[PATCH] D15008: [sanitizer] Fix a crash in SizeClassAllocator32 with an out-of-range pointer

Dmitry Vyukov via llvm-commits llvm-commits at lists.llvm.org
Mon Nov 30 06:14:17 PST 2015


dvyukov added inline comments.

================
Comment at: lib/sanitizer_common/sanitizer_allocator.h:753
@@ +752,3 @@
+    uptr mem = reinterpret_cast<uptr>(p);
+    if (mem < kSpaceBeg || mem >= kSpaceBeg + kSpaceSize)
+      return false;
----------------
The condition in GetSizeClass->ComputeRegionId is different. It effectively checks that mem < kSpaceSize.
At least ComputeRegionId assumes that kSpaceBeg==0. We seem to be missing some tests.
Kostya?



http://reviews.llvm.org/D15008





More information about the llvm-commits mailing list