[compiler-rt] r310119 - [asan] Check for pvalloc overlow

Kostya Kortchinsky via llvm-commits llvm-commits at lists.llvm.org
Fri Aug 4 13:28:59 PDT 2017 

Author: cryptoad
Date: Fri Aug  4 13:28:59 2017
New Revision: 310119

URL: http://llvm.org/viewvc/llvm-project?rev=310119&view=rev
Log:
[asan] Check for pvalloc overlow

Summary:
Last one of the `pvalloc` overflow checks!

`CheckForPvallocOverflow` was introduced with D35818 to detect when `pvalloc`
would wrap when rounding up to the next multiple of the page size.

Add this check to ASan's `pvalloc` implementation.

Reviewers: alekseyshl

Reviewed By: alekseyshl

Subscribers: llvm-commits, kubamracek

Differential Revision: https://reviews.llvm.org/D36257

Added:
    compiler-rt/trunk/test/asan/TestCases/Linux/pvalloc-overflow.cc
Modified:
    compiler-rt/trunk/lib/asan/asan_allocator.cc

Modified: compiler-rt/trunk/lib/asan/asan_allocator.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_allocator.cc?rev=310119&r1=310118&r2=310119&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/asan_allocator.cc (original)
+++ compiler-rt/trunk/lib/asan/asan_allocator.cc Fri Aug  4 13:28:59 2017
@@ -839,6 +839,10 @@ void *asan_valloc(uptr size, BufferedSta
 
 void *asan_pvalloc(uptr size, BufferedStackTrace *stack) {
   uptr PageSize = GetPageSizeCached();
+  if (UNLIKELY(CheckForPvallocOverflow(size, PageSize))) {
+    errno = errno_ENOMEM;
+    return AsanAllocator::FailureHandler::OnBadRequest();
+  }
   // pvalloc(0) should allocate one page.
   size = size ? RoundUpTo(size, PageSize) : PageSize;
   return SetErrnoOnNull(

Added: compiler-rt/trunk/test/asan/TestCases/Linux/pvalloc-overflow.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/pvalloc-overflow.cc?rev=310119&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/pvalloc-overflow.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/pvalloc-overflow.cc Fri Aug  4 13:28:59 2017
@@ -0,0 +1,41 @@
+// RUN: %clangxx_asan  %s -o %t
+// RUN: ASAN_OPTIONS=allocator_may_return_null=0 not %run %t m1 2>&1 | FileCheck %s
+// RUN: ASAN_OPTIONS=allocator_may_return_null=1     %run %t m1 2>&1
+// RUN: ASAN_OPTIONS=allocator_may_return_null=0 not %run %t psm1 2>&1 | FileCheck %s
+// RUN: ASAN_OPTIONS=allocator_may_return_null=1     %run %t psm1 2>&1
+
+// UNSUPPORTED: freebsd
+
+// Checks that pvalloc overflows are caught. If the allocator is allowed to
+// return null, the errno should be set to ENOMEM.
+
+#include <assert.h>
+#include <errno.h>
+#include <malloc.h>
+#include <stdint.h>
+#include <string.h>
+#include <unistd.h>
+
+int main(int argc, char *argv[]) {
+  void *p;
+  size_t page_size;
+
+  assert(argc == 2);
+
+  page_size = sysconf(_SC_PAGESIZE);
+
+  if (!strcmp(argv[1], "m1")) {
+    p = pvalloc((uintptr_t)-1);
+    assert(!p);
+    assert(errno == ENOMEM);
+  }
+  if (!strcmp(argv[1], "psm1")) {
+    p = pvalloc((uintptr_t)-(page_size - 1));
+    assert(!p);
+    assert(errno == ENOMEM);
+  }
+
+  return 0;
+}
+
+// CHECK: AddressSanitizer's allocator is terminating the process

More information about the llvm-commits mailing list