[hwasan] implement detection of double-free (invalid-free)

llvm-svn: 340591

1 files changed, 12 insertions, 1 deletions

diff --git a/compiler-rt/lib/hwasan/hwasan_allocator.cc b/compiler-rt/lib/hwasan/hwasan_allocator.cc
index 23e919e79e0..95dcc074d35 100644
--- a/compiler-rt/lib/hwasan/hwasan_allocator.cc
+++ b/compiler-rt/lib/hwasan/hwasan_allocator.cc
@@ -24,6 +24,7 @@
 #include "hwasan_mapping.h"
 #include "hwasan_thread.h"
 #include "hwasan_poisoning.h"
+#include "hwasan_report.h"
 
 namespace __hwasan {
 
@@ -173,11 +174,21 @@ static void *HwasanAllocate(StackTrace *stack, uptr size, uptr alignment,
   return user_ptr;
 }
 
+static bool PointerAndMemoryTagsMatch(void *user_ptr) {
+  CHECK(user_ptr);
+  tag_t ptr_tag = GetTagFromPointer(reinterpret_cast<uptr>(user_ptr));
+  tag_t mem_tag = *reinterpret_cast<tag_t *>(
+      MEM_TO_SHADOW(GetAddressFromPointer(user_ptr)));
+  return ptr_tag == mem_tag;
+}
+
 void HwasanDeallocate(StackTrace *stack, void *user_ptr) {
   CHECK(user_ptr);
   HWASAN_FREE_HOOK(user_ptr);
 
   void *p = GetAddressFromPointer(user_ptr);
+  if (!PointerAndMemoryTagsMatch(user_ptr))
+    ReportInvalidFree(stack, reinterpret_cast<uptr>(user_ptr));
   Metadata *meta = reinterpret_cast<Metadata *>(allocator.GetMetaData(p));
   uptr size = meta->requested_size;
   meta->state = CHUNK_FREE;
@@ -226,7 +237,7 @@ void *HwasanReallocate(StackTrace *stack, void *user_old_p, uptr new_size,
           t ? t->GenerateRandomTag() : kFallbackAllocTag);
     }
     if (new_size > old_size) {
-      tag_t tag = GetTagFromPointer((uptr)user_old_p);
+      tag_t tag = GetTagFromPointer(reinterpret_cast<uptr>(user_old_p));
       TagMemoryAligned((uptr)old_p + old_size, new_size - old_size, tag);
     }
     return user_old_p;