[compiler-rt] r340593 - [hwasan] implement detection of realloc-after-free

Kostya Serebryany via llvm-commits llvm-commits at lists.llvm.org
Thu Aug 23 18:44:18 PDT 2018 

Author: kcc
Date: Thu Aug 23 18:44:17 2018
New Revision: 340593

URL: http://llvm.org/viewvc/llvm-project?rev=340593&view=rev
Log:
[hwasan] implement detection of realloc-after-free

Added:
    compiler-rt/trunk/test/hwasan/TestCases/realloc-after-free.c
Modified:
    compiler-rt/trunk/lib/hwasan/hwasan_allocator.cc

Modified: compiler-rt/trunk/lib/hwasan/hwasan_allocator.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/hwasan/hwasan_allocator.cc?rev=340593&r1=340592&r2=340593&view=diff
==============================================================================
--- compiler-rt/trunk/lib/hwasan/hwasan_allocator.cc (original)
+++ compiler-rt/trunk/lib/hwasan/hwasan_allocator.cc Thu Aug 23 18:44:17 2018
@@ -186,9 +186,10 @@ void HwasanDeallocate(StackTrace *stack,
   CHECK(user_ptr);
   HWASAN_FREE_HOOK(user_ptr);
 
-  void *p = GetAddressFromPointer(user_ptr);
   if (!PointerAndMemoryTagsMatch(user_ptr))
     ReportInvalidFree(stack, reinterpret_cast<uptr>(user_ptr));
+
+  void *p = GetAddressFromPointer(user_ptr);
   Metadata *meta = reinterpret_cast<Metadata *>(allocator.GetMetaData(p));
   uptr size = meta->requested_size;
   meta->state = CHUNK_FREE;
@@ -220,6 +221,9 @@ void *HwasanReallocate(StackTrace *stack
   alignment = Max(alignment, kShadowAlignment);
   new_size = RoundUpTo(new_size, kShadowAlignment);
 
+  if (!PointerAndMemoryTagsMatch(user_old_p))
+    ReportInvalidFree(stack, reinterpret_cast<uptr>(user_old_p));
+
   void *old_p = GetAddressFromPointer(user_old_p);
   Metadata *meta = reinterpret_cast<Metadata*>(allocator.GetMetaData(old_p));
   uptr old_size = meta->requested_size;

Added: compiler-rt/trunk/test/hwasan/TestCases/realloc-after-free.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/hwasan/TestCases/realloc-after-free.c?rev=340593&view=auto
==============================================================================
--- compiler-rt/trunk/test/hwasan/TestCases/realloc-after-free.c (added)
+++ compiler-rt/trunk/test/hwasan/TestCases/realloc-after-free.c Thu Aug 23 18:44:17 2018
@@ -0,0 +1,28 @@
+// RUN: %clang_hwasan %s -o %t
+// RUN: not %run %t 50 2>&1 | FileCheck %s
+// RUN: not %run %t 40 2>&1 | FileCheck %s
+// RUN: not %run %t 30 2>&1 | FileCheck %s
+
+// REQUIRES: stable-runtime
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <sanitizer/hwasan_interface.h>
+
+int main(int argc, char **argv) {
+  __hwasan_enable_allocator_tagging();
+  if (argc != 2) return 0;
+  int realloc_size = atoi(argv[1]);
+  char * volatile x = (char*)malloc(40);
+  free(x);
+  x = realloc(x, realloc_size);
+// CHECK: ERROR: HWAddressSanitizer: invalid-free on address
+// CHECK: tags: [[PTR_TAG:..]]/[[MEM_TAG:..]] (ptr/mem)
+// CHECK: freed here:
+// CHECK: previously allocated here:
+// CHECK: Memory tags around the buggy address (one tag corresponds to 16 bytes):
+// CHECK: =>{{.*}}[[MEM_TAG]]
+  fprintf(stderr, "DONE\n");
+  __hwasan_disable_allocator_tagging();
+// CHECK-NOT: DONE
+}

More information about the llvm-commits mailing list