[compiler-rt] 8784dce - [msan] Detect dereferencing zero-alloc as use-of-uninitialized-value (#155944)

via llvm-commits llvm-commits at lists.llvm.org
Fri Aug 29 10:19:42 PDT 2025 

Author: Thurston Dang
Date: 2025-08-29T10:19:38-07:00
New Revision: 8784dcef3485a3862e5cacc9e18c646d0225483b

URL: https://github.com/llvm/llvm-project/commit/8784dcef3485a3862e5cacc9e18c646d0225483b
DIFF: https://github.com/llvm/llvm-project/commit/8784dcef3485a3862e5cacc9e18c646d0225483b.diff

LOG: [msan] Detect dereferencing zero-alloc as use-of-uninitialized-value (#155944)

When a zero-byte allocation is requested, MSan actually allocates 1-byte
for compatibility. This change poisons that byte, to detect
dereferences.

Also updates the test from #155934

Added: 
    

Modified: 
    compiler-rt/lib/msan/msan_allocator.cpp
    compiler-rt/test/msan/zero_alloc.cpp

Removed: 
    


################################################################################
diff  --git a/compiler-rt/lib/msan/msan_allocator.cpp b/compiler-rt/lib/msan/msan_allocator.cpp
index 2b543db49d36e..64df863839c06 100644
--- a/compiler-rt/lib/msan/msan_allocator.cpp
+++ b/compiler-rt/lib/msan/msan_allocator.cpp
@@ -230,6 +230,12 @@ static void *MsanAllocate(BufferedStackTrace *stack, uptr size, uptr alignment,
       __msan_set_origin(allocated, size, o.raw_id());
     }
   }
+
+  uptr actually_allocated_size = allocator.GetActuallyAllocatedSize(allocated);
+  // For compatibility, the allocator converted 0-sized allocations into 1 byte
+  if (size == 0 && actually_allocated_size > 0 && flags()->poison_in_malloc)
+    __msan_poison(allocated, 1);
+
   UnpoisonParam(2);
   RunMallocHooks(allocated, size);
   return allocated;

diff  --git a/compiler-rt/test/msan/zero_alloc.cpp b/compiler-rt/test/msan/zero_alloc.cpp
index e60051872eba2..6e38ce4c0a8f8 100644
--- a/compiler-rt/test/msan/zero_alloc.cpp
+++ b/compiler-rt/test/msan/zero_alloc.cpp
@@ -1,9 +1,5 @@
 // RUN: %clang_msan -Wno-alloc-size -fsanitize-recover=memory %s -o %t && not %run %t 2>&1 | FileCheck %s
 
-// MSan doesn't catch this because internally it translates 0-byte allocations
-// into 1-byte
-// XFAIL: *
-
 #include <malloc.h>
 #include <stdio.h>

More information about the llvm-commits mailing list