From 023f18bbaf67ee7255309fac102ec6e2dc876961 Mon Sep 17 00:00:00 2001 From: Florian Mayer Date: Mon, 23 Aug 2021 14:03:16 +0100 Subject: [PATCH] [hwasan] do not check if freed pointer belonged to allocator. In that case it is very likely that there will be a tag mismatch anyway. We handle the case that the pointer belongs to neither of the allocators by getting a nullptr from allocator.GetBlockBegin. Reviewed By: hctim, eugenis Differential Revision: https://reviews.llvm.org/D108383 --- compiler-rt/lib/hwasan/hwasan_allocator.cpp | 2 +- compiler-rt/lib/hwasan/hwasan_linux.cpp | 3 ++- compiler-rt/test/hwasan/TestCases/wild-free-realloc.c | 2 ++ compiler-rt/test/hwasan/TestCases/wild-free.c | 2 ++ 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/compiler-rt/lib/hwasan/hwasan_allocator.cpp b/compiler-rt/lib/hwasan/hwasan_allocator.cpp index 78f66d6..9e17299 100644 --- a/compiler-rt/lib/hwasan/hwasan_allocator.cpp +++ b/compiler-rt/lib/hwasan/hwasan_allocator.cpp @@ -211,7 +211,7 @@ static bool PointerAndMemoryTagsMatch(void *tagged_ptr) { static bool CheckInvalidFree(StackTrace *stack, void *untagged_ptr, void *tagged_ptr) { // This function can return true if halt_on_error is false. - if (!allocator.PointerIsMine(untagged_ptr) || + if (!MemIsApp(reinterpret_cast(untagged_ptr)) || !PointerAndMemoryTagsMatch(tagged_ptr)) { ReportInvalidFree(stack, reinterpret_cast(tagged_ptr)); return true; diff --git a/compiler-rt/lib/hwasan/hwasan_linux.cpp b/compiler-rt/lib/hwasan/hwasan_linux.cpp index 1319db6..a86ec28 100644 --- a/compiler-rt/lib/hwasan/hwasan_linux.cpp +++ b/compiler-rt/lib/hwasan/hwasan_linux.cpp @@ -241,7 +241,8 @@ bool MemIsApp(uptr p) { CHECK(GetTagFromPointer(p) == 0); # endif - return p >= kHighMemStart || (p >= kLowMemStart && p <= kLowMemEnd); + return (p >= kHighMemStart && p <= kHighMemEnd) || + (p >= kLowMemStart && p <= kLowMemEnd); } void InstallAtExitHandler() { atexit(HwasanAtExit); } diff --git a/compiler-rt/test/hwasan/TestCases/wild-free-realloc.c b/compiler-rt/test/hwasan/TestCases/wild-free-realloc.c index 1bbbb73..19d2943 100644 --- a/compiler-rt/test/hwasan/TestCases/wild-free-realloc.c +++ b/compiler-rt/test/hwasan/TestCases/wild-free-realloc.c @@ -1,8 +1,10 @@ // RUN: %clang_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s +#include #include int main() { + __hwasan_enable_allocator_tagging(); char *p = (char *)malloc(1); realloc(p + 0x10000000000, 2); // CHECK: ERROR: HWAddressSanitizer: invalid-free on address {{.*}} at pc {{[0x]+}}[[PC:.*]] on thread T{{[0-9]+}} diff --git a/compiler-rt/test/hwasan/TestCases/wild-free.c b/compiler-rt/test/hwasan/TestCases/wild-free.c index 523d915..a38822c 100644 --- a/compiler-rt/test/hwasan/TestCases/wild-free.c +++ b/compiler-rt/test/hwasan/TestCases/wild-free.c @@ -1,8 +1,10 @@ // RUN: %clang_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s +#include #include int main() { + __hwasan_enable_allocator_tagging(); char *p = (char *)malloc(1); free(p + 0x10000000000); // CHECK: ERROR: HWAddressSanitizer: invalid-free on address {{.*}} at pc {{[0x]+}}[[PC:.*]] on thread T{{[0-9]+}} -- 2.7.4