This is an archive of the discontinued LLVM Phabricator instance.

[lsan][Fuchsia] Fix bounds checking for thread_local allocator cache when scanning TLS regions
ClosedPublic

Authored by leonardchan on Jul 21 2023, 7:55 PM.

Details

Summary

When scanning over TLS regions, we attempt to check if one of the regions is one of the thread_local allocator caches which would be located in one of the TLS blocks pointer to by the DTV. This is to prevent marking a pointer that was allocated by the primary allocator (from a thread_local cache) as reachable. The check is a simple bounds check to see if the allocator cache is within the bounds of one of the TLS block we're iterating over, but it looks like the check for the end of the cache is slightly incorrect. Rather than checking end - cache_start <= cache_size, it should be something like cache_start + cache_size < end.

Diff Detail

Event Timeline

leonardchan created this revision.Jul 21 2023, 7:55 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 21 2023, 7:55 PM
leonardchan requested review of this revision.EditedJul 21 2023, 7:55 PM

Prior to this, it looks like we'd unconditionally mark pointers in the allocator cache as reachable. So we may find more leaks after this.

The pattern the code was using is the usual pattern to avoid potential overflow. It just should have been >= rather than <=. Even aside from the overflow avoidance, < end is not right but should be <= end AFAICT. But I think it's best to keep the overflow avoidance here and just fix the typo so it's <= end.

This revision is now accepted and ready to land.Aug 29 2023, 12:42 PM