define ACCESS_MEMORY_RANGE(ctx, offset, size, isWrite)                   \
56  do {                                                                    \
57    uptr __offset = (uptr)(offset);                                       \
58    uptr __size = (uptr)(size);                                           \
59    uptr __bad = 0;                                                       \
60    if (UNLIKELY(__offset > __offset + __size)) {                         \
61      GET_STACK_TRACE_FATAL_HERE;                                         \
62      ReportStringFunctionSizeOverflow(__offset, __size, &stack);         \
63    }                                                                     \
64    if (UNLIKELY(!QuickCheckForUnpoisonedRegion(__offset, __size)) &&     \
65        (__bad = __asan_region_is_poisoned(__offset, __size))) {          \
66      AsanInterceptorContext *_ctx = (AsanInterceptorContext *)ctx;       \
67      bool suppressed = false;                                            \
68      if (_ctx) {                                                         \
69        suppressed = IsInterceptorSuppressed(_ctx->interceptor_name);     \
70        if (!suppressed && HaveStackTraceBasedSuppressions()) {           \
71          GET_STACK_TRACE_FATAL_HERE;                                     \
72          suppressed = IsStackTraceSuppressed(&stack);                    \
73        }                                                                 \
74      }                                                                   \
75      if (!suppressed) {                                                  \
76        GET_CURRENT_PC_BP_SP;                                             \
77        ReportGenericError(pc, bp, sp, __bad, isWrite, __size, 0, false); \
78      }                                                                   \
79    }                                                                     \
80  } while (0)
81
82#define ASAN_READ_RANGE(ctx, offset, size) \
83  ACCESS_MEMORY_RANGE(ctx, offset, size, false)
84#define ASAN_WRITE_RANGE(ctx, offset, size) \
85  ACCESS_MEMORY_RANGE(ctx, offset, size, true)
86
87// Behavior of functions like "memcpy" or "strcpy" is undefined
88// if memory intervals overlap. We report error in this case.
89// Macro is used to avoid creation of new frames.
90static inline bool RangesOverlap(const char *offset1, uptr length1,
91                                 const char *offset2, uptr length2) {
92  return !((offset1 + length1 <= offset2) || (offset2 + length2 <= offset1));
93}
94#define CHECK_RANGES_OVERLAP(name, _offset1, length1, _offset2, length2)   \
95  do {                                                                     \
96    const char *offset1 = (const char *)_offset1;                          \
97    const char *offset2 = (const char *)_offset2;                          \
98    if (UNLIKELY(RangesOverlap(offset1, length1, offset2, length2))) {     \
99      GET_STACK_TRACE_FATAL_HERE;                                          \
100      bool suppressed = IsInterceptorSuppressed(name);                     \
101      if (!suppressed && HaveStackTraceBasedSuppressions()) {              \
102        suppressed = IsStackTraceSuppressed(&stack);                       \
103      }                                                                    \
104      if (!suppressed) {                                                   \
105        ReportStringFunctionMemoryRangesOverlap(name, offset1, length1,    \
106                                                offset2, length2, &stack); \
107      }                                                                    \
108    }                                                                      \
109  } while (0)
110
111}  // namespace __asan
112
113#endif  // ASAN_MEMINTRIN_H
114