diff options
| -rw-r--r-- | lib/asan/asan_allocator.cc | 3 | ||||
| -rw-r--r-- | lib/asan/asan_allocator.h | 11 | ||||
| -rw-r--r-- | lib/asan/asan_report.cc | 8 | ||||
| -rw-r--r-- | test/asan/TestCases/invalid-pointer-pairs.cc | 37 |
4 files changed, 50 insertions, 9 deletions
diff --git a/lib/asan/asan_allocator.cc b/lib/asan/asan_allocator.cc index 29a5ba6b0..41b1689d9 100644 --- a/lib/asan/asan_allocator.cc +++ b/lib/asan/asan_allocator.cc @@ -665,6 +665,9 @@ static AsanAllocator &get_allocator() { bool AsanChunkView::IsValid() { return chunk_ && chunk_->chunk_state != CHUNK_AVAILABLE; } +bool AsanChunkView::IsAllocated() { + return chunk_ && chunk_->chunk_state == CHUNK_ALLOCATED; +} uptr AsanChunkView::Beg() { return chunk_->Beg(); } uptr AsanChunkView::End() { return Beg() + UsedSize(); } uptr AsanChunkView::UsedSize() { return chunk_->UsedSize(); } diff --git a/lib/asan/asan_allocator.h b/lib/asan/asan_allocator.h index 5ddaeb325..9807d1bd5 100644 --- a/lib/asan/asan_allocator.h +++ b/lib/asan/asan_allocator.h @@ -49,11 +49,12 @@ void GetAllocatorOptions(AllocatorOptions *options); class AsanChunkView { public: explicit AsanChunkView(AsanChunk *chunk) : chunk_(chunk) {} - bool IsValid(); // Checks if AsanChunkView points to a valid allocated - // or quarantined chunk. - uptr Beg(); // First byte of user memory. - uptr End(); // Last byte of user memory. - uptr UsedSize(); // Size requested by the user. + bool IsValid(); // Checks if AsanChunkView points to a valid allocated + // or quarantined chunk. + bool IsAllocated(); // Checks if the memory is currently allocated. + uptr Beg(); // First byte of user memory. + uptr End(); // Last byte of user memory. + uptr UsedSize(); // Size requested by the user. uptr AllocTid(); uptr FreeTid(); bool Eq(const AsanChunkView &c) const { return chunk_ == c.chunk_; } diff --git a/lib/asan/asan_report.cc b/lib/asan/asan_report.cc index 3eafe39d9..568d06bb1 100644 --- a/lib/asan/asan_report.cc +++ b/lib/asan/asan_report.cc @@ -1012,10 +1012,10 @@ static INLINE void CheckForInvalidPointerPair(void *p1, void *p2) { uptr a2 = reinterpret_cast<uptr>(p2); AsanChunkView chunk1 = FindHeapChunkByAddress(a1); AsanChunkView chunk2 = FindHeapChunkByAddress(a2); - bool valid1 = chunk1.IsValid(); - bool valid2 = chunk2.IsValid(); - if ((valid1 != valid2) || (valid1 && valid2 && !chunk1.Eq(chunk2))) { - GET_CALLER_PC_BP_SP; \ + bool valid1 = chunk1.IsAllocated(); + bool valid2 = chunk2.IsAllocated(); + if (!valid1 || !valid2 || !chunk1.Eq(chunk2)) { + GET_CALLER_PC_BP_SP; return ReportInvalidPointerPair(pc, bp, sp, a1, a2); } } diff --git a/test/asan/TestCases/invalid-pointer-pairs.cc b/test/asan/TestCases/invalid-pointer-pairs.cc new file mode 100644 index 000000000..874107cdf --- /dev/null +++ b/test/asan/TestCases/invalid-pointer-pairs.cc @@ -0,0 +1,37 @@ +// RUN: %clangxx_asan -O0 %s -o %t -mllvm -asan-detect-invalid-pointer-pair + +// RUN: %env_asan_opts=detect_invalid_pointer_pairs=1 %run %t k 2>&1 | FileCheck %s -check-prefix=OK -allow-empty +// RUN: %env_asan_opts=detect_invalid_pointer_pairs=1 not %run %t g 2>&1 | FileCheck %s -check-prefix=CMP -check-prefix=ALL-ERRORS +// RUN: %env_asan_opts=detect_invalid_pointer_pairs=1 not %run %t s 2>&1 | FileCheck %s -check-prefix=SUB -check-prefix=ALL-ERRORS +// RUN: %env_asan_opts=detect_invalid_pointer_pairs=1 not %run %t f 2>&1 | FileCheck %s -check-prefix=FREE -check-prefix=ALL-ERRORS + +#include <assert.h> +#include <stdlib.h> + +int main(int argc, char **argv) { + // ALL-ERRORS: ERROR: AddressSanitizer: invalid-pointer-pair + // [[PTR1:0x[0-9a-f]+]] [[PTR2:0x[0-9a-f]+]] + assert(argc >= 2); + char *p = (char *)malloc(42); + char *q = (char *)malloc(42); + switch (argv[1][0]) { + case 'g': + // CMP: #0 {{.*}} in main {{.*}}invalid-pointer-pairs.cc:[[@LINE+1]]:14 + return p > q; + case 's': + // SUB: #0 {{.*}} in main {{.*}}invalid-pointer-pairs.cc:[[@LINE+1]]:14 + return p - q; + case 'k': { + // OK-NOT: ERROR + char *p2 = p + 20; + return p > p2; + } + case 'f': { + char *p3 = p + 20; + free(p); + // FREE: #0 {{.*}} in main {{.*}}invalid-pointer-pairs.cc:[[@LINE+2]]:14 + // FREE: freed by thread + return p < p3; + } + } +} |