[PATCH] D19691: [asan] Assert in __sanitizer_ptr_{sub, cmp} if one of the pointers was freed.

Filipe Cabecinhas via llvm-commits llvm-commits at lists.llvm.org
Fri Apr 29 13:43:31 PDT 2016 

This revision was automatically updated to reflect the committed changes.
Closed by commit rL268097: [asan] Assert in __sanitizer_ptr_{sub,cmp} if one of the pointers was freed. (authored by filcab).

Changed prior to commit:
  http://reviews.llvm.org/D19691?vs=55548&id=55659#toc

Repository:
  rL LLVM

http://reviews.llvm.org/D19691

Files:
  compiler-rt/trunk/lib/asan/asan_allocator.cc
  compiler-rt/trunk/lib/asan/asan_allocator.h
  compiler-rt/trunk/lib/asan/asan_report.cc
  compiler-rt/trunk/test/asan/TestCases/invalid-pointer-pairs.cc

Index: compiler-rt/trunk/test/asan/TestCases/invalid-pointer-pairs.cc
===================================================================
--- compiler-rt/trunk/test/asan/TestCases/invalid-pointer-pairs.cc
+++ compiler-rt/trunk/test/asan/TestCases/invalid-pointer-pairs.cc
@@ -0,0 +1,37 @@
+// RUN: %clangxx_asan -O0 %s -o %t -mllvm -asan-detect-invalid-pointer-pair
+
+// RUN: %env_asan_opts=detect_invalid_pointer_pairs=1 %run %t k 2>&1 | FileCheck %s -check-prefix=OK -allow-empty
+// RUN: %env_asan_opts=detect_invalid_pointer_pairs=1 not %run %t g 2>&1 | FileCheck %s -check-prefix=CMP -check-prefix=ALL-ERRORS
+// RUN: %env_asan_opts=detect_invalid_pointer_pairs=1 not %run %t s 2>&1 | FileCheck %s -check-prefix=SUB -check-prefix=ALL-ERRORS
+// RUN: %env_asan_opts=detect_invalid_pointer_pairs=1 not %run %t f 2>&1 | FileCheck %s -check-prefix=FREE -check-prefix=ALL-ERRORS
+
+#include <assert.h>
+#include <stdlib.h>
+
+int main(int argc, char **argv) {
+  // ALL-ERRORS: ERROR: AddressSanitizer: invalid-pointer-pair
+  // [[PTR1:0x[0-9a-f]+]] [[PTR2:0x[0-9a-f]+]]
+  assert(argc >= 2);
+  char *p = (char *)malloc(42);
+  char *q = (char *)malloc(42);
+  switch (argv[1][0]) {
+  case 'g':
+    // CMP: #0 {{.*}} in main {{.*}}invalid-pointer-pairs.cc:[[@LINE+1]]:14
+    return p > q;
+  case 's':
+    // SUB: #0 {{.*}} in main {{.*}}invalid-pointer-pairs.cc:[[@LINE+1]]:14
+    return p - q;
+  case 'k': {
+    // OK-NOT: ERROR
+    char *p2 = p + 20;
+    return p > p2;
+  }
+  case 'f': {
+    char *p3 = p + 20;
+    free(p);
+    // FREE: #0 {{.*}} in main {{.*}}invalid-pointer-pairs.cc:[[@LINE+2]]:14
+    // FREE: freed by thread
+    return p < p3;
+  }
+  }
+}
Index: compiler-rt/trunk/lib/asan/asan_allocator.cc
===================================================================
--- compiler-rt/trunk/lib/asan/asan_allocator.cc
+++ compiler-rt/trunk/lib/asan/asan_allocator.cc
@@ -665,6 +665,9 @@
 bool AsanChunkView::IsValid() {
   return chunk_ && chunk_->chunk_state != CHUNK_AVAILABLE;
 }
+bool AsanChunkView::IsAllocated() {
+  return chunk_ && chunk_->chunk_state == CHUNK_ALLOCATED;
+}
 uptr AsanChunkView::Beg() { return chunk_->Beg(); }
 uptr AsanChunkView::End() { return Beg() + UsedSize(); }
 uptr AsanChunkView::UsedSize() { return chunk_->UsedSize(); }
Index: compiler-rt/trunk/lib/asan/asan_allocator.h
===================================================================
--- compiler-rt/trunk/lib/asan/asan_allocator.h
+++ compiler-rt/trunk/lib/asan/asan_allocator.h
@@ -49,11 +49,12 @@
 class AsanChunkView {
  public:
   explicit AsanChunkView(AsanChunk *chunk) : chunk_(chunk) {}
-  bool IsValid();   // Checks if AsanChunkView points to a valid allocated
-                    // or quarantined chunk.
-  uptr Beg();       // First byte of user memory.
-  uptr End();       // Last byte of user memory.
-  uptr UsedSize();  // Size requested by the user.
+  bool IsValid();        // Checks if AsanChunkView points to a valid allocated
+                         // or quarantined chunk.
+  bool IsAllocated();    // Checks if the memory is currently allocated.
+  uptr Beg();            // First byte of user memory.
+  uptr End();            // Last byte of user memory.
+  uptr UsedSize();       // Size requested by the user.
   uptr AllocTid();
   uptr FreeTid();
   bool Eq(const AsanChunkView &c) const { return chunk_ == c.chunk_; }
Index: compiler-rt/trunk/lib/asan/asan_report.cc
===================================================================
--- compiler-rt/trunk/lib/asan/asan_report.cc
+++ compiler-rt/trunk/lib/asan/asan_report.cc
@@ -1012,10 +1012,10 @@
   uptr a2 = reinterpret_cast<uptr>(p2);
   AsanChunkView chunk1 = FindHeapChunkByAddress(a1);
   AsanChunkView chunk2 = FindHeapChunkByAddress(a2);
-  bool valid1 = chunk1.IsValid();
-  bool valid2 = chunk2.IsValid();
-  if ((valid1 != valid2) || (valid1 && valid2 && !chunk1.Eq(chunk2))) {
-    GET_CALLER_PC_BP_SP;                                              \
+  bool valid1 = chunk1.IsAllocated();
+  bool valid2 = chunk2.IsAllocated();
+  if (!valid1 || !valid2 || !chunk1.Eq(chunk2)) {
+    GET_CALLER_PC_BP_SP;
     return ReportInvalidPointerPair(pc, bp, sp, a1, a2);
   }
 }


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D19691.55659.patch
Type: text/x-patch
Size: 4202 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160429/3641ce00/attachment.bin>

More information about the llvm-commits mailing list