// Test mmap behavior when map address is below shadow range.
-// With MAP_FIXED, we crash.
+// With MAP_FIXED, we return EINVAL.
// Without MAP_FIXED, we ignore the address hint and map somewhere in
// application range.
// RUN: %clangxx_msan -m64 -O0 -DFIXED=0 %s -o %t && %t
-// RUN: %clangxx_msan -m64 -O0 -DFIXED=1 %s -o %t && not %t
+// RUN: %clangxx_msan -m64 -O0 -DFIXED=1 %s -o %t && %t
#include <assert.h>
+#include <errno.h>
#include <stdint.h>
#include <sys/mman.h>
int main(void) {
// Hint address just below shadow.
- uintptr_t hint = 0x1f0000000000ULL;
+ uintptr_t hint = 0x4f0000000000ULL;
const uintptr_t app_start = 0x600000000000ULL;
uintptr_t p = (uintptr_t)mmap(
- (void *)hint, 4096, PROT_READ | PROT_WRITE,
- MAP_PRIVATE | MAP_ANONYMOUS | (FIXED ? MAP_FIXED : 0), 0, 0);
- assert(p >= app_start);
+ (void *)hint, 4096, PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS | (FIXED ? MAP_FIXED : 0), -1, 0);
+ if (FIXED)
+ assert(p == (uintptr_t)-1 && errno == EINVAL);
+ else
+ assert(p >= app_start);
return 0;
}
// True if this is a nested interceptor.
static THREADLOCAL int in_interceptor_scope;
+extern "C" int *__errno_location(void);
+
struct InterceptorScope {
InterceptorScope() { ++in_interceptor_scope; }
~InterceptorScope() { --in_interceptor_scope; }
int fd, OFF_T offset) {
ENSURE_MSAN_INITED();
if (addr && !MEM_IS_APP(addr)) {
- CHECK(!(flags & map_fixed) &&
- "mmap(..., MAP_FIXED) outside of application memory range.");
- addr = 0;
+ if (flags & map_fixed) {
+ *__errno_location() = errno_EINVAL;
+ return (void *)-1;
+ } else {
+ addr = 0;
+ }
}
void *res = REAL(mmap)(addr, length, prot, flags, fd, offset);
if (res != (void*)-1)
} // namespace __msan
-extern "C" int *__errno_location(void);
-
// A version of CHECK_UNPOISONED using a saved scope value. Used in common
// interceptors.
#define CHECK_UNPOISONED_CTX(ctx, x, n) \