From b7b7ac19fd9e2afbf5aea4db5e3f318576e6809f Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Tue, 26 Dec 2017 09:39:22 +0100 Subject: executor: check format strings I see a crash which says: #0: too much cover 0 (errno 0) while the code is: uint64_t n = ...; if (n >= kCoverSize) fail("#%d: too much cover %u", th->id, n); It seems that the high part of n is set, but we don't see it. Add printf format attribute to fail and friends and fix all similar cases. Caught a bunch of similar cases and a missing argument in: exitf("opendir(%s) failed due to NOFILE, exiting"); --- pkg/csource/linux_common.go | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'pkg/csource/linux_common.go') diff --git a/pkg/csource/linux_common.go b/pkg/csource/linux_common.go index 1ec165b89..329c7e5e2 100644 --- a/pkg/csource/linux_common.go +++ b/pkg/csource/linux_common.go @@ -146,17 +146,19 @@ __attribute__((noreturn)) static void doexit(int status) #if defined(SYZ_EXECUTOR) #define exit vsnprintf #define _exit vsnprintf -#endif -#if defined(SYZ_EXECUTOR) +#define uint64_t unsigned long long + #if defined(__GNUC__) #define SYSCALLAPI #define NORETURN __attribute__((noreturn)) #define ALIGNED(N) __attribute__((aligned(N))) +#define PRINTF __attribute__((format(printf, 1, 2))) #else #define SYSCALLAPI WINAPI #define NORETURN __declspec(noreturn) #define ALIGNED(N) __declspec(align(N)) +#define PRINTF #endif typedef long(SYSCALLAPI* syscall_t)(long, long, long, long, long, long, long, long, long); @@ -186,7 +188,7 @@ const int kErrorStatus = 68; #if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT)) || \ defined(SYZ_USE_TMP_DIR) || defined(SYZ_TUN_ENABLE) || defined(SYZ_SANDBOX_NAMESPACE) || \ defined(SYZ_SANDBOX_NONE) || defined(SYZ_SANDBOX_SETUID) || defined(__NR_syz_kvm_setup_cpu) -NORETURN static void fail(const char* msg, ...) +NORETURN PRINTF static void fail(const char* msg, ...) { int e = errno; va_list args; @@ -199,7 +201,7 @@ NORETURN static void fail(const char* msg, ...) #endif #if defined(SYZ_EXECUTOR) -NORETURN static void error(const char* msg, ...) +NORETURN PRINTF static void error(const char* msg, ...) { va_list args; va_start(args, msg); @@ -211,7 +213,7 @@ NORETURN static void error(const char* msg, ...) #endif #if defined(SYZ_EXECUTOR) || (defined(SYZ_REPEAT) && defined(SYZ_WAIT_REPEAT) && defined(SYZ_USE_TMP_DIR)) || defined(SYZ_FAULT_INJECTION) -NORETURN static void exitf(const char* msg, ...) +NORETURN PRINTF static void exitf(const char* msg, ...) { int e = errno; va_list args; @@ -226,7 +228,7 @@ NORETURN static void exitf(const char* msg, ...) #if defined(SYZ_EXECUTOR) || defined(SYZ_DEBUG) static int flag_debug; -static void debug(const char* msg, ...) +PRINTF static void debug(const char* msg, ...) { if (!flag_debug) return; @@ -296,10 +298,10 @@ static void segv_handler(int sig, siginfo_t* info, void* uctx) const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { - debug("SIGSEGV on %p, skipping\n", addr); + debug("SIGSEGV on %p, skipping\n", (void*)addr); _longjmp(segv_env, 1); } - debug("SIGSEGV on %p, exiting\n", addr); + debug("SIGSEGV on %p, exiting\n", (void*)addr); doexit(sig); } @@ -1931,7 +1933,7 @@ retry: dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { - exitf("opendir(%s) failed due to NOFILE, exiting"); + exitf("opendir(%s) failed due to NOFILE, exiting", dir); } exitf("opendir(%s) failed", dir); } -- cgit mrf-deployment