From a7c3846a2eee2f4b461ca17f6a9eae85531da632 Mon Sep 17 00:00:00 2001
From: Kostya Serebryany <kcc@google.com>
Date: Fri, 24 Aug 2018 01:44:17 +0000
Subject: [hwasan] implement detection of realloc-after-free

llvm-svn: 340593
---
 compiler-rt/lib/hwasan/hwasan_allocator.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'compiler-rt/lib/hwasan/hwasan_allocator.cc')

diff --git a/compiler-rt/lib/hwasan/hwasan_allocator.cc b/compiler-rt/lib/hwasan/hwasan_allocator.cc
index 95dcc074d35..bd5fa30bda7 100644
--- a/compiler-rt/lib/hwasan/hwasan_allocator.cc
+++ b/compiler-rt/lib/hwasan/hwasan_allocator.cc
@@ -186,9 +186,10 @@ void HwasanDeallocate(StackTrace *stack, void *user_ptr) {
   CHECK(user_ptr);
   HWASAN_FREE_HOOK(user_ptr);
 
-  void *p = GetAddressFromPointer(user_ptr);
   if (!PointerAndMemoryTagsMatch(user_ptr))
     ReportInvalidFree(stack, reinterpret_cast<uptr>(user_ptr));
+
+  void *p = GetAddressFromPointer(user_ptr);
   Metadata *meta = reinterpret_cast<Metadata *>(allocator.GetMetaData(p));
   uptr size = meta->requested_size;
   meta->state = CHUNK_FREE;
@@ -220,6 +221,9 @@ void *HwasanReallocate(StackTrace *stack, void *user_old_p, uptr new_size,
   alignment = Max(alignment, kShadowAlignment);
   new_size = RoundUpTo(new_size, kShadowAlignment);
 
+  if (!PointerAndMemoryTagsMatch(user_old_p))
+    ReportInvalidFree(stack, reinterpret_cast<uptr>(user_old_p));
+
   void *old_p = GetAddressFromPointer(user_old_p);
   Metadata *meta = reinterpret_cast<Metadata*>(allocator.GetMetaData(old_p));
   uptr old_size = meta->requested_size;
-- 
cgit v1.2.1