[msan] Better use-after-free reports.

By attaching an extra integer tag to heap origins, we are able
to distinguish between uninits
 - created by heap allocation,
 - created by heap deallocation (i.e. use-after-free),
 - created by __msan_allocated_memory call,
 - etc.

See https://code.google.com/p/memory-sanitizer/issues/detail?id=35.



git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226821 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 3 insertions, 0 deletions

diff --git a/lib/msan/msan_allocator.cc b/lib/msan/msan_allocator.cc
index 035c2c666..698b6cddd 100644
--- a/lib/msan/msan_allocator.cc
+++ b/lib/msan/msan_allocator.cc
@@ -113,6 +113,7 @@ static void *MsanAllocate(StackTrace *stack, uptr size, uptr alignment,
   } else if (flags()->poison_in_malloc) {
     __msan_poison(allocated, size);
     if (__msan_get_track_origins()) {
+      stack->tag = StackTrace::TAG_ALLOC;
       Origin o = Origin::CreateHeapOrigin(stack);
       __msan_set_origin(allocated, size, o.raw_id());
     }
@@ -133,6 +134,7 @@ void MsanDeallocate(StackTrace *stack, void *p) {
   if (flags()->poison_in_free) {
     __msan_poison(p, size);
     if (__msan_get_track_origins()) {
+      stack->tag = StackTrace::TAG_DEALLOC;
       Origin o = Origin::CreateHeapOrigin(stack);
       __msan_set_origin(p, size, o.raw_id());
     }
@@ -174,6 +176,7 @@ void *MsanReallocate(StackTrace *stack, void *old_p, uptr new_size,
         __msan_clear_and_unpoison((char *)old_p + old_size,
                                   new_size - old_size);
       } else if (flags()->poison_in_malloc) {
+        stack->tag = StackTrace::TAG_ALLOC;
         PoisonMemory((char *)old_p + old_size, new_size - old_size, stack);
       }
     }