[compiler-rt] [msan] Add test for deferencing zero-sized malloc/calloc (PR #155934)
Thurston Dang via llvm-commits
llvm-commits at lists.llvm.org
Thu Aug 28 15:22:39 PDT 2025
https://github.com/thurstond updated https://github.com/llvm/llvm-project/pull/155934
>From 793f4723aaaa832e174dcbe23f74de529ec03fd2 Mon Sep 17 00:00:00 2001
From: Thurston Dang <thurston at google.com>
Date: Thu, 28 Aug 2025 22:19:35 +0000
Subject: [PATCH 1/2] [msan] Add test for deferencing zero-sized malloc/calloc
MSan fails to catch this, because 0-byte allocations are converted into
1-byte allocations.
Bug originally reported by dvyukov
---
compiler-rt/test/msan/zero_alloc.cpp | 37 ++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
create mode 100644 compiler-rt/test/msan/zero_alloc.cpp
diff --git a/compiler-rt/test/msan/zero_alloc.cpp b/compiler-rt/test/msan/zero_alloc.cpp
new file mode 100644
index 0000000000000..4b60c161efb36
--- /dev/null
+++ b/compiler-rt/test/msan/zero_alloc.cpp
@@ -0,0 +1,37 @@
+// RUN: %clang_msan -Wno-alloc-size -fsanitize-recover=memory %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// XFAIL: *
+
+#include <malloc.h>
+#include <stdio.h>
+
+int main(int argc, char **argv) {
+ {
+ char* p1 = (char*)calloc(1, 0);
+ printf ("p1 is %p\n", p1);
+ printf ("Content of p1 is: %d\n", *p1);
+ // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
+ // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]]
+ free(p1);
+ }
+
+ {
+ char* p2 = (char*)calloc(0, 1);
+ printf ("p2 is %p\n", p2);
+ printf ("Content of p2 is: %d\n", *p2);
+ // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
+ // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]]
+ free(p2);
+ }
+
+ {
+ char* p3 = (char*)malloc(0);
+ printf ("p3 is %p\n", p3);
+ printf ("Content of p2 is: %d\n", *p3);
+ // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
+ // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]]
+ free(p3);
+ }
+
+ return 0;
+}
>From 6276e55954d2c84cd68e68e9819b3216acc9be7b Mon Sep 17 00:00:00 2001
From: Thurston Dang <thurston at google.com>
Date: Thu, 28 Aug 2025 22:22:23 +0000
Subject: [PATCH 2/2] clang-format
---
compiler-rt/test/msan/zero_alloc.cpp | 36 ++++++++++++++--------------
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/compiler-rt/test/msan/zero_alloc.cpp b/compiler-rt/test/msan/zero_alloc.cpp
index 4b60c161efb36..6a3ce26e256b7 100644
--- a/compiler-rt/test/msan/zero_alloc.cpp
+++ b/compiler-rt/test/msan/zero_alloc.cpp
@@ -7,30 +7,30 @@
int main(int argc, char **argv) {
{
- char* p1 = (char*)calloc(1, 0);
- printf ("p1 is %p\n", p1);
- printf ("Content of p1 is: %d\n", *p1);
- // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
- // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]]
- free(p1);
+ char *p1 = (char *)calloc(1, 0);
+ printf("p1 is %p\n", p1);
+ printf("Content of p1 is: %d\n", *p1);
+ // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
+ // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]]
+ free(p1);
}
{
- char* p2 = (char*)calloc(0, 1);
- printf ("p2 is %p\n", p2);
- printf ("Content of p2 is: %d\n", *p2);
- // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
- // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]]
- free(p2);
+ char *p2 = (char *)calloc(0, 1);
+ printf("p2 is %p\n", p2);
+ printf("Content of p2 is: %d\n", *p2);
+ // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
+ // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]]
+ free(p2);
}
{
- char* p3 = (char*)malloc(0);
- printf ("p3 is %p\n", p3);
- printf ("Content of p2 is: %d\n", *p3);
- // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
- // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]]
- free(p3);
+ char *p3 = (char *)malloc(0);
+ printf("p3 is %p\n", p3);
+ printf("Content of p2 is: %d\n", *p3);
+ // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
+ // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]]
+ free(p3);
}
return 0;
More information about the llvm-commits
mailing list