diff options
| author | Kostya Serebryany <kcc@google.com> | 2018-08-24 01:44:17 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2018-08-24 01:44:17 +0000 |
| commit | a7c3846a2eee2f4b461ca17f6a9eae85531da632 (patch) | |
| tree | 84a8bffec547504b6db47aa283ff885105dcc0c4 | |
| parent | c6ba9ca1696416cd53d86fc79ad8fe2771243e8a (diff) | |
| download | bcm5719-llvm-a7c3846a2eee2f4b461ca17f6a9eae85531da632.tar.gz bcm5719-llvm-a7c3846a2eee2f4b461ca17f6a9eae85531da632.zip | |
[hwasan] implement detection of realloc-after-free
llvm-svn: 340593
| -rw-r--r-- | compiler-rt/lib/hwasan/hwasan_allocator.cc | 6 | ||||
| -rw-r--r-- | compiler-rt/test/hwasan/TestCases/realloc-after-free.c | 28 |
2 files changed, 33 insertions, 1 deletions
diff --git a/compiler-rt/lib/hwasan/hwasan_allocator.cc b/compiler-rt/lib/hwasan/hwasan_allocator.cc index 95dcc074d35..bd5fa30bda7 100644 --- a/compiler-rt/lib/hwasan/hwasan_allocator.cc +++ b/compiler-rt/lib/hwasan/hwasan_allocator.cc @@ -186,9 +186,10 @@ void HwasanDeallocate(StackTrace *stack, void *user_ptr) { CHECK(user_ptr); HWASAN_FREE_HOOK(user_ptr); - void *p = GetAddressFromPointer(user_ptr); if (!PointerAndMemoryTagsMatch(user_ptr)) ReportInvalidFree(stack, reinterpret_cast<uptr>(user_ptr)); + + void *p = GetAddressFromPointer(user_ptr); Metadata *meta = reinterpret_cast<Metadata *>(allocator.GetMetaData(p)); uptr size = meta->requested_size; meta->state = CHUNK_FREE; @@ -220,6 +221,9 @@ void *HwasanReallocate(StackTrace *stack, void *user_old_p, uptr new_size, alignment = Max(alignment, kShadowAlignment); new_size = RoundUpTo(new_size, kShadowAlignment); + if (!PointerAndMemoryTagsMatch(user_old_p)) + ReportInvalidFree(stack, reinterpret_cast<uptr>(user_old_p)); + void *old_p = GetAddressFromPointer(user_old_p); Metadata *meta = reinterpret_cast<Metadata*>(allocator.GetMetaData(old_p)); uptr old_size = meta->requested_size; diff --git a/compiler-rt/test/hwasan/TestCases/realloc-after-free.c b/compiler-rt/test/hwasan/TestCases/realloc-after-free.c new file mode 100644 index 00000000000..ea00f63d64b --- /dev/null +++ b/compiler-rt/test/hwasan/TestCases/realloc-after-free.c @@ -0,0 +1,28 @@ +// RUN: %clang_hwasan %s -o %t +// RUN: not %run %t 50 2>&1 | FileCheck %s +// RUN: not %run %t 40 2>&1 | FileCheck %s +// RUN: not %run %t 30 2>&1 | FileCheck %s + +// REQUIRES: stable-runtime + +#include <stdlib.h> +#include <stdio.h> +#include <sanitizer/hwasan_interface.h> + +int main(int argc, char **argv) { + __hwasan_enable_allocator_tagging(); + if (argc != 2) return 0; + int realloc_size = atoi(argv[1]); + char * volatile x = (char*)malloc(40); + free(x); + x = realloc(x, realloc_size); +// CHECK: ERROR: HWAddressSanitizer: invalid-free on address +// CHECK: tags: [[PTR_TAG:..]]/[[MEM_TAG:..]] (ptr/mem) +// CHECK: freed here: +// CHECK: previously allocated here: +// CHECK: Memory tags around the buggy address (one tag corresponds to 16 bytes): +// CHECK: =>{{.*}}[[MEM_TAG]] + fprintf(stderr, "DONE\n"); + __hwasan_disable_allocator_tagging(); +// CHECK-NOT: DONE +} |
