[compiler-rt] [asan] Rewrite Windows/heaprealloc_alloc_zero check to avoid dereference (PR #156211)

Thurston Dang via llvm-commits llvm-commits at lists.llvm.org
Sat Aug 30 14:54:08 PDT 2025 

https://github.com/thurstond created https://github.com/llvm/llvm-project/pull/156211

The test checks that 1-byte is allocated when malloc(0) is called, by dereferencing the pointer.
https://github.com/llvm/llvm-project/pull/155943 changed ASan to consider the dereference to be a heap buffer overflow. This patch changes the test to check the allocated size is still 1-byte, but not dereference the pointer.

This aims to fix the breakage reported in https://github.com/llvm/llvm-project/pull/155943#issuecomment-3239543505

>From cb5e1f2dbdf4b605b60ade0ec1a1b976ac1a1cb6 Mon Sep 17 00:00:00 2001
From: Thurston Dang <thurston at google.com>
Date: Sat, 30 Aug 2025 21:49:40 +0000
Subject: [PATCH] [asan] Rewrite Windows/heaprealloc_alloc_zero check to avoid
 dereference

The test checks that 1-byte is allocated when malloc(0) is called, by
dereferencing the pointer.
https://github.com/llvm/llvm-project/pull/155943 changed ASan to
consider the dereference to be a heap buffer overflow. This patch
changes the test to check the allocated size is still 1-byte, but not dereference the
pointer.

This aims to fix the breakage reported in https://github.com/llvm/llvm-project/pull/155943#issuecomment-3239543505
---
 .../asan/TestCases/Windows/heaprealloc_alloc_zero.cpp     | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/compiler-rt/test/asan/TestCases/Windows/heaprealloc_alloc_zero.cpp b/compiler-rt/test/asan/TestCases/Windows/heaprealloc_alloc_zero.cpp
index 8b0bc71b9f5db..e9be0d5b4c7df 100644
--- a/compiler-rt/test/asan/TestCases/Windows/heaprealloc_alloc_zero.cpp
+++ b/compiler-rt/test/asan/TestCases/Windows/heaprealloc_alloc_zero.cpp
@@ -3,13 +3,19 @@
 // UNSUPPORTED: asan-64-bits
 #include <cassert>
 #include <iostream>
+#include <sanitizer/allocator_interface.h>
 #include <windows.h>
 
 int main() {
   void *ptr = malloc(0);
   if (ptr)
     std::cerr << "allocated!\n";
-  ((char *)ptr)[0] = '\xff'; //check this 'allocate 1 instead of 0' hack hasn't changed
+
+  // Check the 'allocate 1 instead of 0' hack hasn't changed
+  // Note that as of b3452d90b043a398639e62b0ab01aa339cc649de, dereferencing
+  // the pointer will be detected as a heap-buffer-overflow.
+  if (__sanitizer_get_allocated_size(ptr) != 1)
+    return 1;
 
   free(ptr);

More information about the llvm-commits mailing list