[compiler-rt] r289376 - [sanitizer] Make sure libmalloc doesn't remove the sanitizer zone from malloc_zones[0]

Kuba Mracek via llvm-commits llvm-commits at lists.llvm.org
Sun Dec 11 00:45:37 PST 2016 

Author: kuba.brecka
Date: Sun Dec 11 02:45:36 2016
New Revision: 289376

URL: http://llvm.org/viewvc/llvm-project?rev=289376&view=rev
Log:
[sanitizer] Make sure libmalloc doesn't remove the sanitizer zone from malloc_zones[0]

In certain OS versions, it was possible that libmalloc replaced the sanitizer zone from being the default zone (i.e. being in malloc_zones[0]). This patch introduces a failsafe that makes sure we always stay the default zone. No testcase for this, because this doesn't reproduce under normal circumstances.

Differential Revision: https://reviews.llvm.org/D27083


Modified:
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_malloc_mac.inc

Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_malloc_mac.inc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_malloc_mac.inc?rev=289376&r1=289375&r2=289376&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_malloc_mac.inc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_malloc_mac.inc Sun Dec 11 02:45:36 2016
@@ -62,6 +62,29 @@ INTERCEPTOR(void, malloc_destroy_zone, m
   COMMON_MALLOC_FREE(zone);
 }
 
+extern unsigned malloc_num_zones;
+extern malloc_zone_t **malloc_zones;
+
+// We need to make sure that sanitizer_zone is registered as malloc_zones[0]. If
+// libmalloc tries to set up a different zone as malloc_zones[0], it will call
+// mprotect(malloc_zones, ..., PROT_READ).  This interceptor will catch that and
+// make sure we are still the first (default) zone.
+INTERCEPTOR(int, mprotect, void *addr, size_t len, int prot) {
+  if (addr == malloc_zones && prot == PROT_READ) {
+    if (malloc_num_zones > 1 && malloc_zones[0] != &sanitizer_zone) {
+      for (unsigned i = 1; i < malloc_num_zones; i++) {
+        if (malloc_zones[i] == &sanitizer_zone) {
+          // Swap malloc_zones[0] and malloc_zones[i].
+          malloc_zones[i] = malloc_zones[0];
+          malloc_zones[0] = &sanitizer_zone;
+          break;
+        }
+      }
+    }
+  }
+  return REAL(mprotect)(addr, len, prot);
+}
+
 INTERCEPTOR(malloc_zone_t *, malloc_default_zone, void) {
   COMMON_MALLOC_ENTER();
   return &sanitizer_zone;

More information about the llvm-commits mailing list