[DTrace-devel] [PATCH] cg: fix ALLOCA taint propagation for struct/union member access
Eugene Loh
eugene.loh at oracle.com
Mon Jul 10 16:39:13 UTC 2023
Reviewed-by: Eugene Loh <eugene.loh at oracle.com>
On 7/10/23 11:06, Kris Van Hees via DTrace-devel wrote:
> When alloca'd memory stores a struct, lvalues that represent members in
> that struct should also be marked as pointers to alloca'd memory.
>
> Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
> ---
> libdtrace/dt_parser.c | 4 ++++
> .../codegen/tst.alloca-taint-sou-access.d | 24 +++++++++++++++++++
> 2 files changed, 28 insertions(+)
> create mode 100644 test/unittest/codegen/tst.alloca-taint-sou-access.d
>
> diff --git a/libdtrace/dt_parser.c b/libdtrace/dt_parser.c
> index 870faaa9..beb94676 100644
> --- a/libdtrace/dt_parser.c
> +++ b/libdtrace/dt_parser.c
> @@ -4015,6 +4015,10 @@ asgn_common:
> if (lp->dn_flags & DT_NF_WRITABLE)
> dnp->dn_flags |= DT_NF_WRITABLE;
>
> + /* Transfer alloca taint. */
> + if (lp->dn_flags & DT_NF_ALLOCA)
> + dt_cook_taint_alloca(dnp, NULL, lp);
> +
> if (xflags && (kind == CTF_K_POINTER ||
> (dnp->dn_flags & DT_NF_REF)))
> dnp->dn_flags |= DT_NF_USERLAND;
> diff --git a/test/unittest/codegen/tst.alloca-taint-sou-access.d b/test/unittest/codegen/tst.alloca-taint-sou-access.d
> new file mode 100644
> index 00000000..2a390a9d
> --- /dev/null
> +++ b/test/unittest/codegen/tst.alloca-taint-sou-access.d
> @@ -0,0 +1,24 @@
> +/*
> + * Oracle Linux DTrace.
> + * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
> + * Licensed under the Universal Permissive License v 1.0 as shown at
> + * http://oss.oracle.com/licenses/upl.
> + */
> +
> +/*
> + * Check that ALLOCA annotations are propagated correctly across structure
> + * member dereferences.
> + */
> +
> +BEGIN
> +{
> + ptr = (struct in6_addr *)alloca(sizeof(struct in6_addr));
> + ptr->in6_u.u6_addr8[0] = 0x42;
> +
> + exit(0);
> +}
> +
> +ERROR
> +{
> + exit(1);
> +}
More information about the DTrace-devel
mailing list