Add setting do disable cookie at address zero (#19487)

This allows folks to depend on the contents of address zero always being
zero.

Fixes: #19389

Author: sbc100

ChangeLog.md

@@ -20,6 +20,9 @@ See docs/process.md for more on how version tagging works.
 
 3.1.41 (in development)
 -----------------------
+- A new setting (`CHECK_NULL_WRITES`) was added to disabled the checking of
+  address zero that is normally done when `STACK_OVERFLOW_CHECK` is enabled.
+  (#19487)
 
 3.1.40 - 05/30/23
 -----------------

emcc.py

@@ -2733,6 +2733,10 @@ def check_memory_setting(setting):
       # by SAFE_HEAP as a null pointer dereference.
       exit_with_error('ASan does not work with SAFE_HEAP')
 
+  if settings.USE_ASAN or settings.SAFE_HEAP:
+    # ASan and SAFE_HEAP check address 0 themselves
+    settings.CHECK_NULL_WRITES = 0
+
   if sanitize and settings.GENERATE_SOURCE_MAP:
     settings.LOAD_SOURCE_MAP = 1
 

src/runtime_stack_check.js

@@ -15,8 +15,8 @@ function writeStackCookie() {
   assert((max & 3) == 0);
 #endif
   // If the stack ends at address zero we write our cookies 4 bytes into the
-  // stack.  This prevents interference with the (separate) address-zero check
-  // below.
+  // stack.  This prevents interference with SAFE_HEAP and ASAN which also
+  // monitor writes to address zero.
   if (max == 0) {
     max += 4;
   }
@@ -25,9 +25,9 @@ function writeStackCookie() {
   // ever overwritten.
   {{{ makeSetValue('max', 0, '0x02135467', 'u32') }}};
   {{{ makeSetValue('max', 4, '0x89BACDFE', 'u32') }}};
-#if !USE_ASAN && !SAFE_HEAP // ASan and SAFE_HEAP check address 0 themselves
+#if CHECK_NULL_WRITES
   // Also test the global address 0 for integrity.
-  HEAPU32[0] = 0x63736d65; /* 'emsc' */
+  {{{ makeSetValue(0, 0, 0x63736d65 /* 'emsc' */, 'u32') }}};
 #endif
 }
 
@@ -48,9 +48,9 @@ function checkStackCookie() {
   if (cookie1 != 0x02135467 || cookie2 != 0x89BACDFE) {
     abort(`Stack overflow! Stack cookie has been overwritten at ${ptrToString(max)}, expected hex dwords 0x89BACDFE and 0x2135467, but received ${ptrToString(cookie2)} ${ptrToString(cookie1)}`);
   }
-#if !USE_ASAN && !SAFE_HEAP // ASan and SAFE_HEAP check address 0 themselves
+#if CHECK_NULL_WRITES
   // Also test the global address 0 for integrity.
-  if (HEAPU32[0] !== 0x63736d65 /* 'emsc' */) {
+  if ({{{ makeGetValue(0, 0, 'u32') }}} != 0x63736d65 /* 'emsc' */) {
     abort('Runtime error: The application has corrupted its heap memory area (address zero)!');
   }
 #endif

src/settings.js

@@ -63,6 +63,13 @@ var ASSERTIONS = 1;
 // [link]
 var STACK_OVERFLOW_CHECK = 0;
 
+// When STACK_OVERFLOW_CHECK is enabled we also check writes to address zero.
+// This can help detect NULL pointer usage.  If you want to skip this extra
+// check (for example, if you want reads from the address zero to always return
+// zero) you can disabled this here.  This setting has no effect when
+// STACK_OVERFLOW_CHECK is disabled.
+var CHECK_NULL_WRITES = true;
+
 // When set to 1, will generate more verbose output during compilation.
 // [general]
 var VERBOSE = false;

test/test_other.py

@@ -521,7 +521,8 @@ def test_emcc_4(self, compiler):
       generated = read_file('something.js')
       main = self.get_func(generated, '_main') if 'function _main' in generated else generated
       assert 'new Uint16Array' in generated and 'new Uint32Array' in generated, 'typed arrays 2 should be used by default'
-      assert 'SAFE_HEAP' not in generated, 'safe heap should not be used by default'
+      assert 'SAFE_HEAP_LOAD' not in generated, 'safe heap should not be used by default'
+      assert 'SAFE_HEAP_STORE' not in generated, 'safe heap should not be used by default'
       assert ': while(' not in main, 'when relooping we also js-optimize, so there should be no labelled whiles'
       if closure:
         if opt_level == 0: