Add memset to emscripten_with_builtin_malloc (#11734)

tlively · web-flow · commit aa130a45e468 · 2020-08-11T16:30:20.000-07:00
This was previously causing crashes due to ASan-instrumented memset
being used beneath the ASan boundary in the implementation of
mmap. Unfortunately, these crashes only happened when the allocation
sequence set the heap up in such a manner that the
previously-instrumented memset would intersect a poison region on the
heap, so we don't have a reproducer small enough to make a good test.

As a drive-by, also remove the use of __sys_pipe from libasan so that
it can link successfully with NO_FILESYSTEM.
diff --git a/emcc.py b/emcc.py
@@ -1912,9 +1912,15 @@ def include_and_export(name):
 
       if sanitize:
         shared.Settings.USE_OFFSET_CONVERTER = 1
-        shared.Settings.EXPORTED_FUNCTIONS += ['_memalign', '_emscripten_builtin_memalign',
-                                               '_emscripten_builtin_malloc', '_emscripten_builtin_free',
-                                               '___data_end', '___heap_base', '___global_base']
+        shared.Settings.EXPORTED_FUNCTIONS += [
+            '_memalign',
+            '_emscripten_builtin_memalign',
+            '_emscripten_builtin_malloc',
+            '_emscripten_builtin_free',
+            '___data_end',
+            '___heap_base',
+            '___global_base'
+        ]
 
         if not shared.Settings.WASM_BACKEND:
           exit_with_error('Sanitizers are not compatible with the fastcomp backend. Please upgrade to the upstream wasm backend by following these instructions: https://v8.dev/blog/emscripten-llvm-wasm#testing')
@@ -1936,6 +1942,7 @@ def include_and_export(name):
         shared.Settings.USE_ASAN = 1
 
         shared.Settings.EXPORTED_FUNCTIONS += [
+          '_emscripten_builtin_memset',
           '_asan_c_load_1', '_asan_c_load_1u',
           '_asan_c_load_2', '_asan_c_load_2u',
           '_asan_c_load_4', '_asan_c_load_4u',
diff --git a/src/library.js b/src/library.js
@@ -4455,7 +4455,11 @@ LibraryManager.library = {
 #endif
   },
 
-  $withBuiltinMalloc__deps: ['emscripten_builtin_malloc', 'emscripten_builtin_free', 'emscripten_builtin_memalign'],
+  $withBuiltinMalloc__deps: ['emscripten_builtin_malloc', 'emscripten_builtin_free', 'emscripten_builtin_memalign'
+#if USE_ASAN
+                             , 'emscripten_builtin_memset'
+#endif
+                            ],
   $withBuiltinMalloc__docs: '/** @suppress{checkTypes} */',
   $withBuiltinMalloc: function (func) {
     var prev_malloc = typeof _malloc !== 'undefined' ? _malloc : undefined;
@@ -4464,12 +4468,19 @@ LibraryManager.library = {
     _malloc = _emscripten_builtin_malloc;
     _memalign = _emscripten_builtin_memalign;
     _free = _emscripten_builtin_free;
+#if USE_ASAN
+    var prev_memset = typeof _memset !== 'undefined' ? _memset : undefined
+    _memset = _emscripten_builtin_memset;
+#endif
     try {
       return func();
     } finally {
       _malloc = prev_malloc;
       _memalign = prev_memalign;
       _free = prev_free;
+#if USE_ASAN
+      _memset = prev_memset;
+#endif
     }
   },
 
diff --git a/system/lib/compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cpp b/system/lib/compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cpp
@@ -277,6 +277,11 @@ bool SignalContext::IsStackOverflow() const {
 #endif  // SANITIZER_GO
 
 bool IsAccessibleMemoryRange(uptr beg, uptr size) {
+#if SANITIZER_EMSCRIPTEN
+  // Avoid pulling in __sys_pipe for the trick below, which doesn't work on
+  // WebAssembly anyways because there are no memory protections.
+  return true;
+#else
   uptr page_size = GetPageSizeCached();
   // Checking too large memory ranges is slow.
   CHECK_LT(size, page_size * 10);
@@ -296,6 +301,7 @@ bool IsAccessibleMemoryRange(uptr beg, uptr size) {
   internal_close(sock_pair[0]);
   internal_close(sock_pair[1]);
   return result;
+#endif // SANITIZER_EMSCRIPTEN
 }
 
 void PlatformPrepareForSandboxing(__sanitizer_sandbox_arguments *args) {
diff --git a/tests/test_other.py b/tests/test_other.py
@@ -9563,6 +9563,10 @@ def test_mmap_and_munmap(self):
   def test_mmap_and_munmap_anonymous(self):
     self.do_other_test('mmap_and_munmap_anonymous', emcc_args=['-s', 'NO_FILESYSTEM'])
 
+  @no_fastcomp('asan is not supported on fastcomp')
+  def test_mmap_and_munmap_anonymous_asan(self):
+    self.do_other_test('mmap_and_munmap_anonymous', emcc_args=['-s', 'NO_FILESYSTEM', '-fsanitize=address', '-s', 'ALLOW_MEMORY_GROWTH=1'])
+
   def test_mmap_memorygrowth(self):
     self.do_other_test('mmap_memorygrowth', ['-s', 'ALLOW_MEMORY_GROWTH=1'])
 
