[compiler-rt] [scudo] Fix c wrappers double free test. (PR #148066)

Christopher Ferris via llvm-commits llvm-commits at lists.llvm.org
Thu Jul 10 15:05:21 PDT 2025 

https://github.com/cferris1000 created https://github.com/llvm/llvm-project/pull/148066

The previous test simply tried to double free the pointer in the EXPECT_DEATH macro. Unfortunately, the gtest infrastructure can allocate a pointer that happens to be the previously freed pointer. Thus the free doesn't fail since the spawned process does not attempt to free all of the pointers allocated in the original test.

NOTE: Scudo should be checked to make sure that the TSD is not always returning pointers in the same order they are freed. Although this appears to be a problem with a program that only does a small number of allocations.

>From 081dbbe25d20a87e7f15d1820822e45676bcab57 Mon Sep 17 00:00:00 2001
From: Christopher Ferris <cferris at google.com>
Date: Thu, 10 Jul 2025 14:51:26 -0700
Subject: [PATCH] [scudo] Fix c wrappers double free test.

The previous test simply tried to double free the pointer in the
EXPECT_DEATH macro. Unfortunately, the gtest infrastructure can
allocate a pointer that happens to be the previously freed pointer.
Thus the free doesn't fail since the spawned process does not attempt
to free all of the pointers allocated in the original test.

NOTE: Scudo should be checked to make sure that the TSD is not always
returning pointers in the same order they are freed. Although
this appears to be a problem with a program that only does a small
number of allocations.
---
 .../lib/scudo/standalone/tests/wrappers_c_test.cpp | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/compiler-rt/lib/scudo/standalone/tests/wrappers_c_test.cpp b/compiler-rt/lib/scudo/standalone/tests/wrappers_c_test.cpp
index f5e17d7214863..05065444a70c5 100644
--- a/compiler-rt/lib/scudo/standalone/tests/wrappers_c_test.cpp
+++ b/compiler-rt/lib/scudo/standalone/tests/wrappers_c_test.cpp
@@ -175,7 +175,19 @@ TEST_F(ScudoWrappersCDeathTest, Malloc) {
 
   free(P);
   verifyDeallocHookPtr(P);
-  EXPECT_DEATH(free(P), "");
+
+  // Verify a double free causes an abort.
+  // Don't simply free(P) since EXPECT_DEATH will do a number of
+  // allocations before creating a new process. There is a possibility
+  // that the previously freed P is reused, therefore, in the new
+  // process doing free(P) is not a double free.
+  EXPECT_DEATH(
+      {
+        void *Ptr = malloc(Size);
+        free(Ptr);
+        free(Ptr);
+      },
+      "");
 
   P = malloc(0U);
   EXPECT_NE(P, nullptr);

More information about the llvm-commits mailing list