[PATCH] D70552: [scudo][standalone] Fix for releaseToOS prior to init

Kostya Kortchinsky via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Nov 21 11:00:07 PST 2019 

cryptoad created this revision.
cryptoad added reviewers: hctim, cferris, pcc, eugenis.
Herald added projects: Sanitizers, LLVM.
Herald added a subscriber: Sanitizers.

cferris@ found an issue where calling `releaseToOS` prior to any other
heap operation would lead to a crash, due to the allocator not being
properly initialized (it was discovered via `mallopt`).

The fix is to call `initThreadMaybe` prior to calling `releaseToOS` for
the Primary.

Add a test that crashes prior to fix.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D70552

Files:
  compiler-rt/lib/scudo/standalone/combined.h
  compiler-rt/lib/scudo/standalone/tests/combined_test.cpp


Index: compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
===================================================================
--- compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
+++ compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
@@ -279,3 +279,18 @@
   EXPECT_DEATH(Allocator->reallocate(P, Size * 2U), "");
   EXPECT_DEATH(Allocator->getUsableSize(P), "");
 }
+
+// Ensure that releaseToOS can be called prior to any other allocator
+// operation without issue.
+TEST(ScudoCombinedTest, ReleaseToOS) {
+  using AllocatorT = scudo::Allocator<DeathConfig>;
+  auto Deleter = [](AllocatorT *A) {
+    A->unmapTestOnly();
+    delete A;
+  };
+  std::unique_ptr<AllocatorT, decltype(Deleter)> Allocator(new AllocatorT,
+                                                           Deleter);
+  Allocator->reset();
+
+  Allocator->releaseToOS();
+}
Index: compiler-rt/lib/scudo/standalone/combined.h
===================================================================
--- compiler-rt/lib/scudo/standalone/combined.h
+++ compiler-rt/lib/scudo/standalone/combined.h
@@ -402,7 +402,10 @@
     Str.output();
   }
 
-  void releaseToOS() { Primary.releaseToOS(); }
+  void releaseToOS() {
+    initThreadMaybe();
+    Primary.releaseToOS();
+  }
 
   // Iterate over all chunks and call a callback for all busy chunks located
   // within the provided memory range. Said callback must not use this allocator


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D70552.230497.patch
Type: text/x-patch
Size: 1422 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20191121/453df1e4/attachment.bin>

More information about the llvm-commits mailing list