From 71be6adbf553eaaa5898d4e603526ff89334e455 Mon Sep 17 00:00:00 2001 From: Kuba Brecka Date: Mon, 2 May 2016 15:23:01 +0000 Subject: [sanitizer] Fix a crash in SizeClassAllocator32 with an out-of-range pointer This happens on a 64-bit platform that uses SizeClassAllocator32 (e.g. ASan on AArch64). When querying a large invalid pointer, `__sanitizer_get_allocated_size(0xdeadbeefdeadbeef)`, an assertion will fail. This patch changes PointerIsMine to return false if the pointer is outside of [kSpaceBeg, kSpaceBeg + kSpaceSize). Differential Revision: http://reviews.llvm.org/D15008 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268243 91177308-0d34-0410-b5e6-96231b3b80d8 --- test/asan/TestCases/Darwin/malloc_size_crash.mm | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 test/asan/TestCases/Darwin/malloc_size_crash.mm (limited to 'test') diff --git a/test/asan/TestCases/Darwin/malloc_size_crash.mm b/test/asan/TestCases/Darwin/malloc_size_crash.mm new file mode 100644 index 000000000..04cb76376 --- /dev/null +++ b/test/asan/TestCases/Darwin/malloc_size_crash.mm @@ -0,0 +1,15 @@ +// RUN: %clang_asan %s -o %t -framework Foundation +// RUN: %run %t 2>&1 | FileCheck %s + +#import +#include + +int main(int argc, char *argv[]) { + id obj = @0; + fprintf(stderr, "obj = %p\n", obj); + size_t size = malloc_size(obj); + fprintf(stderr, "size = 0x%zx\n", size); + fprintf(stderr, "Done.\n"); + // CHECK: Done. + return 0; +} -- cgit v1.2.3