[PATCH] D15008: [sanitizer] Fix a crash in SizeClassAllocator32 with an out-of-range pointer

Mon May 2 08:28:58 PDT 2016

This revision was automatically updated to reflect the committed changes.
Closed by commit rL268243: [sanitizer] Fix a crash in SizeClassAllocator32 with an out-of-range pointer (authored by kuba.brecka).

Changed prior to commit:
  http://reviews.llvm.org/D15008?vs=55819&id=55824#toc

Repository:
  rL LLVM

http://reviews.llvm.org/D15008

Files:
  compiler-rt/trunk/lib/sanitizer_common/sanitizer_allocator.h
  compiler-rt/trunk/test/asan/TestCases/Darwin/malloc_size_crash.mm

Index: compiler-rt/trunk/test/asan/TestCases/Darwin/malloc_size_crash.mm
===================================================================

--- compiler-rt/trunk/test/asan/TestCases/Darwin/malloc_size_crash.mm
+++ compiler-rt/trunk/test/asan/TestCases/Darwin/malloc_size_crash.mm
@@ -0,0 +1,15 @@
+// RUN: %clang_asan %s -o %t -framework Foundation
+// RUN: %run %t 2>&1 | FileCheck %s
+
+#import <Foundation/Foundation.h>
+#include <malloc/malloc.h>
+
+int main(int argc, char *argv[]) {
+  id obj = @0;
+  fprintf(stderr, "obj = %p\n", obj);
+  size_t size = malloc_size(obj);
+  fprintf(stderr, "size = 0x%zx\n", size);
+  fprintf(stderr, "Done.\n");
+  // CHECK: Done.
+  return 0;
+}
Index: compiler-rt/trunk/lib/sanitizer_common/sanitizer_allocator.h
===================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_allocator.h
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_allocator.h
@@ -769,6 +769,9 @@
   }
 
   bool PointerIsMine(const void *p) {
+    uptr mem = reinterpret_cast<uptr>(p);
+    if (mem < kSpaceBeg || mem >= kSpaceBeg + kSpaceSize)
+      return false;
     return GetSizeClass(p) != 0;
   }
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D15008.55824.patch
Type: text/x-patch
Size: 1186 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160502/f9b00ca8/attachment.bin>
