[compiler-rt] [compiler-rt] [sanitizer] avoid UB in allocator (PR #126977)
via llvm-commits
llvm-commits at lists.llvm.org
Wed Feb 12 13:49:51 PST 2025
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-compiler-rt-sanitizer
Author: Florian Mayer (fmayer)
<details>
<summary>Changes</summary>
---
Full diff: https://github.com/llvm/llvm-project/pull/126977.diff
1 Files Affected:
- (modified) compiler-rt/lib/sanitizer_common/sanitizer_allocator_local_cache.h (+4-1)
``````````diff
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_allocator_local_cache.h b/compiler-rt/lib/sanitizer_common/sanitizer_allocator_local_cache.h
index e495c56f03775..b67529fdeb5ff 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_allocator_local_cache.h
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_allocator_local_cache.h
@@ -166,7 +166,10 @@ struct SizeClassAllocator32LocalCache {
DCHECK_GT(c->count, 0);
}
void *res = c->batch[--c->count];
- PREFETCH(c->batch[c->count - 1]);
+ // By not doing pointer arithmetic, we avoid the OOB if c->count = 0.
+ // We just prefetch the previous member of the PerClass struct, which
+ // doesn't do harm.
+ PREFETCH(reinterpret_cast<uptr>(c->batch) + sizeof(c->batch[0])* (c->count - 1));
stats_.Add(AllocatorStatAllocated, c->class_size);
return res;
}
``````````
</details>
https://github.com/llvm/llvm-project/pull/126977
More information about the llvm-commits
mailing list