[PATCH] D137352: [scudo] Detect double free when running with MTE.
Peter Collingbourne via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Nov 10 11:07:40 PST 2022
pcc added inline comments.
================
Comment at: compiler-rt/lib/scudo/standalone/combined.h:565
+ // byte with a correctly tagged pointer. Skip zero-sized allocations that do
+ // not always store the correct tag value anywhere.
const uptr Size = getSize(Ptr, &Header);
----------------
eugenis wrote:
> pcc wrote:
> > For zero-sized allocations I'd expect the correct allocation tag to be stored in the first byte of the granule. It may be simpler to say that we skip this for zero-sized allocations because it is not expected to succeed even for valid allocations.
> Not always - ex. zero size, 32 byte aligned allocation in a 32-byte size class will end up with header at offset 16 in the block, payload at offset 32, and no space to store the tag. We could bump the allocated size a little to handle this case, but I don't know if it is worth it. It will also make the deallocation logic more costly.
>
> I've benchmarked the current change and could not see any overhead.
Oh right, I forgot about that case. So can we add this example to the comment?
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D137352/new/
https://reviews.llvm.org/D137352
More information about the llvm-commits
mailing list