1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
/*
normalize_glibc.c
Copyright (C) 2010 Red Hat, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "normalize.h"
#include "frame.h"
#include "thread.h"
#include "utils.h"
#include <string.h>
#include <stdlib.h>
#include <assert.h>
struct btp_frame *
btp_glibc_thread_find_exit_frame(struct btp_thread *thread)
{
struct btp_frame *frame = thread->frames;
struct btp_frame *result = NULL;
while (frame)
{
bool is_exit_frame =
btp_frame_calls_func_in_file(frame, "__run_exit_handlers", "exit.c") ||
btp_frame_calls_func_in_file4(frame, "raise", "pt-raise.c", "libc.so", "libc-", "libpthread.so") ||
btp_frame_calls_func_in_file(frame, "exit", "exit.c") ||
btp_frame_calls_func_in_file3(frame, "abort", "abort.c", "libc.so", "libc-") ||
/* Terminates a function in case of buffer overflow. */
btp_frame_calls_func_in_file2(frame, "__chk_fail", "chk_fail.c", "libc.so");
if (is_exit_frame)
result = frame;
frame = frame->next;
}
return result;
}
void
btp_normalize_glibc_thread(struct btp_thread *thread)
{
/* Find the exit frame and remove everything above it. */
struct btp_frame *exit_frame = btp_glibc_thread_find_exit_frame(thread);
if (exit_frame)
{
bool success = btp_thread_remove_frames_above(thread, exit_frame);
assert(success); /* if this fails, some code become broken */
success = btp_thread_remove_frame(thread, exit_frame);
assert(success); /* if this fails, some code become broken */
}
/* Standard function filtering loop. */
struct btp_frame *frame = thread->frames;
while (frame)
{
struct btp_frame *next_frame = frame->next;
/* Normalize frame names. */
#define NORMALIZE_ARCH_SPECIFIC(func) \
if (btp_frame_calls_func_in_file2(frame, "__" func "_sse2", func ".S", "libc.so") || \
btp_frame_calls_func_in_file2(frame, "__" func "_ssse3", func ".S", "libc.so") || \
btp_frame_calls_func_in_file2(frame, "__" func "_ia32", func ".S", "libc.so")) \
{ \
strcpy(frame->function_name, func); \
}
NORMALIZE_ARCH_SPECIFIC("memchr");
NORMALIZE_ARCH_SPECIFIC("memcmp");
NORMALIZE_ARCH_SPECIFIC("memcpy");
NORMALIZE_ARCH_SPECIFIC("memset");
NORMALIZE_ARCH_SPECIFIC("rawmemchr");
NORMALIZE_ARCH_SPECIFIC("strcat");
NORMALIZE_ARCH_SPECIFIC("strchr");
NORMALIZE_ARCH_SPECIFIC("strchrnul");
NORMALIZE_ARCH_SPECIFIC("strcmp");
NORMALIZE_ARCH_SPECIFIC("strcpy");
NORMALIZE_ARCH_SPECIFIC("strcspn");
NORMALIZE_ARCH_SPECIFIC("strlen");
NORMALIZE_ARCH_SPECIFIC("strncmp");
NORMALIZE_ARCH_SPECIFIC("strpbrk");
NORMALIZE_ARCH_SPECIFIC("strrchr");
NORMALIZE_ARCH_SPECIFIC("strspn");
NORMALIZE_ARCH_SPECIFIC("strtok");
/* Remove frames which are not a cause of the crash. */
bool removable =
btp_frame_calls_func(frame, "__assert_fail") ||
btp_frame_calls_func(frame, "__strcat_chk") ||
btp_frame_calls_func(frame, "__strcpy_chk") ||
btp_frame_calls_func(frame, "__strncpy_chk") ||
btp_frame_calls_func(frame, "__vsnprintf_chk") ||
btp_frame_calls_func(frame, "___vsnprintf_chk") ||
btp_frame_calls_func(frame, "__snprintf_chk") ||
btp_frame_calls_func(frame, "___snprintf_chk") ||
btp_frame_calls_func(frame, "__vasprintf_chk");
if (removable)
{
bool success = btp_thread_remove_frames_above(thread, frame);
assert(success);
success = btp_thread_remove_frame(thread, frame);
assert(success);
}
frame = next_frame;
}
}
|