[sanitizer] Handle nullptr name in prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME)

[woruyu]

Summary

This PR resolves #160562

[llvmbot]

@llvm/pr-subscribers-compiler-rt-sanitizer

Author: woruyu (woruyu)

Changes

Summary

This PR resolves #160562

---

Full diff: https://github.com/llvm/llvm-project/pull/160824.diff

2 Files Affected:

• (modified) compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc (+1-1)
• (modified) compiler-rt/test/sanitizer_common/TestCases/Linux/prctl.cpp (+4)

diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
index a96d325d08983..b10ce7fa44afc 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
@@ -1326,7 +1326,7 @@ PRCTL_INTERCEPTOR(int, prctl, int option, unsigned long arg2,
   static const int PR_SET_SECCOMP = 22;
   static const int SECCOMP_MODE_FILTER = 2;
 #  endif
-  if (option == PR_SET_VMA && arg2 == 0UL) {
+  if (option == PR_SET_VMA && arg2 == 0UL && arg5 != 0UL) {
     char *name = (char *)arg5;
     COMMON_INTERCEPTOR_READ_RANGE(ctx, name, internal_strlen(name) + 1);
   }
diff --git a/compiler-rt/test/sanitizer_common/TestCases/Linux/prctl.cpp b/compiler-rt/test/sanitizer_common/TestCases/Linux/prctl.cpp
index dab1d1b48f868..a3bbeac15e906 100644
--- a/compiler-rt/test/sanitizer_common/TestCases/Linux/prctl.cpp
+++ b/compiler-rt/test/sanitizer_common/TestCases/Linux/prctl.cpp
@@ -88,5 +88,9 @@ int main() {
   res = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &pr);
   assert(res == -1);
 
+  unsigned long name = reinterpret_cast<unsigned long>(nullptr);
+  res = prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, 0, 0, nullptr, name);
+  assert(res == 0);
+
   return 0;
 }

[woruyu]

I'm confused to ci test, which report assert(res == 0); error, but in my local machine, it can run successfully.

[devnexen]

seems in your machine the related kernel feature is enabled, in the CI it might not be the case.

[devnexen]

I would just say this. In this particular test the most important is to prove it s not crashing because of the sanitizer interception.

[devnexen]

Also I forgot please change the commit title, it is not specific to asan. LGTM solely for the fix itself ;)

[devnexen]

Seems all pass 👌🏻

[woruyu]

Hi @vitalybuka — friendly ping. Any suggestions for review, if well, I will merge it. Thank you!

[fmayer]

Thanks

[vitalybuka]

LGTM

[devnexen]

@woruyu I think it qualifies for 21.x backport, what do you think ?

[woruyu]

@woruyu I think it qualifies for 21.x backport, what do you think ?

Sounds good — I think it qualifies for a 21.x backport. However, I don't know what the backport steps are. Are there some reference that can help me understanding how to do?

[Enna1]

@woruyu I think it qualifies for 21.x backport, what do you think ?

Sounds good — I think it qualifies for a 21.x backport. However, I don't know what the backport steps are. Are there some reference that can help me understanding how to do?

See https://llvm.org/docs/GitHub.html#backporting-fixes-to-the-release-branches