[compiler-rt] [asan] Detect dereferencing zero-alloc as heap buffer overflow (PR #155943)

Martin Storsjö via llvm-commits llvm-commits at lists.llvm.org
Sat Aug 30 14:12:07 PDT 2025 

mstorsjo wrote:

This change broke `test\asan\TestCases\Windows\heaprealloc_alloc_zero.cpp` on 32 bit Windows - see https://github.com/mstorsjo/llvm-mingw/actions/runs/17337326265/job/49243607453:

```
# error: command failed with exit status: 1
# executed command: FileCheck 'D:\a\llvm-mingw\llvm-mingw\llvm-project\compiler-rt\test\asan\TestCases\Windows\heaprealloc_alloc_zero.cpp'
# .---command stderr------------
# | D:\a\llvm-mingw\llvm-mingw\llvm-project\compiler-rt\test\asan\TestCases\Windows\heaprealloc_alloc_zero.cpp:56:15: error: CHECK-NOT: excluded string found in input
# | // CHECK-NOT: heap-buffer-overflow
# |               ^
# | <stdin>:3:34: note: found here
# | ==7036==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x01d00770 at pc 0x005e140f bp 0x00cffc94 sp 0x00cffc90
# |                                  ^~~~~~~~~~~~~~~~~~~~
# | D:\a\llvm-mingw\llvm-mingw\llvm-project\compiler-rt\test\asan\TestCases\Windows\heaprealloc_alloc_zero.cpp:57:15: error: CHECK-NOT: excluded string found in input
# | // CHECK-NOT: AddressSanitizer
# |               ^
# | <stdin>:3:16: note: found here
# | ==7036==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x01d00770 at pc 0x005e140f bp 0x00cffc94 sp 0x00cffc90
# |                ^~~~~~~~~~~~~~~~
# | 
# | Input file: <stdin>
# | Check file: D:\a\llvm-mingw\llvm-mingw\llvm-project\compiler-rt\test\asan\TestCases\Windows\heaprealloc_alloc_zero.cpp
# | 
# | -dump-input=help explains the following input dump.
# | 
# | Input was:
# | <<<<<<
# |         1: allocated! 
# |         2: ================================================================= 
# |         3: ==7036==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x01d00770 at pc 0x005e140f bp 0x00cffc94 sp 0x00cffc90 
# | not:56                                      !~~~~~~~~~~~~~~~~~~~                                                                     error: no match expected
# | not:57                    !~~~~~~~~~~~~~~~                                                                                           error: no match expected
# |         4: WRITE of size 1 at 0x01d00770 thread T0 
# |         5:  #0 0x005e140e in main D:\a\llvm-mingw\llvm-mingw\llvm-project\compiler-rt\test\asan\TestCases\Windows/heaprealloc_alloc_zero.cpp:12:20 
# |         6:  #1 0x005e10d3 in __tmainCRTStartup /home/runner/work/llvm-mingw/llvm-mingw/mingw-w64/mingw-w64-crt/build-i686/../crt/crtexe.c:236:11 
# |         7:  #2 0x772067f8 (C:\Windows\System32\KERNEL32.DLL+0x6b8167f8) 
# |         8:  #3 0x77df7f4c (C:\Windows\SYSTEM32\ntdll.dll+0x4b2e7f4c) 
# |         .
# |         .
# |         .
# | >>>>>>
# `-----------------------------
# error: command failed with exit status: 1

```

This test has `// UNSUPPORTED: asan-64-bits` at https://github.com/llvm/llvm-project/blob/main/compiler-rt/test/asan/TestCases/Windows/heaprealloc_alloc_zero.cpp#L3, so this test case isn't executed in most common 64 bit environments.

https://github.com/llvm/llvm-project/pull/155943

More information about the llvm-commits mailing list