[PATCH] D15008: [sanitizer] Fix a crash in SizeClassAllocator32 with an out-of-range pointer
Kuba Brecka via llvm-commits
llvm-commits at lists.llvm.org
Thu Nov 26 01:52:25 PST 2015
kubabrecka created this revision.
kubabrecka added reviewers: samsonov, glider, kcc, dvyukov.
kubabrecka added subscribers: llvm-commits, zaks.anna.
Herald added a subscriber: aemerson.
This only happens on a 64-bit platform that uses SizeClassAllocator32 (e.g. ASan on AArch64). When querying a large invalid pointer about its size, e.g. with:
__sanitizer_get_allocated_size(0xdeadbeefdeadbeef);
...an assertion will fail:
AddressSanitizer CHECK failed: .../sanitizer_allocator.h "((res)) < ((kNumPossibleRegions))"
This patch changes `PointerIsMine` to return false if the pointer is outside of [kSpaceBeg, kSpaceBeg + kSpaceSize).
http://reviews.llvm.org/D15008
Files:
lib/sanitizer_common/sanitizer_allocator.h
Index: lib/sanitizer_common/sanitizer_allocator.h
===================================================================
--- lib/sanitizer_common/sanitizer_allocator.h
+++ lib/sanitizer_common/sanitizer_allocator.h
@@ -749,6 +749,9 @@
}
bool PointerIsMine(const void *p) {
+ uptr mem = reinterpret_cast<uptr>(p);
+ if (mem < kSpaceBeg || mem >= kSpaceBeg + kSpaceSize)
+ return false;
return GetSizeClass(p) != 0;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D15008.41217.patch
Type: text/x-patch
Size: 442 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20151126/2d61b55d/attachment.bin>
More information about the llvm-commits
mailing list