blob: 79b44a42c997a0993fe7f427bf7a17aace2e9b3f [file] [log] [blame]
# This black list is a merge of blacklist.txt and vptr_blacklist.txt.
#############################################################################
# UBSan security blacklist.
#############################################################################
# YASM does some funny things that UBsan doesn't like.
# https://crbug.com/489901
src:*/third_party/yasm/*
#############################################################################
# V8 gives too many false positives. Ignore them for now.
src:*/v8/*
#############################################################################
# Ignore system libraries.
src:*/usr/*
#############################################################################
# V8 UBsan supressions, commented out for now since we are ignorning v8
# completely.
# fun:*v8*internal*FastD2I*
# fun:*v8*internal*ComputeIntegerHash*
# fun:*v8*internal*ComputeLongHash*
# fun:*v8*internal*ComputePointerHash*
# src:*/v8/src/base/bits.cc
# src:*/v8/src/base/functional.cc
# Undefined behaviour (integer overflow) is expected but ignored in this
# function.
# fun:*JsonParser*ParseJsonNumber*
# Runtime numeric functions.
# src:*/v8/src/runtime/runtime-numbers.cc
# Shifts of negative numbers
# fun:*v8*internal*HPositionInfo*TagPosition*
# fun:*v8*internal*Range*Shl*
# fun:*v8*internal*RelocInfoWriter*WriteTaggedData*
#############################################################################
# Undefined arithmetic that can be safely ignored.
src:*/ppapi/shared_impl/id_assignment.h
#############################################################################
# ICU supressions. Mostly hash functions where integer overflow is OK.
fun:*hashEntry*
fun:*LocaleCacheKey*hashCode*
fun:*google*protobuf*hash*
fun:*(hash|Hash)*
#############################################################################
# Bounds blacklist.
# Array at the end of struct pattern:
# Maybe UBSan itself can be improved here?
# e.g.
# struct blah {
# int a;
# char foo[2]; // not actually 2
# }
src:*/net/disk_cache/blockfile/backend_impl.cc
src:*/net/disk_cache/blockfile/entry_impl.cc
src:*/third_party/icu/source/common/rbbi.cpp
src:*/third_party/icu/source/common/rbbitblb.cpp
src:*/third_party/icu/source/common/ucmndata.c
#############################################################################
# Delete in destructor on a this where this == nullptr
fun:*re2*RegexpD*
#############################################################################
# Harmless float division by zero.
fun:*RendererFrameManager*CullUnlockedFrames*
#############################################################################
# UBSan vptr blacklist.
# Function and type based blacklisting use a mangled name, and it is especially
# tricky to represent C++ types. For now, any possible changes by name manglings
# are simply represented as wildcard expressions of regexp, and thus it might be
# over-blacklisted.
#############################################################################
# Identical layouts.
# If base and derived classes have identifical memory layouts (i.e., the same
# object size) and both have no virtual functions, we blacklist them as there
# would be not much security implications.
fun:*LifecycleNotifier*addObserver*
fun:*LifecycleNotifier*removeObserver*
fun:*toWebInputElement*
type:*base*MessageLoopForIO*
type:*BlockRefType*
type:*SkAutoTUnref*
type:*WDResult*
type:*ExecutionContext*
type:*WebInputElement*
type:*WebFormControlElement*
# Avoid identical layout cases for 86 different classes in InspectorTypeBuilder,
# all of which are guarded using COMPILER_ASSERT on the object size. Two more
# types are also blacklisted due to the template class (JSONArray <-> Array<T>).
src:*InspectorTypeBuilder.h*
type:*TypeBuilder*
type:*JSONArray*
#############################################################################
# Base class's constructor accesses a derived class's member.
fun:*DoublyLinkedListNode*
type:*content*WebUIExtensionData*
# RenderFrameObserverTracker<T>::RenderFrameObserverTracker()
fun:*content*RenderFrameObserverTracker*RenderFrame*
# RenderViewObserverTracker<T>::RenderViewObserverTracker()
fun:*content*RenderViewObserverTracker*RenderView*
#############################################################################
# Base class's destructor accesses a derived class.
fun:*DatabaseContext*contextDestroyed*
# FIXME: Cannot handle template function LifecycleObserver<>::SetContext,
# so exclude source file for now.
src:*lifecycle_observer.h*
#############################################################################
# static_cast into itself in the constructor.
fun:*RefCountedGarbageCollected*makeKeepAlive*
fun:*ThreadSafeRefCountedGarbageCollected*makeKeepAlive*
#############################################################################
# Accessing data in destructors where the class has virtual inheritances.
type:*content*RenderWidgetHost*
# Match mangled name for X::~X().
fun:*content*RenderThreadImplD*
fun:*content*RenderViewHostImplD*
fun:*content*UtilityThreadImplD*
#############################################################################
# Using raw pointer values.
#
# A raw pointer value (16) is used to infer the field offset by
# GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET.
src:*/third_party/protobuf/src/google/protobuf/compiler/plugin.pb.cc
src:*/third_party/protobuf/src/google/protobuf/compiler/cpp/cpp_message.cc
src:*/third_party/protobuf/src/google/protobuf/descriptor.pb.cc
#############################################################################
# Avoid link errors.
# Ubsan vptr needs typeinfo on the target class, but it looks like typeinfo is
# not avaiable if the class is not exported. For now, simply blacklisted to
# avoid link errors; e.g., undefined reference to 'typeinfo for [CLASS_NAME]'.
# obj/ppapi/libppapi_proxy.a(obj/ppapi/proxy/ppapi_proxy.proxy_channel.o):../../ppapi/proxy/proxy_channel.cc:__unnamed_53: error: undefined reference to 'typeinfo for IPC::TestSink'
src:*/ppapi/proxy/proxy_channel.cc
# obj/chrome/libbrowser.a(obj/chrome/browser/net/browser.predictor.o):../../chrome/browser/net/predictor.cc:__unnamed_577: error: undefined reference to 'typeinfo for ProxyAdvisor'
src:*/chrome/browser/net/predictor.cc
# obj/third_party/libwebm/libwebm.a(obj/third_party/libwebm/source/libwebm.mkvmuxer.o)(.data.rel..L__unnamed_2+0x18): error: undefined reference to 'typeinfo for mkvparser::IMkvReader'
src:*/third_party/libwebm/source/mkvmuxer.cpp
#############################################################################
# UBSan seems to be emit false positives when virtual base classes are
# involved, see e.g. crbug.com/448102.
type:*v8*internal*OFStream*
#############################################################################
# UBsan is unable to handle static_cast<A*>(nullptr) and crashes on SIGSEGV.
#
# static_cast<StartPageService*> in StartPageServiceFactory::GetForProfile.
type:*StartPageService*
# Remove once function attribute level blacklisting is implemented.
# See crbug.com/476063.
fun:*forbidGCDuringConstruction*
#############################################################################
# UBsan goes into an infinite recursion when __dynamic_cast instrumented with
# "vptr". See crbug.com/609786.
src:*/third_party/libc\+\+abi/trunk/src/private_typeinfo.cpp