[PATCH] D109409: Fix `asan/TestCases/Darwin/scrible.cpp` to work on platforms where `long` is not 64-bits.
Dan Liew via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Sep 7 18:31:32 PDT 2021
delcypher created this revision.
delcypher added reviewers: aralisza, yln, kubamracek.
Herald added a subscriber: kristof.beyls.
delcypher requested review of this revision.
Herald added a project: Sanitizers.
Herald added a subscriber: Sanitizers.
Previously the test was failing on platforms where `long` was less than
64-bits wide (e.g. older WatchOS simulators and arm64_32) because the
`padding` field was too small.
The test currently relies on the `my_object->isa` being scribbled or
left unmodified after `my_object` is freed. However, this was not the
case because the `isa` pointer intersected with
`ChunkHeader::free_context_id`. `free_context_id` starts at the
beginning of user memory but it only initialized once the memory is
freed. This caused the `isa` pointer to change after it was freed
leading to the test crashing.
To fix this the `padding` field has been made explicitly 64-bits wide
(same size as `ChunkHeader::free_context_id`).
rdar://75806757
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D109409
Files:
compiler-rt/test/asan/TestCases/Darwin/scribble.cpp
Index: compiler-rt/test/asan/TestCases/Darwin/scribble.cpp
===================================================================
--- compiler-rt/test/asan/TestCases/Darwin/scribble.cpp
+++ compiler-rt/test/asan/TestCases/Darwin/scribble.cpp
@@ -13,7 +13,14 @@
};
struct MyClass {
- long padding;
+ // User memory and `ChunkHeader` overlap. In particular the `free_context_id`
+ // is stored at the beginning of user memory when it is freed. That part of
+ // user memory is not scribbled and is changed when the memory is freed. This
+ // test relies on `isa` being scribbled or unmodified after memory is freed.
+ // In order for this to work the start of `isa` must come after whatever is in
+ // `ChunkHeader` (currently the 64-bit `free_context_id`). The padding here is
+ // to ensure this is the case.
+ uint64_t padding;
Isa *isa;
long data;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D109409.371230.patch
Type: text/x-patch
Size: 868 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20210908/08ba7ce8/attachment.bin>
More information about the llvm-commits
mailing list