[compiler-rt] 4399f3b - [TSan][Darwin] Make malloc_size interceptor more robust

Julian Lettner via llvm-commits llvm-commits at lists.llvm.org
Fri Dec 17 15:38:22 PST 2021 

Author: Julian Lettner
Date: 2021-12-17T15:38:08-08:00
New Revision: 4399f3b6b0df2aa2c57e4a3049f5494b53f6921c

URL: https://github.com/llvm/llvm-project/commit/4399f3b6b0df2aa2c57e4a3049f5494b53f6921c
DIFF: https://github.com/llvm/llvm-project/commit/4399f3b6b0df2aa2c57e4a3049f5494b53f6921c.diff

LOG: [TSan][Darwin] Make malloc_size interceptor more robust

Previously we would crash in the TSan runtime if the user program passes
a pointer to `malloc_size()` that doesn't point into app memory.

In these cases, `malloc_size()` should return 0.

For ASan, we fixed a similar issue here:
https://reviews.llvm.org/D15008

Radar-Id: rdar://problem/86213149

Differential Revision: https://reviews.llvm.org/D115947

Added: 
    

Modified: 
    compiler-rt/lib/tsan/rtl/tsan_mman.cpp
    compiler-rt/test/tsan/Darwin/malloc_size.mm

Removed: 
    


################################################################################
diff  --git a/compiler-rt/lib/tsan/rtl/tsan_mman.cpp b/compiler-rt/lib/tsan/rtl/tsan_mman.cpp
index 8db2275c10561..7a72efb12263a 100644
--- a/compiler-rt/lib/tsan/rtl/tsan_mman.cpp
+++ b/compiler-rt/lib/tsan/rtl/tsan_mman.cpp
@@ -364,7 +364,7 @@ void *user_pvalloc(ThreadState *thr, uptr pc, uptr sz) {
 }
 
 uptr user_alloc_usable_size(const void *p) {
-  if (p == 0)
+  if (p == 0 || !IsAppMem((uptr)p))
     return 0;
   MBlock *b = ctx->metamap.GetBlock((uptr)p);
   if (!b)

diff  --git a/compiler-rt/test/tsan/Darwin/malloc_size.mm b/compiler-rt/test/tsan/Darwin/malloc_size.mm
index 485d85bba4f81..bb222c1c662a4 100644
--- a/compiler-rt/test/tsan/Darwin/malloc_size.mm
+++ b/compiler-rt/test/tsan/Darwin/malloc_size.mm
@@ -1,4 +1,5 @@
 // Test that malloc_zone_from_ptr returns a valid zone for a 0-sized allocation.
+// Test that malloc_size does not crash for an invalid pointer.
 
 // RUN: %clang_tsan %s -o %t -framework Foundation
 // RUN: %run %t 2>&1 | FileCheck %s
@@ -54,4 +55,13 @@ int main() {
   // CHECK: size = 0x0
   describe_zone(p);
   // CHECK: zone = no zone
+
+  p = (void *)0x42;  // invalid pointer
+  s = malloc_size(p);
+  fprintf(stderr, "size = 0x%zx\n", s);
+  // CHECK: size = 0x0
+  describe_zone(p);
+  // CHECK: zone = no zone
+
+  return 0;
 }

More information about the llvm-commits mailing list