[compiler-rt] r282913 - [scudo] Fix an edge case in the secondary allocator

Kostya Kortchinsky via llvm-commits llvm-commits at lists.llvm.org
Fri Sep 30 12:57:21 PDT 2016 

Author: cryptoad
Date: Fri Sep 30 14:57:21 2016
New Revision: 282913

URL: http://llvm.org/viewvc/llvm-project?rev=282913&view=rev
Log:
[scudo] Fix an edge case in the secondary allocator

Summary:
s/CHECK_LT/CHECK_LE/ in the secondary allocator, as under certain circumstances
Ptr + Size can be equal to MapEnd. This edge case was not found by the current
tests, so those were extended to be able to catch that.

Reviewers: kcc

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D25101

Modified:
    compiler-rt/trunk/lib/scudo/scudo_allocator.cpp
    compiler-rt/trunk/lib/scudo/scudo_allocator_secondary.h
    compiler-rt/trunk/lib/scudo/scudo_utils.cpp
    compiler-rt/trunk/test/scudo/malloc.cpp
    compiler-rt/trunk/test/scudo/memalign.cpp
    compiler-rt/trunk/test/scudo/realloc.cpp

Modified: compiler-rt/trunk/lib/scudo/scudo_allocator.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/scudo/scudo_allocator.cpp?rev=282913&r1=282912&r2=282913&view=diff
==============================================================================
--- compiler-rt/trunk/lib/scudo/scudo_allocator.cpp (original)
+++ compiler-rt/trunk/lib/scudo/scudo_allocator.cpp Fri Sep 30 14:57:21 2016
@@ -81,9 +81,9 @@ struct UnpackedHeader {
   u8  Unused_0_     : 4;
   // 2nd 8 bytes
   u64 Offset        : 20; // Offset from the beginning of the backend
-                          // allocation to the beginning chunk itself, in
-                          // multiples of MinAlignment. See comment about its
-                          // maximum value and test in init().
+                          // allocation to the beginning of the chunk itself,
+                          // in multiples of MinAlignment. See comment about
+                          // its maximum value and test in init().
   u64 Unused_1_     : 28;
   u16 Salt          : 16;
 };

Modified: compiler-rt/trunk/lib/scudo/scudo_allocator_secondary.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/scudo/scudo_allocator_secondary.h?rev=282913&r1=282912&r2=282913&view=diff
==============================================================================
--- compiler-rt/trunk/lib/scudo/scudo_allocator_secondary.h (original)
+++ compiler-rt/trunk/lib/scudo/scudo_allocator_secondary.h Fri Sep 30 14:57:21 2016
@@ -42,7 +42,7 @@ class ScudoLargeMmapAllocator {
     uptr Ptr = MapBeg + sizeof(SecondaryHeader);
     // TODO(kostyak): add a random offset to Ptr.
     CHECK_GT(Ptr + Size, MapBeg);
-    CHECK_LT(Ptr + Size, MapEnd);
+    CHECK_LE(Ptr + Size, MapEnd);
     SecondaryHeader *Header = getHeader(Ptr);
     Header->MapBeg = MapBeg - PageSize;
     Header->MapSize = MapSize + 2 * PageSize;

Modified: compiler-rt/trunk/lib/scudo/scudo_utils.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/scudo/scudo_utils.cpp?rev=282913&r1=282912&r2=282913&view=diff
==============================================================================
--- compiler-rt/trunk/lib/scudo/scudo_utils.cpp (original)
+++ compiler-rt/trunk/lib/scudo/scudo_utils.cpp Fri Sep 30 14:57:21 2016
@@ -34,8 +34,8 @@ namespace __scudo {
 
 FORMAT(1, 2)
 void NORETURN dieWithMessage(const char *Format, ...) {
-  // Our messages are tiny, 128 characters is more than enough.
-  char Message[128];
+  // Our messages are tiny, 256 characters is more than enough.
+  char Message[256];
   va_list Args;
   va_start(Args, Format);
   __sanitizer::VSNPrintf(Message, sizeof(Message), Format, Args);

Modified: compiler-rt/trunk/test/scudo/malloc.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/scudo/malloc.cpp?rev=282913&r1=282912&r2=282913&view=diff
==============================================================================
--- compiler-rt/trunk/test/scudo/malloc.cpp (original)
+++ compiler-rt/trunk/test/scudo/malloc.cpp Fri Sep 30 14:57:21 2016
@@ -8,20 +8,24 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include <vector>
+
 int main(int argc, char **argv)
 {
   void *p;
-  size_t size = 1U << 8;
+  std::vector<size_t> sizes{1, 1 << 5, 1 << 10, 1 << 15, 1 << 20};
 
-  p = malloc(size);
-  if (!p)
-    return 1;
-  memset(p, 'A', size);
-  free(p);
   p = malloc(0);
   if (!p)
     return 1;
   free(p);
+  for (size_t size : sizes) {
+    p = malloc(size);
+    if (!p)
+      return 1;
+    memset(p, 'A', size);
+    free(p);
+  }
 
   return 0;
 }

Modified: compiler-rt/trunk/test/scudo/memalign.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/scudo/memalign.cpp?rev=282913&r1=282912&r2=282913&view=diff
==============================================================================
--- compiler-rt/trunk/test/scudo/memalign.cpp (original)
+++ compiler-rt/trunk/test/scudo/memalign.cpp Fri Sep 30 14:57:21 2016
@@ -15,17 +15,13 @@ extern "C" void *aligned_alloc (size_t a
 
 int main(int argc, char **argv)
 {
-  void *p;
+  void *p = nullptr;
   size_t alignment = 1U << 12;
-  size_t size = alignment;
+  size_t size = 1U << 12;
 
   assert(argc == 2);
+
   if (!strcmp(argv[1], "valid")) {
-    p = memalign(alignment, size);
-    if (!p)
-      return 1;
-    free(p);
-    p = nullptr;
     posix_memalign(&p, alignment, size);
     if (!p)
       return 1;
@@ -34,6 +30,19 @@ int main(int argc, char **argv)
     if (!p)
       return 1;
     free(p);
+    // Tests various combinations of alignment and sizes
+    for (int i = 4; i < 20; i++) {
+      alignment = 1U << i;
+      for (int j = 1; j < 33; j++) {
+        size = 0x800 * j;
+        for (int k = 0; k < 3; k++) {
+          p = memalign(alignment, size - (16 * k));
+          if (!p)
+            return 1;
+          free(p);
+        }
+      }
+    }
   }
   if (!strcmp(argv[1], "invalid")) {
     p = memalign(alignment - 1, size);

Modified: compiler-rt/trunk/test/scudo/realloc.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/scudo/realloc.cpp?rev=282913&r1=282912&r2=282913&view=diff
==============================================================================
--- compiler-rt/trunk/test/scudo/realloc.cpp (original)
+++ compiler-rt/trunk/test/scudo/realloc.cpp Fri Sep 30 14:57:21 2016
@@ -20,7 +20,7 @@ int main(int argc, char **argv)
 {
   void *p, *old_p;
   // Those sizes will exercise both allocators (Primary & Secondary).
-  std::vector<size_t> sizes{1 << 5, 1 << 17};
+  std::vector<size_t> sizes{1, 1 << 5, 1 << 10, 1 << 15, 1 << 20};
 
   assert(argc == 2);
   for (size_t size : sizes) {
@@ -30,7 +30,8 @@ int main(int argc, char **argv)
         return 1;
       size = malloc_usable_size(p);
       // Our realloc implementation will return the same pointer if the size
-      // requested is lower or equal to the usable size of the associated chunk.
+      // requested is lower than or equal to the usable size of the associated
+      // chunk.
       p = realloc(p, size - 1);
       if (p != old_p)
         return 1;

More information about the llvm-commits mailing list