[PATCH] Fix realloc'ing a freed pointer
Timur Iskhodzhanov
timurrrr at google.com
Sat May 18 11:41:52 PDT 2013
Hi kcc,
See https://code.google.com/p/address-sanitizer/issues/detail?id=187
http://llvm-reviews.chandlerc.com/D818
Files:
tests/asan_test.cc
asan_allocator2.cc
Index: tests/asan_test.cc
===================================================================
--- tests/asan_test.cc
+++ tests/asan_test.cc
@@ -353,6 +353,13 @@
free(ptr2);
}
+TEST(AddressSanitizer, ReallocFreedPointerTest) {
+ void *ptr = Ident(malloc(42));
+ ASSERT_TRUE(NULL != ptr);
+ free(ptr);
+ EXPECT_DEATH(ptr = realloc(ptr, 77), "attempting double-free");
+}
+
TEST(AddressSanitizer, ZeroSizeMallocTest) {
// Test that malloc(0) and similar functions don't return NULL.
void *ptr = Ident(malloc(0));
Index: asan_allocator2.cc
===================================================================
--- asan_allocator2.cc
+++ asan_allocator2.cc
@@ -488,6 +488,9 @@
thread_stats.reallocs++;
thread_stats.realloced += new_size;
+ if (m->chunk_state == CHUNK_QUARANTINE)
+ ReportDoubleFree((uptr)old_ptr, stack);
+
CHECK_EQ(m->chunk_state, CHUNK_ALLOCATED);
uptr old_size = m->UsedSize();
uptr memcpy_size = Min(new_size, old_size);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D818.1.patch
Type: text/x-patch
Size: 973 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20130518/9e172dfa/attachment.bin>
More information about the llvm-commits
mailing list