[compiler-rt] [msan] Detect dereferencing zero-alloc as use-of-uninitialized-value (PR #155944)
Thurston Dang via llvm-commits
llvm-commits at lists.llvm.org
Fri Aug 29 17:49:01 PDT 2025
================
@@ -230,6 +230,12 @@ static void *MsanAllocate(BufferedStackTrace *stack, uptr size, uptr alignment,
__msan_set_origin(allocated, size, o.raw_id());
}
}
+
+ uptr actually_allocated_size = allocator.GetActuallyAllocatedSize(allocated);
----------------
thurstond wrote:
It would be expensive to do the extra poisoning. The main advantage is it would provide a small amount of buffer overflow protection, but that is outside the scope of MSan. If users want to reliably detect buffer overflows, they should use ASan/HWASan/MTE.
MSan gives no guarantees about:
```
char *p = malloc(12); // Allocator actually allocates 16 bytes
printf ("%d\n", p[100]); // Whether MSan catches this or not depends on which memory it reuses
```
There's no particular reason it should care about `p[12]` or `p[15]` either, which are allocated only because of the nuances of the sanitizer allocator's size classes.
https://github.com/llvm/llvm-project/pull/155944
More information about the llvm-commits
mailing list