[PATCH] D85389: Fix bug where we request a shadow memory one page larger than necessary.

Dan Liew via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Wed Aug 5 18:43:12 PDT 2020 

delcypher created this revision.
delcypher added reviewers: kubamracek, yln.
Herald added a project: Sanitizers.
Herald added a subscriber: Sanitizers.
delcypher requested review of this revision.

The passed in `space_size` had `left_padding` added to it.
This is wrong because in the implementation `FindAvailableMemoryRange`
the computed size of the found region has the `left_padding` subtracted
(possibly more due to alignment) already.

Here's the relevant snippet from `FindAvailableMemoryRange`.

  // We found a free region [free_begin..address-1].
  uptr gap_start = RoundUpTo((uptr)free_begin + left_padding, alignment);
  uptr gap_end = RoundDownTo((uptr)address, alignment);
  uptr gap_size = gap_end > gap_start ? gap_end - gap_start : 0;
  	if (size < gap_size) {
  	return gap_start;
  	}

In the size comparison (`size < gap_size`) `gap_size` doesn't
include padding so `size` shouldn't either.

rdar://problem/66603866


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D85389

Files:
  compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp


Index: compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
===================================================================
--- compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
+++ compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp
@@ -1137,7 +1137,7 @@
   const uptr left_padding =
       Max<uptr>(granularity, 1ULL << min_shadow_base_alignment);
 
-  uptr space_size = shadow_size_bytes + left_padding;
+  uptr space_size = shadow_size_bytes;
 
   uptr largest_gap_found = 0;
   uptr max_occupied_addr = 0;
@@ -1162,7 +1162,7 @@
     }
     RestrictMemoryToMaxAddress(new_max_vm);
     high_mem_end = new_max_vm - 1;
-    space_size = (high_mem_end >> shadow_scale) + left_padding;
+    space_size = (high_mem_end >> shadow_scale);
     VReport(2, "FindDynamicShadowStart, space_size = %p\n", space_size);
     shadow_start = FindAvailableMemoryRange(space_size, alignment, left_padding,
                                             nullptr, nullptr);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D85389.283467.patch
Type: text/x-patch
Size: 959 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200806/19d4cd69/attachment.bin>

More information about the llvm-commits mailing list