[msan] Fix origins in realloc.

Fixes 2 issues in origins arising from realloc() calls: * In the in-place grow case origin for the new memory is not set at all. * In the copy-realloc case __msan_memcpy is used, which unwinds stack from inside the MSan runtime. This does not generally work (as we may be built w/o frame pointers), and produces "bad" stack trace anyway, with several uninteresting (internal) frames on top. This change also makes realloc() honor "zeroise" and "poison_in_malloc" flags. See https://code.google.com/p/memory-sanitizer/issues/detail?id=73. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226674 91177308-0d34-0410-b5e6-96231b3b80d8
author: Evgeniy Stepanov <eugeni.stepanov@gmail.com> 2015-01-21 16:48:29 +0000
committer: Evgeniy Stepanov <eugeni.stepanov@gmail.com> 2015-01-21 16:48:29 +0000
commit: d3f999ff978756b92d644142a6e9452810a2b9e2 (patch)
tree: f3f69f6564c97f854980a5135c838e0d095ae098 /test/msan
parent: d0c5af9842130890555c97b5e2a72ed5997084c3 (diff)
2 files changed, 51 insertions, 0 deletions
diff --git a/test/msan/realloc-large-origin.cc b/test/msan/realloc-large-origin.cc
new file mode 100644
index 000000000..349e15233
--- /dev/null
+++ b/test/msan/realloc-large-origin.cc
@@ -0,0 +1,30 @@
+// RUN: %clangxx_msan -fsanitize-memory-track-origins=2 -m64 -O0 %s -o %t && not %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+// RUN: %clangxx_msan -fsanitize-memory-track-origins=2 -m64 -O2 %s -o %t && not %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+// This is a regression test: there used to be broken "stored to memory at"
+// stacks with
+//   in __msan_memcpy
+//   in __msan::MsanReallocate
+// and nothing below that.
+
+#include <stdlib.h>
+int main(int argc, char **argv) {
+  char *p = (char *)malloc(100);
+  p = (char *)realloc(p, 10000);
+  char x = p[50];
+  free(p);
+  return x;
+
+// CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
+// CHECK:   {{#0 0x.* in main .*realloc-large-origin.cc:}}[[@LINE-3]]
+
+// CHECK:  Uninitialized value was stored to memory at
+// CHECK:   {{#0 0x.* in realloc}}
+// CHECK:   {{#1 0x.* in main .*realloc-large-origin.cc:}}[[@LINE-10]]
+
+// CHECK:   Uninitialized value was created by a heap allocation
+// CHECK:   {{#0 0x.* in malloc}}
+// CHECK:   {{#1 0x.* in main .*realloc-large-origin.cc:}}[[@LINE-15]]
+}
diff --git a/test/msan/realloc-origin.cc b/test/msan/realloc-origin.cc
new file mode 100644
index 000000000..ad176e7e4
--- /dev/null
+++ b/test/msan/realloc-origin.cc
@@ -0,0 +1,21 @@
+// RUN: %clangxx_msan -fsanitize-memory-track-origins -m64 -O0 %s -o %t && not %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+// RUN: %clangxx_msan -fsanitize-memory-track-origins -m64 -O2 %s -o %t && not %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+// This test relies on realloc from 100 to 101 being done in-place.
+
+#include <stdlib.h>
+int main(int argc, char **argv) {
+  char *p = (char *)malloc(100);
+  p = (char *)realloc(p, 101);
+  char x = p[100];
+  free(p);
+  return x;
+  // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value
+  // CHECK: {{#0 0x.* in main .*realloc-origin.cc:}}[[@LINE-2]]
+
+  // CHECK: Uninitialized value was created by a heap allocation
+  // CHECK: {{#0 0x.* in realloc}}
+  // CHECK: {{#1 0x.* in main .*realloc-origin.cc:}}[[@LINE-9]]
+}
author	Evgeniy Stepanov <eugeni.stepanov@gmail.com>	2015-01-21 16:48:29 +0000
committer	Evgeniy Stepanov <eugeni.stepanov@gmail.com>	2015-01-21 16:48:29 +0000
commit	d3f999ff978756b92d644142a6e9452810a2b9e2 (patch)
tree	f3f69f6564c97f854980a5135c838e0d095ae098 /test/msan
parent	d0c5af9842130890555c97b5e2a72ed5997084c3 (diff)