From edwin at clamav.net Tue Oct 13 07:37:26 2009 From: edwin at clamav.net (=?ISO-8859-1?Q?T=F6r=F6k_Edwin?=) Date: Tue, 13 Oct 2009 14:37:26 +0300 Subject: [Softbound-users] Problem with fprintf of constant string when using Softbound 1.1.1 Message-ID: <4AD46676.6000704@clamav.net> Hi, After seeing the slides on softbound, I tested it on ClamAV (www.clamav.net). I encountered two problems: some wrappers were missing (attached patch), and it detected a bug [1] when calling fprintf, but there is no bug there: logg("!%s\n", cl_strerror(ret)); const char *cl_strerror(int clerror) { switch (clerror) { ... case CL_ESTAT: return "Can't get file status"; } } int logg(const char *str, ...) { char buffer[1025]; abuffer = malloc(len); char *buf = abuffer; ... char *buf = buffer; ... fprintf(logg_fp, "%s", buff+1); } What am I doing wrong? Is there a flag to output what is the bounds violation exaclty? (which pointer, valid size, actual offset, similar to how valgrind/mudflap reports) Here's how I compiled ClamAV (after compiling zlib and bzip2 to bitcode similarly, and compiling libltdl's argz.c to argz.bc): $ git clone git://git.clamav.net/git/clamav-devel $ cd clamav-devel $ ../../clamav-devel/configure --disable-shared --disable-mempool --disable-pthreads --prefix=/home/edwin/clam/git/builds/softbound/pfx --with-included-ltdl $ make CPPFLAGS="-O1 --emit-llvm" CCLD="llvm-ld -disable-opt" CFLAGS= -j4 $ llvm-link /home/edwin/llvm-git/softbound/SoftBound-v1.1.1/test/softbound-checks.bc /home/edwin/llvm-git/softbound/SoftBound-v1.1.1/argz.bc $1 >test-linked.bc $ opt -SoftBoundPass test-linked.bc >test-instrumented.bc $ llvm-link test-instrumented.bc /home/edwin/llvm-git/softbound/SoftBound-v1.1.1/test/softbound.bc /home/edwin/llvm-git/softbound/SoftBound-v1.1.1/test/softbound-wrappers.bc >test-softbound.bc $ llvm-ld -disable-opt -lm -lcrypt test-softbound.bc -o test $ llc -disable-fp-elim ) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. in ../nptl/sysdeps/unix/sysv/linux/raise.c (gdb) bt #0 0x0000003411231d25 in *__GI_raise (sig=) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x0000003411234de1 in *__GI_abort () at abort.c:88 #2 0x00000000006e7b15 in __softbound_abort () #3 0x00000000006e7faa in __loadDereferenceCheck () #4 0x0000000000438f07 in softbound_logg () #5 0x0000000000450acf in scanmanager (opts=0x943010) at manager.c:424 #6 0x0000000000444ad7 in softbound_pseudo_main () #7 0x00000000006e7c71 in main () (gdb) up #1 0x0000003411234de1 in *__GI_abort () at abort.c:88 88 abort.c: No such file or directory. in abort.c (gdb) #2 0x00000000006e7b15 in __softbound_abort () Current language: auto The current source language is "auto; currently asm". (gdb) #3 0x00000000006e7faa in __loadDereferenceCheck () (gdb) #4 0x0000000000438f07 in softbound_logg () (gdb) #5 0x0000000000450acf in scanmanager (opts=0x943010) at manager.c:424 424 logg("!%s\n", cl_strerror(ret)); Program received signal SIGABRT, Aborted. 0x0000003411231d25 in *__GI_raise (sig=) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. in ../nptl/sysdeps/unix/sysv/linux/raise.c (gdb) bt #0 0x0000003411231d25 in *__GI_raise (sig=) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x0000003411234de1 in *__GI_abort () at abort.c:88 #2 0x0000000000781c05 in __softbound_abort () #3 0x000000000049fd17 in logg () at output.c:330 #4 0x00000000004b1ce8 in softbound_scanmanager () #5 0x00000000004ad59a in logg_close () at output.c:208 #6 0x0000000000781d61 in main () (gdb) up #1 0x0000003411234de1 in *__GI_abort () at abort.c:88 88 abort.c: No such file or directory. in abort.c (gdb) #2 0x0000000000781c05 in __softbound_abort () Current language: auto The current source language is "auto; currently asm". (gdb) #3 0x000000000049fd17 in logg () at output.c:330 330 fprintf(logg_fp, "%s", buff + 1); Best regards, --Edwin From edwin at clamav.net Tue Oct 13 07:42:59 2009 From: edwin at clamav.net (=?ISO-8859-1?Q?T=F6r=F6k_Edwin?=) Date: Tue, 13 Oct 2009 14:42:59 +0300 Subject: [Softbound-users] Problem with fprintf of constant string when using Softbound 1.1.1 In-Reply-To: <4AD46676.6000704@clamav.net> References: <4AD46676.6000704@clamav.net> Message-ID: <4AD467C3.7020608@clamav.net> On 2009-10-13 14:37, T?r?k Edwin wrote: > Hi, > > After seeing the slides on softbound, I tested it on ClamAV > (www.clamav.net). > > I encountered two problems: some wrappers were missing (attached patch), Forgot to attach, here it is. Maybe it is something wrong in the wrappers I wrote that causes the bug? > and it detected a bug [1] when calling fprintf, but there is no bug there: > > logg("!%s\n", cl_strerror(ret)); > > const char *cl_strerror(int clerror) > { > switch (clerror) { > ... > case CL_ESTAT: > return "Can't get file status"; > } > } > > int logg(const char *str, ...) { > char buffer[1025]; > > abuffer = malloc(len); > char *buf = abuffer; > ... > char *buf = buffer; > > ... > fprintf(logg_fp, "%s", buff+1); > } > > What am I doing wrong? Is there a flag to output what is the bounds > violation exaclty? (which pointer, valid size, actual offset, similar to > how valgrind/mudflap reports) > > Here's how I compiled ClamAV (after compiling zlib and bzip2 to bitcode > similarly, and compiling libltdl's argz.c to argz.bc): > > $ git clone git://git.clamav.net/git/clamav-devel > $ cd clamav-devel > $ ../../clamav-devel/configure --disable-shared --disable-mempool > --disable-pthreads --prefix=/home/edwin/clam/git/builds/softbound/pfx > --with-included-ltdl > $ make CPPFLAGS="-O1 --emit-llvm" CCLD="llvm-ld -disable-opt" CFLAGS= -j4 > $ llvm-link > /home/edwin/llvm-git/softbound/SoftBound-v1.1.1/test/softbound-checks.bc > /home/edwin/llvm-git/softbound/SoftBound-v1.1.1/argz.bc $1 >test-linked.bc > $ opt -SoftBoundPass test-linked.bc >test-instrumented.bc > $ llvm-link test-instrumented.bc > /home/edwin/llvm-git/softbound/SoftBound-v1.1.1/test/softbound.bc > /home/edwin/llvm-git/softbound/SoftBound-v1.1.1/test/softbound-wrappers.bc >> test-softbound.bc > $ llvm-ld -disable-opt -lm -lcrypt test-softbound.bc -o test > $ llc -disable-fp-elim $ gcc test.o -lm -lcrypt -o test > $ gdb ./test > > I can send you clamscan.bc if needed. > > (I used disable-opt and disable-fp-elim to get a usable stacktrace). > > [1] Stacktrace of bug: > Starting program: /home/edwin/clam/git/builds/softbound/clamscan/test > > cl_load(): Can't get status of > /home/edwin/clam/git/builds/softbound/pfx/share/clamav > LibClamAV Error: > SoftBound: Bounds violation detected > > > Backtrace: > /home/edwin/clam/git/builds/softbound/clamscan/test[0x6e7ad6] > > Program received signal SIGABRT, Aborted. > 0x0000003411231d25 in *__GI_raise (sig=) at > ../nptl/sysdeps/unix/sysv/linux/raise.c:64 > 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. > in ../nptl/sysdeps/unix/sysv/linux/raise.c > (gdb) bt > #0 0x0000003411231d25 in *__GI_raise (sig=) at > ../nptl/sysdeps/unix/sysv/linux/raise.c:64 > #1 0x0000003411234de1 in *__GI_abort () at abort.c:88 > #2 0x00000000006e7b15 in __softbound_abort () > #3 0x00000000006e7faa in __loadDereferenceCheck () > #4 0x0000000000438f07 in softbound_logg () > #5 0x0000000000450acf in scanmanager (opts=0x943010) at manager.c:424 > #6 0x0000000000444ad7 in softbound_pseudo_main () > #7 0x00000000006e7c71 in main () > (gdb) up > #1 0x0000003411234de1 in *__GI_abort () at abort.c:88 > 88 abort.c: No such file or directory. > in abort.c > (gdb) > #2 0x00000000006e7b15 in __softbound_abort () > Current language: auto > The current source language is "auto; currently asm". > (gdb) > #3 0x00000000006e7faa in __loadDereferenceCheck () > (gdb) > #4 0x0000000000438f07 in softbound_logg () > (gdb) > #5 0x0000000000450acf in scanmanager (opts=0x943010) at manager.c:424 > 424 logg("!%s\n", cl_strerror(ret)); > > Program received signal SIGABRT, Aborted. > 0x0000003411231d25 in *__GI_raise (sig=) at > ../nptl/sysdeps/unix/sysv/linux/raise.c:64 > 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. > in ../nptl/sysdeps/unix/sysv/linux/raise.c > (gdb) bt > #0 0x0000003411231d25 in *__GI_raise (sig=) at > ../nptl/sysdeps/unix/sysv/linux/raise.c:64 > #1 0x0000003411234de1 in *__GI_abort () at abort.c:88 > #2 0x0000000000781c05 in __softbound_abort () > #3 0x000000000049fd17 in logg () at output.c:330 > #4 0x00000000004b1ce8 in softbound_scanmanager () > #5 0x00000000004ad59a in logg_close () at output.c:208 > #6 0x0000000000781d61 in main () > (gdb) up > #1 0x0000003411234de1 in *__GI_abort () at abort.c:88 > 88 abort.c: No such file or directory. > in abort.c > (gdb) > #2 0x0000000000781c05 in __softbound_abort () > Current language: auto > The current source language is "auto; currently asm". > (gdb) > #3 0x000000000049fd17 in logg () at output.c:330 > 330 fprintf(logg_fp, "%s", buff + 1); > > > > Best regards, > --Edwin > _______________________________________________ > Softbound-users mailing list > Softbound-users at lists.seas.upenn.edu > http://lists.seas.upenn.edu/mailman/listinfo/softbound-users -------------- next part -------------- A non-text attachment was scrubbed... Name: newwrappers.patch Type: text/x-diff Size: 9775 bytes Desc: not available Url : http://lists.seas.upenn.edu/pipermail/softbound-users/attachments/20091013/44f588e0/newwrappers-0001.bin From santoshn at cis.upenn.edu Tue Oct 13 22:56:10 2009 From: santoshn at cis.upenn.edu (Santosh Nagarakatte) Date: Tue, 13 Oct 2009 22:56:10 -0400 Subject: [Softbound-users] Softbound-users Digest, Vol 1, Issue 1 In-Reply-To: References: Message-ID: <4AD53DCA.2020105@cis.upenn.edu> Edwin, Its strange. Can you send me the .bc file before and after softbound? Thanks, Santosh softbound-users-request at lists.seas.upenn.edu wrote: > Send Softbound-users mailing list submissions to > softbound-users at lists.seas.upenn.edu > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.seas.upenn.edu/mailman/listinfo/softbound-users > or, via email, send a message with subject or body 'help' to > softbound-users-request at lists.seas.upenn.edu > > You can reach the person managing the list at > softbound-users-owner at lists.seas.upenn.edu > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Softbound-users digest..." > > > Today's Topics: > > 1. Test email (Santosh Nagarakatte) > 2. SoftBound-v1.0 (Santosh Nagarakatte) > 3. SoftBound-v1.0 Release Archive test (Santosh Nagarakatte) > 4. SoftBound Release-v1.1 (Santosh Nagarakatte) > 5. SoftBound Release-v1.1.1 (Santosh Nagarakatte) > 6. Problem with fprintf of constant string when using Softbound > 1.1.1 (T?r?k Edwin) > 7. Re: Problem with fprintf of constant string when using > Softbound 1.1.1 (T?r?k Edwin) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 23 Apr 2009 01:22:15 -0400 > From: Santosh Nagarakatte > Subject: [Softbound-users] Test email > To: softbound-users at lists.seas.upenn.edu > Message-ID: <49EFFB07.3050105 at cis.upenn.edu> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Test Email to check the softbound-users mailing list > > Santosh > > -- -------- Santosh Nagarakatte, Phd Student, CIS, UPenn http://www.cis.upenn.edu/~santoshn From santoshn at cis.upenn.edu Thu Oct 15 13:10:18 2009 From: santoshn at cis.upenn.edu (Santosh Nagarakatte) Date: Thu, 15 Oct 2009 13:10:18 -0400 Subject: [Softbound-users] Problem with fprintf of constant string, when using Softbound 1.1.1 Message-ID: <4AD7577A.3090606@cis.upenn.edu> Edwin, You can get more information about the metadata space accesses using -D__SOFTBOUND_DEBUG flag while compiling softbound-checks.c. We disable all logging information during the normal compilation+ run to reduce performance overhead Thanks, Santosh