[compiler-rt] [compiler-rt][msan] Fix 32-bit overflow in CheckMemoryLayoutSanity (PR #189199)

Brian Cain via llvm-commits llvm-commits at lists.llvm.org
Sat Mar 28 15:29:35 PDT 2026 

https://github.com/androm3da created https://github.com/llvm/llvm-project/pull/189199

Use start + (end - start) / 2 instead of (start + end) / 2 to compute the midpoint address.  The original expression overflows when start + end exceeds UPTR_MAX, which happens on 32-bit targets whose memory layout includes regions above 0x80000000.

>From ffa910f3e8d88f4b60b7b245fde164360b2335d3 Mon Sep 17 00:00:00 2001
From: Brian Cain <brian.cain at oss.qualcomm.com>
Date: Sat, 28 Mar 2026 14:02:36 -0700
Subject: [PATCH] [compiler-rt][msan] Fix 32-bit overflow in
 CheckMemoryLayoutSanity

Use start + (end - start) / 2 instead of (start + end) / 2 to
compute the midpoint address.  The original expression overflows
when start + end exceeds UPTR_MAX, which happens on 32-bit targets
whose memory layout includes regions above 0x80000000.
---
 compiler-rt/lib/msan/msan_linux.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/compiler-rt/lib/msan/msan_linux.cpp b/compiler-rt/lib/msan/msan_linux.cpp
index f08a7c98a4847..67df54121f87b 100644
--- a/compiler-rt/lib/msan/msan_linux.cpp
+++ b/compiler-rt/lib/msan/msan_linux.cpp
@@ -90,7 +90,8 @@ static void CheckMemoryLayoutSanity() {
     CHECK_LT(start, end);
     CHECK_EQ(prev_end, start);
     CHECK(addr_is_type(start, type));
-    CHECK(addr_is_type((start + end) / 2, type));
+    // Use start + (end - start) / 2 to avoid overflow on 32-bit.
+    CHECK(addr_is_type(start + (end - start) / 2, type));
     CHECK(addr_is_type(end - 1, type));
     if (type == MappingDesc::APP || type == MappingDesc::ALLOCATOR) {
       uptr addr = start;
@@ -98,7 +99,7 @@ static void CheckMemoryLayoutSanity() {
       CHECK(MEM_IS_ORIGIN(MEM_TO_ORIGIN(addr)));
       CHECK_EQ(MEM_TO_ORIGIN(addr), SHADOW_TO_ORIGIN(MEM_TO_SHADOW(addr)));
 
-      addr = (start + end) / 2;
+      addr = start + (end - start) / 2;
       CHECK(MEM_IS_SHADOW(MEM_TO_SHADOW(addr)));
       CHECK(MEM_IS_ORIGIN(MEM_TO_ORIGIN(addr)));
       CHECK_EQ(MEM_TO_ORIGIN(addr), SHADOW_TO_ORIGIN(MEM_TO_SHADOW(addr)));

More information about the llvm-commits mailing list