Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question: Release build containing local build strings #745

Open
jackfruit2 opened this issue Sep 10, 2022 · 3 comments
Open

Question: Release build containing local build strings #745

jackfruit2 opened this issue Sep 10, 2022 · 3 comments

Comments

@jackfruit2
Copy link

Hi @McMartin,

Apologies for the noob question. I'm fairly new to C++, CMake, JUCE and FRUT. Gotta start somewhere right ;). Firstly thanks for this amazing tool, it great to be able to build a whole project from the commandline rather than reliance on a GUI etc.

I'm experimenting with both JUCE and FRUT at the moment, with the intention of creating a hardened release build. When running an build using the Xcode target even with STRIP_LOCAL_SYMBOLS I find strings related to the build including references to the cpp source files present in the binary. Futhermore, I also find mangled function names in clear sight that would aid a disassembler to circumvent any sort of registration process or aid other malicious intenent.

The example export target that I'm using:

jucer_export_target_configuration( "Xcode (MacOSX)" NAME "Release" DEBUG_MODE OFF BINARY_NAME "test_plugin" STRIP_LOCAL_SYMBOLS ON OPTIMISATION "-O3 (fastest with safe optimisations)" )

I used the utility program called strings (which may have been installed with Xcode) to discover this. Do you know what I might be missing? Do I require linker flags or additional compiler switches.

I'm using:
Apple clang version 13.1.6 (clang-1316.0.21.2.5)
Target: x86_64-apple-darwin21.6.0
Thread model: posix

Many thanks in advance ;)

@McMartin
Copy link
Owner

Hi @jackfruit2,

Thanks for using FRUT!

Could you please give me some examples of strings and/or function names that you found in the binary, though you didn't expect them there? I'll also try to reproduce on my side, but it will be easier for me if I know what I should be looking for.

@jackfruit2
Copy link
Author

jackfruit2 commented Sep 12, 2022

Hi @McMartin,

Thanks for your timely reply.

Please find the replication instructions to reproduce the issue that im facing:
Note: Im using macOS Montery

Instructions

  1. Create a HelloWorld VST3 plugin using JUCE 7.0.1
  2. Follow the readme instructions to create a vanilla FRUT project (found here: https://github.com/McMartin/FRUT)
  3. Configure the CMakeLists.txt to include the following juce_export_target_configuration:

jucer_export_target_configuration(
"Xcode (MacOSX)"
NAME "Release"
DEBUG_MODE OFF
BINARY_NAME "Helloworld"
STRIP_LOCAL_SYMBOLS ON
LINK_TIME_OPTIMISATION ON
OPTIMISATION "-O3 (fastest with safe optimisations)"
)

  1. Build the project using cmake --build . --config Release
  2. Change directory to the built artifact (the VST3) ~/Library/Audio/Plug-Ins/VST3/Helloworld.vst3/Contents/MacOS
  3. Execute strip just to make sure the debug symbols are removed strip -x -S Helloworld -o Helloworld.stripped
  4. Execute strings Helloworld.stripped > ~/Desktop/Helloworld2.txt to output the strings found in the binary to a file.
  5. Observe the file containing mangled function names and reference to cpp files including its origin in the txt file.

Sample Extract Mangled Functions

Please find below a sample of JUCE mangle functions in the binaries :

NSt3__110__function6__baseIFffffEEE
ZZN4juce17AudioParameterIntC1ERKNS_11ParameterIDERKNS_6StringEiiiRKNS_27AudioParameterIntAttributesEENK4$19clEvEUlfffE
NSt3__110__function6__funcIZZN4juce17AudioParameterIntC1ERKNS2_11ParameterIDERKNS2_6StringEiiiRKNS2_27AudioParameterIntAttributesEENK4$_19clEvEUlfffE0_NS_9allocatorISE_EEFffffEEE
ZZN4juce17AudioParameterIntC1ERKNS_11ParameterIDERKNS_6StringEiiiRKNS_27AudioParameterIntAttributesEENK4$19clEvEUlfffE0
NSt3__110__function6__funcIZZN4juce17AudioParameterIntC1ERKNS2_11ParameterIDERKNS2_6StringEiiiRKNS2_27AudioParameterIntAttributesEENK4$_19clEvEUlfffE1_NS_9allocatorISE_EEFffffEEE
ZZN4juce17AudioParameterIntC1ERKNS_11ParameterIDERKNS_6StringEiiiRKNS_27AudioParameterIntAttributesEENK4$19clEvEUlfffE1
NSt3__110__function6__funcIZZN4juce20AudioParameterChoiceC1ERKNS2_11ParameterIDERKNS2_6StringERKNS2_11StringArrayEiRKNS2_30AudioParameterChoiceAttributesEENK4$_24clEvEUlfffE_NS_9allocatorISH_EEFffffEEE
ZZN4juce20AudioParameterChoiceC1ERKNS_11ParameterIDERKNS_6StringERKNS_11StringArrayEiRKNS_30AudioParameterChoiceAttributesEENK4$24clEvEUlfffE
NSt3__110__function6__funcIZZN4juce20AudioParameterChoiceC1ERKNS2_11ParameterIDERKNS2_6StringERKNS2_11StringArrayEiRKNS2_30AudioParameterChoiceAttributesEENK4$_24clEvEUlfffE0_NS_9allocatorISH_EEFffffEEE
ZZN4juce20AudioParameterChoiceC1ERKNS_11ParameterIDERKNS_6StringERKNS_11StringArrayEiRKNS_30AudioParameterChoiceAttributesEENK4$24clEvEUlfffE0
NSt3__110__function6__funcIZZN4juce20AudioParameterChoiceC1ERKNS2_11ParameterIDERKNS2_6StringERKNS2_11StringArrayEiRKNS2_30AudioParameterChoiceAttributesEENK4$24clEvEUlfffE1_NS_9allocatorISH

Sample of Exposed Home directory

Component Controller Class
%02X
/Users/jackfruit2/SDKs/JUCE/modules/juce_audio_plugin_client/VST3/juce_VST3_Wrapper.cpp
allocator::allocate(size_t n) 'n' exceeds maximum supported size
/Users/jackfruit2/SDKs/JUCE/modules/juce_audio_plugin_client/utility/juce_CreatePluginFilter.h
*** Leaked objects detected:
instance(s) of class
/Users/jackfruit2/SDKs/JUCE/modules/juce_core/memory/juce_LeakedObjectDetector.h

Attached Artefact

Attached is my output with examples of my home directory being exposed :
Helloworld2.txt

@jackfruit2
Copy link
Author

Hi @McMartin,

I finally figured this one out. JUCE uses RTTI so user classes potentially leak the both mangled class and function names in the binary. I used the COMPILER_FLAGS_FOR_ compiler scheme to declare the -fno-rtti flag for compilation units that don't use dynamic_casts, typeid or throw exceptions.

I was wondering if this strategy is safe to do in FRUT/JUCE?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants