FRUT icon indicating copy to clipboard operation
FRUT copied to clipboard

Published 20 hours ago verified publisher icon McMartin

Question: Release build containing local build strings

Open jackfruit2 opened this issue 2 years ago • 3 comments

Hi @McMartin,

Apologies for the noob question. I'm fairly new to C++, CMake, JUCE and FRUT. Gotta start somewhere right ;). Firstly thanks for this amazing tool, it great to be able to build a whole project from the commandline rather than reliance on a GUI etc.

I'm experimenting with both JUCE and FRUT at the moment, with the intention of creating a hardened release build. When running an build using the Xcode target even with STRIP_LOCAL_SYMBOLS I find strings related to the build including references to the cpp source files present in the binary. Futhermore, I also find mangled function names in clear sight that would aid a disassembler to circumvent any sort of registration process or aid other malicious intenent.

The example export target that I'm using:

jucer_export_target_configuration( "Xcode (MacOSX)" NAME "Release" DEBUG_MODE OFF BINARY_NAME "test_plugin" STRIP_LOCAL_SYMBOLS ON OPTIMISATION "-O3 (fastest with safe optimisations)" )

I used the utility program called strings (which may have been installed with Xcode) to discover this. Do you know what I might be missing? Do I require linker flags or additional compiler switches.

I'm using: Apple clang version 13.1.6 (clang-1316.0.21.2.5) Target: x86_64-apple-darwin21.6.0 Thread model: posix

Many thanks in advance ;)

jackfruit2 avatar Sep 10 '22 11:09 jackfruit2

Hi @jackfruit2,

Thanks for using FRUT!

Could you please give me some examples of strings and/or function names that you found in the binary, though you didn't expect them there? I'll also try to reproduce on my side, but it will be easier for me if I know what I should be looking for.

McMartin avatar Sep 12 '22 20:09 McMartin

Hi @McMartin,

Thanks for your timely reply.

Please find the replication instructions to reproduce the issue that im facing: Note: Im using macOS Montery

Instructions

  1. Create a HelloWorld VST3 plugin using JUCE 7.0.1
  2. Follow the readme instructions to create a vanilla FRUT project (found here: https://github.com/McMartin/FRUT)
  3. Configure the CMakeLists.txt to include the following juce_export_target_configuration:

jucer_export_target_configuration( "Xcode (MacOSX)" NAME "Release" DEBUG_MODE OFF BINARY_NAME "Helloworld" STRIP_LOCAL_SYMBOLS ON LINK_TIME_OPTIMISATION ON OPTIMISATION "-O3 (fastest with safe optimisations)" )

  1. Build the project using cmake --build . --config Release
  2. Change directory to the built artifact (the VST3) ~/Library/Audio/Plug-Ins/VST3/Helloworld.vst3/Contents/MacOS
  3. Execute strip just to make sure the debug symbols are removed strip -x -S Helloworld -o Helloworld.stripped
  4. Execute strings Helloworld.stripped > ~/Desktop/Helloworld2.txt to output the strings found in the binary to a file.
  5. Observe the file containing mangled function names and reference to cpp files including its origin in the txt file.

Sample Extract Mangled Functions

Please find below a sample of JUCE mangle functions in the binaries :

NSt3__110__function6__baseIFffffEEE ZZN4juce17AudioParameterIntC1ERKNS_11ParameterIDERKNS_6StringEiiiRKNS_27AudioParameterIntAttributesEENK4$19clEvEUlfffE NSt3__110__function6__funcIZZN4juce17AudioParameterIntC1ERKNS2_11ParameterIDERKNS2_6StringEiiiRKNS2_27AudioParameterIntAttributesEENK4$_19clEvEUlfffE0_NS_9allocatorISE_EEFffffEEE ZZN4juce17AudioParameterIntC1ERKNS_11ParameterIDERKNS_6StringEiiiRKNS_27AudioParameterIntAttributesEENK4$19clEvEUlfffE0 NSt3__110__function6__funcIZZN4juce17AudioParameterIntC1ERKNS2_11ParameterIDERKNS2_6StringEiiiRKNS2_27AudioParameterIntAttributesEENK4$_19clEvEUlfffE1_NS_9allocatorISE_EEFffffEEE ZZN4juce17AudioParameterIntC1ERKNS_11ParameterIDERKNS_6StringEiiiRKNS_27AudioParameterIntAttributesEENK4$19clEvEUlfffE1 NSt3__110__function6__funcIZZN4juce20AudioParameterChoiceC1ERKNS2_11ParameterIDERKNS2_6StringERKNS2_11StringArrayEiRKNS2_30AudioParameterChoiceAttributesEENK4$_24clEvEUlfffE_NS_9allocatorISH_EEFffffEEE ZZN4juce20AudioParameterChoiceC1ERKNS_11ParameterIDERKNS_6StringERKNS_11StringArrayEiRKNS_30AudioParameterChoiceAttributesEENK4$24clEvEUlfffE NSt3__110__function6__funcIZZN4juce20AudioParameterChoiceC1ERKNS2_11ParameterIDERKNS2_6StringERKNS2_11StringArrayEiRKNS2_30AudioParameterChoiceAttributesEENK4$_24clEvEUlfffE0_NS_9allocatorISH_EEFffffEEE ZZN4juce20AudioParameterChoiceC1ERKNS_11ParameterIDERKNS_6StringERKNS_11StringArrayEiRKNS_30AudioParameterChoiceAttributesEENK4$24clEvEUlfffE0 NSt3__110__function6__funcIZZN4juce20AudioParameterChoiceC1ERKNS2_11ParameterIDERKNS2_6StringERKNS2_11StringArrayEiRKNS2_30AudioParameterChoiceAttributesEENK4$24clEvEUlfffE1_NS_9allocatorISH

Sample of Exposed Home directory

Component Controller Class %02X /Users/jackfruit2/SDKs/JUCE/modules/juce_audio_plugin_client/VST3/juce_VST3_Wrapper.cpp allocator<T>::allocate(size_t n) 'n' exceeds maximum supported size /Users/jackfruit2/SDKs/JUCE/modules/juce_audio_plugin_client/utility/juce_CreatePluginFilter.h *** Leaked objects detected: instance(s) of class /Users/jackfruit2/SDKs/JUCE/modules/juce_core/memory/juce_LeakedObjectDetector.h

Attached Artefact

Attached is my output with examples of my home directory being exposed : Helloworld2.txt

jackfruit2 avatar Sep 12 '22 23:09 jackfruit2

Hi @McMartin,

I finally figured this one out. JUCE uses RTTI so user classes potentially leak the both mangled class and function names in the binary. I used the COMPILER_FLAGS_FOR_ compiler scheme to declare the -fno-rtti flag for compilation units that don't use dynamic_casts, typeid or throw exceptions.

I was wondering if this strategy is safe to do in FRUT/JUCE?

jackfruit2 avatar Dec 17 '22 21:12 jackfruit2