diff options
author | Evgeniy Stepanov <eugeni.stepanov@gmail.com> | 2015-01-21 16:48:29 +0000 |
---|---|---|
committer | Evgeniy Stepanov <eugeni.stepanov@gmail.com> | 2015-01-21 16:48:29 +0000 |
commit | d3f999ff978756b92d644142a6e9452810a2b9e2 (patch) | |
tree | f3f69f6564c97f854980a5135c838e0d095ae098 /test | |
parent | d0c5af9842130890555c97b5e2a72ed5997084c3 (diff) |
[msan] Fix origins in realloc.
Fixes 2 issues in origins arising from realloc() calls:
* In the in-place grow case origin for the new memory is not set at all.
* In the copy-realloc case __msan_memcpy is used, which unwinds stack from
inside the MSan runtime. This does not generally work (as we may be built
w/o frame pointers), and produces "bad" stack trace anyway, with several
uninteresting (internal) frames on top.
This change also makes realloc() honor "zeroise" and "poison_in_malloc" flags.
See https://code.google.com/p/memory-sanitizer/issues/detail?id=73.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226674 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test')
-rw-r--r-- | test/msan/realloc-large-origin.cc | 30 | ||||
-rw-r--r-- | test/msan/realloc-origin.cc | 21 |
2 files changed, 51 insertions, 0 deletions
diff --git a/test/msan/realloc-large-origin.cc b/test/msan/realloc-large-origin.cc new file mode 100644 index 000000000..349e15233 --- /dev/null +++ b/test/msan/realloc-large-origin.cc @@ -0,0 +1,30 @@ +// RUN: %clangxx_msan -fsanitize-memory-track-origins=2 -m64 -O0 %s -o %t && not %run %t >%t.out 2>&1 +// RUN: FileCheck %s < %t.out +// RUN: %clangxx_msan -fsanitize-memory-track-origins=2 -m64 -O2 %s -o %t && not %run %t >%t.out 2>&1 +// RUN: FileCheck %s < %t.out + +// This is a regression test: there used to be broken "stored to memory at" +// stacks with +// in __msan_memcpy +// in __msan::MsanReallocate +// and nothing below that. + +#include <stdlib.h> +int main(int argc, char **argv) { + char *p = (char *)malloc(100); + p = (char *)realloc(p, 10000); + char x = p[50]; + free(p); + return x; + +// CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value +// CHECK: {{#0 0x.* in main .*realloc-large-origin.cc:}}[[@LINE-3]] + +// CHECK: Uninitialized value was stored to memory at +// CHECK: {{#0 0x.* in realloc}} +// CHECK: {{#1 0x.* in main .*realloc-large-origin.cc:}}[[@LINE-10]] + +// CHECK: Uninitialized value was created by a heap allocation +// CHECK: {{#0 0x.* in malloc}} +// CHECK: {{#1 0x.* in main .*realloc-large-origin.cc:}}[[@LINE-15]] +} diff --git a/test/msan/realloc-origin.cc b/test/msan/realloc-origin.cc new file mode 100644 index 000000000..ad176e7e4 --- /dev/null +++ b/test/msan/realloc-origin.cc @@ -0,0 +1,21 @@ +// RUN: %clangxx_msan -fsanitize-memory-track-origins -m64 -O0 %s -o %t && not %run %t >%t.out 2>&1 +// RUN: FileCheck %s < %t.out +// RUN: %clangxx_msan -fsanitize-memory-track-origins -m64 -O2 %s -o %t && not %run %t >%t.out 2>&1 +// RUN: FileCheck %s < %t.out + +// This test relies on realloc from 100 to 101 being done in-place. + +#include <stdlib.h> +int main(int argc, char **argv) { + char *p = (char *)malloc(100); + p = (char *)realloc(p, 101); + char x = p[100]; + free(p); + return x; + // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value + // CHECK: {{#0 0x.* in main .*realloc-origin.cc:}}[[@LINE-2]] + + // CHECK: Uninitialized value was created by a heap allocation + // CHECK: {{#0 0x.* in realloc}} + // CHECK: {{#1 0x.* in main .*realloc-origin.cc:}}[[@LINE-9]] +} |