From b7b7ac19fd9e2afbf5aea4db5e3f318576e6809f Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Tue, 26 Dec 2017 09:39:22 +0100 Subject: executor: check format strings I see a crash which says: #0: too much cover 0 (errno 0) while the code is: uint64_t n = ...; if (n >= kCoverSize) fail("#%d: too much cover %u", th->id, n); It seems that the high part of n is set, but we don't see it. Add printf format attribute to fail and friends and fix all similar cases. Caught a bunch of similar cases and a missing argument in: exitf("opendir(%s) failed due to NOFILE, exiting"); --- executor/common.h | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'executor/common.h') diff --git a/executor/common.h b/executor/common.h index 78b752045..50348023f 100644 --- a/executor/common.h +++ b/executor/common.h @@ -28,18 +28,22 @@ // because some standard libraries contain "using ::exit;", but has different signature. #define exit vsnprintf #define _exit vsnprintf -#endif -#if defined(SYZ_EXECUTOR) +// uint64_t is impossible to printf without using the clumsy and verbose "%" PRId64. +// So we do the define and use "%lld" to printf uint64_t's. +#define uint64_t unsigned long long + #if defined(__GNUC__) #define SYSCALLAPI #define NORETURN __attribute__((noreturn)) #define ALIGNED(N) __attribute__((aligned(N))) +#define PRINTF __attribute__((format(printf, 1, 2))) #else // Assuming windows/cl. #define SYSCALLAPI WINAPI #define NORETURN __declspec(noreturn) #define ALIGNED(N) __declspec(align(N)) +#define PRINTF #endif typedef long(SYSCALLAPI* syscall_t)(long, long, long, long, long, long, long, long, long); @@ -53,7 +57,7 @@ struct call_t { // Defined in generated syscalls_OS.h files. extern call_t syscalls[]; extern unsigned syscall_count; -#endif +#endif // #if defined(SYZ_EXECUTOR) #if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT)) || \ defined(SYZ_USE_TMP_DIR) || defined(SYZ_TUN_ENABLE) || defined(SYZ_SANDBOX_NAMESPACE) || \ @@ -71,7 +75,7 @@ const int kErrorStatus = 68; defined(SYZ_USE_TMP_DIR) || defined(SYZ_TUN_ENABLE) || defined(SYZ_SANDBOX_NAMESPACE) || \ defined(SYZ_SANDBOX_NONE) || defined(SYZ_SANDBOX_SETUID) || defined(__NR_syz_kvm_setup_cpu) // logical error (e.g. invalid input program), use as an assert() alernative -NORETURN static void fail(const char* msg, ...) +NORETURN PRINTF static void fail(const char* msg, ...) { int e = errno; va_list args; @@ -87,7 +91,7 @@ NORETURN static void fail(const char* msg, ...) #if defined(SYZ_EXECUTOR) // kernel error (e.g. wrong syscall return value) -NORETURN static void error(const char* msg, ...) +NORETURN PRINTF static void error(const char* msg, ...) { va_list args; va_start(args, msg); @@ -100,7 +104,7 @@ NORETURN static void error(const char* msg, ...) #if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT) && defined(SYZ_USE_TMP_DIR)) || defined(SYZ_FAULT_INJECTION) // just exit (e.g. due to temporal ENOMEM error) -NORETURN static void exitf(const char* msg, ...) +NORETURN PRINTF static void exitf(const char* msg, ...) { int e = errno; va_list args; @@ -115,7 +119,7 @@ NORETURN static void exitf(const char* msg, ...) #if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) static int flag_debug; -static void debug(const char* msg, ...) +PRINTF static void debug(const char* msg, ...) { if (!flag_debug) return; -- cgit mrf-deployment