diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/sanitizer/asan_interface.h | 4 | ||||
-rw-r--r-- | include/sanitizer/common_interface_defs.h | 17 | ||||
-rw-r--r-- | include/sanitizer/coverage_interface.h | 4 | ||||
-rw-r--r-- | include/sanitizer/dfsan_interface.h | 6 | ||||
-rw-r--r-- | include/sanitizer/lsan_interface.h | 2 | ||||
-rw-r--r-- | include/sanitizer/msan_interface.h | 16 |
6 files changed, 35 insertions, 14 deletions
diff --git a/include/sanitizer/asan_interface.h b/include/sanitizer/asan_interface.h index 7763389ab257..97ba0ceb0b23 100644 --- a/include/sanitizer/asan_interface.h +++ b/include/sanitizer/asan_interface.h @@ -110,10 +110,6 @@ extern "C" { void __asan_report_error(void *pc, void *bp, void *sp, void *addr, int is_write, size_t access_size); - // Sets the exit code to use when reporting an error. - // Returns the old value. - int __asan_set_error_exit_code(int exit_code); - // Deprecated. Call __sanitizer_set_death_callback instead. void __asan_set_death_callback(void (*callback)(void)); diff --git a/include/sanitizer/common_interface_defs.h b/include/sanitizer/common_interface_defs.h index ef645e527119..b736ed9e5235 100644 --- a/include/sanitizer/common_interface_defs.h +++ b/include/sanitizer/common_interface_defs.h @@ -105,12 +105,29 @@ extern "C" { int __sanitizer_verify_contiguous_container(const void *beg, const void *mid, const void *end); + // Similar to __sanitizer_verify_contiguous_container but returns the address + // of the first improperly poisoned byte otherwise. Returns null if the area + // is poisoned properly. + const void *__sanitizer_contiguous_container_find_bad_address( + const void *beg, const void *mid, const void *end); + // Print the stack trace leading to this call. Useful for debugging user code. void __sanitizer_print_stack_trace(); // Sets the callback to be called right before death on error. // Passing 0 will unset the callback. void __sanitizer_set_death_callback(void (*callback)(void)); + + // Interceptor hooks. + // Whenever a libc function interceptor is called it checks if the + // corresponding weak hook is defined, and it so -- calls it. + // The primary use case is data-flow-guided fuzzing, where the fuzzer needs + // to know what is being passed to libc functions, e.g. memcmp. + // FIXME: implement more hooks. + void __sanitizer_weak_hook_memcmp(void *called_pc, const void *s1, + const void *s2, size_t n); + void __sanitizer_weak_hook_strncmp(void *called_pc, const char *s1, + const char *s2, size_t n); #ifdef __cplusplus } // extern "C" #endif diff --git a/include/sanitizer/coverage_interface.h b/include/sanitizer/coverage_interface.h index 404b71e3086f..b93111b859bc 100644 --- a/include/sanitizer/coverage_interface.h +++ b/include/sanitizer/coverage_interface.h @@ -27,9 +27,11 @@ extern "C" { // descriptor. Returns -1 on failure, or if coverage dumping is disabled. // This is intended for use by sandboxing code. intptr_t __sanitizer_maybe_open_cov_file(const char *name); - // Get the number of total unique covered entities (blocks, edges, calls). + // Get the number of unique covered blocks (or edges). // This can be useful for coverage-directed in-process fuzzers. uintptr_t __sanitizer_get_total_unique_coverage(); + // Get the number of unique indirect caller-callee pairs. + uintptr_t __sanitizer_get_total_unique_caller_callee_pairs(); // Reset the basic-block (edge) coverage to the initial state. // Useful for in-process fuzzing to start collecting coverage from scratch. diff --git a/include/sanitizer/dfsan_interface.h b/include/sanitizer/dfsan_interface.h index 84ffd49f8afe..05666f736718 100644 --- a/include/sanitizer/dfsan_interface.h +++ b/include/sanitizer/dfsan_interface.h @@ -91,16 +91,18 @@ void dfsan_set_write_callback(dfsan_write_callback_t labeled_write_callback); /// <label> <parent label 1> <parent label 2> <label description if any> void dfsan_dump_labels(int fd); +/// Interceptor hooks. /// Whenever a dfsan's custom function is called the corresponding /// hook is called it non-zero. The hooks should be defined by the user. /// The primary use case is taint-guided fuzzing, where the fuzzer /// needs to see the parameters of the function and the labels. /// FIXME: implement more hooks. - -/// memcmp hook. void dfsan_weak_hook_memcmp(void *caller_pc, const void *s1, const void *s2, size_t n, dfsan_label s1_label, dfsan_label s2_label, dfsan_label n_label); +void dfsan_weak_hook_strncmp(void *caller_pc, const char *s1, const char *s2, + size_t n, dfsan_label s1_label, + dfsan_label s2_label, dfsan_label n_label); #ifdef __cplusplus } // extern "C" diff --git a/include/sanitizer/lsan_interface.h b/include/sanitizer/lsan_interface.h index db017c4de1a3..8fb8e756da26 100644 --- a/include/sanitizer/lsan_interface.h +++ b/include/sanitizer/lsan_interface.h @@ -43,7 +43,7 @@ extern "C" { // Check for leaks now. This function behaves identically to the default // end-of-process leak check. In particular, it will terminate the process if - // leaks are found and the exit_code flag is non-zero. + // leaks are found and the exitcode runtime flag is non-zero. // Subsequent calls to this function will have no effect and end-of-process // leak check will not run. Effectively, end-of-process leak check is moved to // the time of first invocation of this function. diff --git a/include/sanitizer/msan_interface.h b/include/sanitizer/msan_interface.h index f54bcaa3e157..6d6a3765241b 100644 --- a/include/sanitizer/msan_interface.h +++ b/include/sanitizer/msan_interface.h @@ -61,10 +61,6 @@ extern "C" { * is not. */ void __msan_check_mem_is_initialized(const volatile void *x, size_t size); - /* Set exit code when error(s) were detected. - Value of 0 means don't change the program exit code. */ - void __msan_set_exit_code(int exit_code); - /* For testing: __msan_set_expect_umr(1); ... some buggy code ... @@ -92,14 +88,22 @@ extern "C" { Memory will be marked uninitialized, with origin at the call site. */ void __msan_allocated_memory(const volatile void* data, size_t size); + /* Tell MSan about newly destroyed memory. Mark memory as uninitialized. */ + void __sanitizer_dtor_callback(const volatile void* data, size_t size); + /* This function may be optionally provided by user and should return a string containing Msan runtime options. See msan_flags.h for details. */ const char* __msan_default_options(); - /* Sets the callback to be called right before death on error. - Passing 0 will unset the callback. */ + /* Deprecated. Call __sanitizer_set_death_callback instead. */ void __msan_set_death_callback(void (*callback)(void)); + /* Update shadow for the application copy of size bytes from src to dst. + Src and dst are application addresses. This function does not copy the + actual application memory, it only updates shadow and origin for such + copy. Source and destination regions can overlap. */ + void __msan_copy_shadow(const volatile void *dst, const volatile void *src, + size_t size); #ifdef __cplusplus } // extern "C" #endif |