diff options
author | Kuba Brecka <kuba.brecka@gmail.com> | 2016-05-02 15:23:01 +0000 |
---|---|---|
committer | Kuba Brecka <kuba.brecka@gmail.com> | 2016-05-02 15:23:01 +0000 |
commit | 71be6adbf553eaaa5898d4e603526ff89334e455 (patch) | |
tree | 0ee986c154d54a818383def00d6f4c8889b91413 /lib/sanitizer_common/sanitizer_allocator.h | |
parent | 4e704facb41037e14f8f51332b839accabf3b016 (diff) |
[sanitizer] Fix a crash in SizeClassAllocator32 with an out-of-range pointer
This happens on a 64-bit platform that uses SizeClassAllocator32 (e.g. ASan on AArch64). When querying a large invalid pointer, `__sanitizer_get_allocated_size(0xdeadbeefdeadbeef)`, an assertion will fail. This patch changes PointerIsMine to return false if the pointer is outside of [kSpaceBeg, kSpaceBeg + kSpaceSize).
Differential Revision: http://reviews.llvm.org/D15008
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268243 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/sanitizer_common/sanitizer_allocator.h')
-rw-r--r-- | lib/sanitizer_common/sanitizer_allocator.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/sanitizer_common/sanitizer_allocator.h b/lib/sanitizer_common/sanitizer_allocator.h index 75fabaa84..5783c203d 100644 --- a/lib/sanitizer_common/sanitizer_allocator.h +++ b/lib/sanitizer_common/sanitizer_allocator.h @@ -769,6 +769,9 @@ class SizeClassAllocator32 { } bool PointerIsMine(const void *p) { + uptr mem = reinterpret_cast<uptr>(p); + if (mem < kSpaceBeg || mem >= kSpaceBeg + kSpaceSize) + return false; return GetSizeClass(p) != 0; } |