1//===-- asan_malloc_win.cc ------------------------------------------------===// 2// 3// This file is distributed under the University of Illinois Open Source 4// License. See LICENSE.TXT for details. 5// 6//===----------------------------------------------------------------------===// 7// 8// This file is a part of AddressSanitizer, an address sanity checker. 9// 10// Windows-specific malloc interception. 11//===----------------------------------------------------------------------===// 12 13#include "sanitizer_common/sanitizer_platform.h" 14#if SANITIZER_WINDOWS 15 16#include "asan_allocator.h" 17#include "asan_interceptors.h" 18#include "asan_internal.h" 19#include "asan_stack.h" 20#include "sanitizer_common/sanitizer_interception.h" 21 22#include <stddef.h> 23 24using namespace __asan; // NOLINT 25 26// MT: Simply defining functions with the same signature in *.obj 27// files overrides the standard functions in the CRT. 28// MD: Memory allocation functions are defined in the CRT .dll, 29// so we have to intercept them before they are called for the first time. 30 31#if ASAN_DYNAMIC 32# define ALLOCATION_FUNCTION_ATTRIBUTE 33#else 34# define ALLOCATION_FUNCTION_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE 35#endif 36 37extern "C" { 38ALLOCATION_FUNCTION_ATTRIBUTE 39void free(void *ptr) { 40 GET_STACK_TRACE_FREE; 41 return asan_free(ptr, &stack, FROM_MALLOC); 42} 43 44ALLOCATION_FUNCTION_ATTRIBUTE 45void _free_dbg(void *ptr, int) { 46 free(ptr); 47} 48 49ALLOCATION_FUNCTION_ATTRIBUTE 50void cfree(void *ptr) { 51 CHECK(!"cfree() should not be used on Windows"); 52} 53 54ALLOCATION_FUNCTION_ATTRIBUTE 55void *malloc(size_t size) { 56 GET_STACK_TRACE_MALLOC; 57 return asan_malloc(size, &stack); 58} 59 60ALLOCATION_FUNCTION_ATTRIBUTE 61void *_malloc_dbg(size_t size, int, const char *, int) { 62 return malloc(size); 63} 64 65ALLOCATION_FUNCTION_ATTRIBUTE 66void *calloc(size_t nmemb, size_t size) { 67 GET_STACK_TRACE_MALLOC; 68 return asan_calloc(nmemb, size, &stack); 69} 70 71ALLOCATION_FUNCTION_ATTRIBUTE 72void *_calloc_dbg(size_t nmemb, size_t size, int, const char *, int) { 73 return calloc(nmemb, size); 74} 75 76ALLOCATION_FUNCTION_ATTRIBUTE 77void *_calloc_impl(size_t nmemb, size_t size, int *errno_tmp) { 78 return calloc(nmemb, size); 79} 80 81ALLOCATION_FUNCTION_ATTRIBUTE 82void *realloc(void *ptr, size_t size) { 83 GET_STACK_TRACE_MALLOC; 84 return asan_realloc(ptr, size, &stack); 85} 86 87ALLOCATION_FUNCTION_ATTRIBUTE 88void *_realloc_dbg(void *ptr, size_t size, int) { 89 CHECK(!"_realloc_dbg should not exist!"); 90 return 0; 91} 92 93ALLOCATION_FUNCTION_ATTRIBUTE 94void *_recalloc(void *p, size_t n, size_t elem_size) { 95 if (!p) 96 return calloc(n, elem_size); 97 const size_t size = n * elem_size; 98 if (elem_size != 0 && size / elem_size != n) 99 return 0; 100 return realloc(p, size); 101} 102 103ALLOCATION_FUNCTION_ATTRIBUTE 104size_t _msize(void *ptr) { 105 GET_CURRENT_PC_BP_SP; 106 (void)sp; 107 return asan_malloc_usable_size(ptr, pc, bp); 108} 109 110ALLOCATION_FUNCTION_ATTRIBUTE 111void *_expand(void *memblock, size_t size) { 112 // _expand is used in realloc-like functions to resize the buffer if possible. 113 // We don't want memory to stand still while resizing buffers, so return 0. 114 return 0; 115} 116 117ALLOCATION_FUNCTION_ATTRIBUTE 118void *_expand_dbg(void *memblock, size_t size) { 119 return _expand(memblock, size); 120} 121 122// TODO(timurrrr): Might want to add support for _aligned_* allocation 123// functions to detect a bit more bugs. Those functions seem to wrap malloc(). 124 125int _CrtDbgReport(int, const char*, int, 126 const char*, const char*, ...) { 127 ShowStatsAndAbort(); 128} 129 130int _CrtDbgReportW(int reportType, const wchar_t*, int, 131 const wchar_t*, const wchar_t*, ...) { 132 ShowStatsAndAbort(); 133} 134 135int _CrtSetReportMode(int, int) { 136 return 0; 137} 138} // extern "C" 139 140namespace __asan { 141void ReplaceSystemMalloc() { 142#if defined(ASAN_DYNAMIC) 143 // We don't check the result because CRT might not be used in the process. 144 __interception::OverrideFunction("free", (uptr)free); 145 __interception::OverrideFunction("malloc", (uptr)malloc); 146 __interception::OverrideFunction("_malloc_crt", (uptr)malloc); 147 __interception::OverrideFunction("calloc", (uptr)calloc); 148 __interception::OverrideFunction("_calloc_crt", (uptr)calloc); 149 __interception::OverrideFunction("realloc", (uptr)realloc); 150 __interception::OverrideFunction("_realloc_crt", (uptr)realloc); 151 __interception::OverrideFunction("_recalloc", (uptr)_recalloc); 152 __interception::OverrideFunction("_recalloc_crt", (uptr)_recalloc); 153 __interception::OverrideFunction("_msize", (uptr)_msize); 154 __interception::OverrideFunction("_expand", (uptr)_expand); 155 156 // Override different versions of 'operator new' and 'operator delete'. 157 // No need to override the nothrow versions as they just wrap the throw 158 // versions. 159 // FIXME: Unfortunately, MSVC miscompiles the statements that take the 160 // addresses of the array versions of these operators, 161 // see https://connect.microsoft.com/VisualStudio/feedbackdetail/view/946992 162 // We might want to try to work around this by [inline] assembly or compiling 163 // parts of the RTL with Clang. 164 void *(*op_new)(size_t sz) = operator new; 165 void (*op_delete)(void *p) = operator delete; 166 void *(*op_array_new)(size_t sz) = operator new[]; 167 void (*op_array_delete)(void *p) = operator delete[]; 168 __interception::OverrideFunction("??2@YAPAXI@Z", (uptr)op_new); 169 __interception::OverrideFunction("??3@YAXPAX@Z", (uptr)op_delete); 170 __interception::OverrideFunction("??_U@YAPAXI@Z", (uptr)op_array_new); 171 __interception::OverrideFunction("??_V@YAXPAX@Z", (uptr)op_array_delete); 172#endif 173} 174} // namespace __asan 175 176#endif // _WIN32 177