[sanitizer] Fix a crash in SizeClassAllocator32 with an out-of-range pointer

This happens on a 64-bit platform that uses SizeClassAllocator32 (e.g. ASan on AArch64). When querying a large invalid pointer, `__sanitizer_get_allocated_size(0xdeadbeefdeadbeef)`, an assertion will fail. This patch changes PointerIsMine to return false if the pointer is outside of [kSpaceBeg, kSpaceBeg + kSpaceSize). Differential Revision: http://reviews.llvm.org/D15008 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268243 91177308-0d34-0410-b5e6-96231b3b80d8
author: Kuba Brecka <kuba.brecka@gmail.com> 2016-05-02 15:23:01 +0000
committer: Kuba Brecka <kuba.brecka@gmail.com> 2016-05-02 15:23:01 +0000
commit: 71be6adbf553eaaa5898d4e603526ff89334e455 (patch)
tree: 0ee986c154d54a818383def00d6f4c8889b91413 /test
parent: 4e704facb41037e14f8f51332b839accabf3b016 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/test/asan/TestCases/Darwin/malloc_size_crash.mm b/test/asan/TestCases/Darwin/malloc_size_crash.mm
new file mode 100644
index 000000000..04cb76376
--- /dev/null
+++ b/test/asan/TestCases/Darwin/malloc_size_crash.mm
@@ -0,0 +1,15 @@
+// RUN: %clang_asan %s -o %t -framework Foundation
+// RUN: %run %t 2>&1 | FileCheck %s
+
+#import <Foundation/Foundation.h>
+#include <malloc/malloc.h>
+
+int main(int argc, char *argv[]) {
+  id obj = @0;
+  fprintf(stderr, "obj = %p\n", obj);
+  size_t size = malloc_size(obj);
+  fprintf(stderr, "size = 0x%zx\n", size);
+  fprintf(stderr, "Done.\n");
+  // CHECK: Done.
+  return 0;
+}
author	Kuba Brecka <kuba.brecka@gmail.com>	2016-05-02 15:23:01 +0000
committer	Kuba Brecka <kuba.brecka@gmail.com>	2016-05-02 15:23:01 +0000
commit	71be6adbf553eaaa5898d4e603526ff89334e455 (patch)
tree	0ee986c154d54a818383def00d6f4c8889b91413 /test
parent	4e704facb41037e14f8f51332b839accabf3b016 (diff)