[msan] Check for pvalloc overflow

Summary:
`CheckForPvallocOverflow` was introduced with D35818 to detect when pvalloc
would wrap when rounding up to the next multiple of the page size.

Add this check to MSan's pvalloc implementation.

Reviewers: alekseyshl

Reviewed By: alekseyshl

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D36093

llvm-svn: 309601

2 files changed, 16 insertions, 1 deletions

diff --git a/compiler-rt/lib/msan/msan_allocator.cc b/compiler-rt/lib/msan/msan_allocator.cc
index 1034dbdf9b5..1b134e15a74 100644
--- a/compiler-rt/lib/msan/msan_allocator.cc
+++ b/compiler-rt/lib/msan/msan_allocator.cc
@@ -255,8 +255,12 @@ void *msan_valloc(uptr size, StackTrace *stack) {
 
 void *msan_pvalloc(uptr size, StackTrace *stack) {
   uptr PageSize = GetPageSizeCached();
+  if (UNLIKELY(CheckForPvallocOverflow(size, PageSize))) {
+    errno = errno_ENOMEM;
+    return Allocator::FailureHandler::OnBadRequest();
+  }
   // pvalloc(0) should allocate one page.
-  size = size == 0 ? PageSize : RoundUpTo(size, PageSize);
+  size = size ? RoundUpTo(size, PageSize) : PageSize;
   return SetErrnoOnNull(MsanAllocate(stack, size, PageSize, false));
 }
 
diff --git a/compiler-rt/lib/msan/tests/msan_test.cc b/compiler-rt/lib/msan/tests/msan_test.cc
index b2d5f7c605e..b4cc8493ab3 100644
--- a/compiler-rt/lib/msan/tests/msan_test.cc
+++ b/compiler-rt/lib/msan/tests/msan_test.cc
@@ -3449,6 +3449,17 @@ TEST(MemorySanitizer, pvalloc) {
   EXPECT_EQ(0U, (uintptr_t)p % PageSize);
   EXPECT_EQ(PageSize, __sanitizer_get_allocated_size(p));
   free(p);
+
+  // Overflows in pvalloc should be caught.
+  errno = 0;
+  p = pvalloc((uintptr_t)-PageSize);
+  EXPECT_EQ(p, nullptr);
+  EXPECT_EQ(errno, ENOMEM);
+
+  errno = 0;
+  p = pvalloc((uintptr_t)-1);
+  EXPECT_EQ(p, nullptr);
+  EXPECT_EQ(errno, ENOMEM);
 }
 #endif