This is an archive of the discontinued LLVM Phabricator instance.

Differential D34731

[Sanitizers] Operator new() interceptors always die on allocation error
ClosedPublic

Authored by alekseyshl on Jun 27 2017, 6:07 PM.

Details

Reviewers
eugenis
Commits
rG4b450685d336: [Sanitizers] Operator new() interceptors always die on allocation error
rCRT306604: [Sanitizers] Operator new() interceptors always die on allocation error
rL306604: [Sanitizers] Operator new() interceptors always die on allocation error
Summary

Operator new interceptors behavior is now controlled by their nothrow
property as well as by allocator_may_return_null flag value:

  • allocator_may_return_null=* + new() - die on allocation error
  • allocator_may_return_null=0 + new(nothrow) - die on allocation error
  • allocator_may_return_null=1 + new(nothrow) - return null

Ideally new() should throw std::bad_alloc exception, but that is not
trivial to achieve, hence TODO.

Diff Detail

Event Timeline

alekseyshl created this revision.Jun 27 2017, 6:07 PM
Herald added a subscriber: kubamracek. · View Herald TranscriptJun 27 2017, 6:07 PM
alekseyshl added a subscriber: cryptoad.Jun 27 2017, 6:09 PM
cryptoad added inline comments.Jun 27 2017, 10:40 PM
lib/scudo/scudo_new_delete.cpp
33

Thanks for doing those changes on Scudo as well.
Would it possible to get mark the failure branches as UNLIKELY? (at least the ones in Scudo).

alekseyshl updated this revision to Diff 104487.Jun 28 2017, 12:11 PM
  • Add UNLIKELY around OOM checks and add NORETURN to DieOnFailure methods.
alekseyshl marked an inline comment as done.Jun 28 2017, 12:12 PM
eugenis accepted this revision.Jun 28 2017, 2:41 PM
This revision is now accepted and ready to land.Jun 28 2017, 2:41 PM
Closed by commit rL306604: [Sanitizers] Operator new() interceptors always die on allocation error (authored by alekseyshl). · Explain WhyJun 28 2017, 2:59 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lib/
asan/
11 lines
39 lines
lsan/
23 lines
msan/
20 lines
sanitizer_common/
4 lines
4 lines
scudo/
9 lines
tsan/
rtl/
13 lines
test/
asan/
TestCases/
107 lines
msan/
115 lines
scudo/
45 lines
tsan/
116 lines

Diff 104487

lib/asan/asan_allocator.cc

Show First 20 LinesShow All 154 Lines▼ Show 20 Lines void Recycle(AsanChunk *m) {
AsanStats &thread_stats = GetCurrentThreadStats(); AsanStats &thread_stats = GetCurrentThreadStats();
thread_stats.real_frees++; thread_stats.real_frees++;
thread_stats.really_freed += m->UsedSize(); thread_stats.really_freed += m->UsedSize();
get_allocator().Deallocate(cache_, p); get_allocator().Deallocate(cache_, p);
} }
void *Allocate(uptr size) { void *Allocate(uptr size) {
return get_allocator().Allocate(cache_, size, 1); void *res = get_allocator().Allocate(cache_, size, 1);
// TODO(alekseys): Consider making quarantine OOM-friendly.
if (UNLIKELY(!res))
return DieOnFailure::OnOOM();
return res;
} }
void Deallocate(void *p) { void Deallocate(void *p) {
get_allocator().Deallocate(cache_, p); get_allocator().Deallocate(cache_, p);
} }
AllocatorCache *cache_; AllocatorCache *cache_;
}; };
▲ Show 20 LinesShow All 347 Lines▼ Show 20 Lines if (!atomic_compare_exchange_strong((atomic_uint8_t *)m, &old_chunk_state,
return false; return false;
} }
CHECK_EQ(CHUNK_ALLOCATED, old_chunk_state); CHECK_EQ(CHUNK_ALLOCATED, old_chunk_state);
return true; return true;
} }
// Expects the chunk to already be marked as quarantined by using // Expects the chunk to already be marked as quarantined by using
// AtomicallySetQuarantineFlagIfAllocated. // AtomicallySetQuarantineFlagIfAllocated.
void QuarantineChunk(AsanChunk *m, void *ptr, BufferedStackTrace *stack, void QuarantineChunk(AsanChunk *m, void *ptr, BufferedStackTrace *stack) {
AllocType alloc_type) {
CHECK_EQ(m->chunk_state, CHUNK_QUARANTINE); CHECK_EQ(m->chunk_state, CHUNK_QUARANTINE);
CHECK_GE(m->alloc_tid, 0); CHECK_GE(m->alloc_tid, 0);
if (SANITIZER_WORDSIZE == 64) // On 32-bits this resides in user area. if (SANITIZER_WORDSIZE == 64) // On 32-bits this resides in user area.
CHECK_EQ(m->free_tid, kInvalidTid); CHECK_EQ(m->free_tid, kInvalidTid);
AsanThread *t = GetCurrentThread(); AsanThread *t = GetCurrentThread();
m->free_tid = t ? t->tid() : 0; m->free_tid = t ? t->tid() : 0;
m->free_context_id = StackDepotPut(*stack); m->free_context_id = StackDepotPut(*stack);
▲ Show 20 LinesShow All 61 Lines▼ Show 20 Lines if (m->alloc_type != alloc_type) {
} }
} }
if (delete_size && flags()->new_delete_type_mismatch && if (delete_size && flags()->new_delete_type_mismatch &&
delete_size != m->UsedSize()) { delete_size != m->UsedSize()) {
ReportNewDeleteSizeMismatch(p, delete_size, stack); ReportNewDeleteSizeMismatch(p, delete_size, stack);
} }
QuarantineChunk(m, ptr, stack, alloc_type); QuarantineChunk(m, ptr, stack);
} }
void *Reallocate(void *old_ptr, uptr new_size, BufferedStackTrace *stack) { void *Reallocate(void *old_ptr, uptr new_size, BufferedStackTrace *stack) {
CHECK(old_ptr && new_size); CHECK(old_ptr && new_size);
uptr p = reinterpret_cast<uptr>(old_ptr); uptr p = reinterpret_cast<uptr>(old_ptr);
uptr chunk_beg = p - kChunkHeaderSize; uptr chunk_beg = p - kChunkHeaderSize;
AsanChunk *m = reinterpret_cast<AsanChunk *>(chunk_beg); AsanChunk *m = reinterpret_cast<AsanChunk *>(chunk_beg);
▲ Show 20 LinesShow All 392 LinesShow Last 20 Lines

lib/asan/asan_new_delete.cc

Show First 20 LinesShow All 57 Lines▼ Show 20 Lines
// See https://github.com/google/sanitizers/issues/131. // See https://github.com/google/sanitizers/issues/131.
// Fake std::nothrow_t and std::align_val_t to avoid including <new>. // Fake std::nothrow_t and std::align_val_t to avoid including <new>.
namespace std { namespace std {
struct nothrow_t {}; struct nothrow_t {};
enum class align_val_t: size_t {}; enum class align_val_t: size_t {};
} // namespace std } // namespace std
#define OPERATOR_NEW_BODY(type) \ // TODO(alekseys): throw std::bad_alloc instead of dying on OOM.
#define OPERATOR_NEW_BODY(type, nothrow) \
GET_STACK_TRACE_MALLOC;\ GET_STACK_TRACE_MALLOC;\
return asan_memalign(0, size, &stack, type); void *res = asan_memalign(0, size, &stack, type);\
#define OPERATOR_NEW_BODY_ALIGN(type) \ if (!nothrow && UNLIKELY(!res)) DieOnFailure::OnOOM();\
return res;
#define OPERATOR_NEW_BODY_ALIGN(type, nothrow) \
GET_STACK_TRACE_MALLOC;\ GET_STACK_TRACE_MALLOC;\
return asan_memalign((uptr)align, size, &stack, type); void *res = asan_memalign((uptr)align, size, &stack, type);\
if (!nothrow && UNLIKELY(!res)) DieOnFailure::OnOOM();\
return res;
// On OS X it's not enough to just provide our own 'operator new' and // On OS X it's not enough to just provide our own 'operator new' and
// 'operator delete' implementations, because they're going to be in the // 'operator delete' implementations, because they're going to be in the
// runtime dylib, and the main executable will depend on both the runtime // runtime dylib, and the main executable will depend on both the runtime
// dylib and libstdc++, each of those'll have its implementation of new and // dylib and libstdc++, each of those'll have its implementation of new and
// delete. // delete.
// To make sure that C++ allocation/deallocation operators are overridden on // To make sure that C++ allocation/deallocation operators are overridden on
// OS X we need to intercept them using their mangled names. // OS X we need to intercept them using their mangled names.
#if !SANITIZER_MAC #if !SANITIZER_MAC
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void *operator new(size_t size) { OPERATOR_NEW_BODY(FROM_NEW); } void *operator new(size_t size)
{ OPERATOR_NEW_BODY(FROM_NEW, false /*nothrow*/); }
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void *operator new[](size_t size) { OPERATOR_NEW_BODY(FROM_NEW_BR); } void *operator new[](size_t size)
{ OPERATOR_NEW_BODY(FROM_NEW_BR, false /*nothrow*/); }
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void *operator new(size_t size, std::nothrow_t const&) void *operator new(size_t size, std::nothrow_t const&)
{ OPERATOR_NEW_BODY(FROM_NEW); } { OPERATOR_NEW_BODY(FROM_NEW, true /*nothrow*/); }
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void *operator new[](size_t size, std::nothrow_t const&) void *operator new[](size_t size, std::nothrow_t const&)
{ OPERATOR_NEW_BODY(FROM_NEW_BR); } { OPERATOR_NEW_BODY(FROM_NEW_BR, true /*nothrow*/); }
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void *operator new(size_t size, std::align_val_t align) void *operator new(size_t size, std::align_val_t align)
{ OPERATOR_NEW_BODY_ALIGN(FROM_NEW); } { OPERATOR_NEW_BODY_ALIGN(FROM_NEW, false /*nothrow*/); }
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void *operator new[](size_t size, std::align_val_t align) void *operator new[](size_t size, std::align_val_t align)
{ OPERATOR_NEW_BODY_ALIGN(FROM_NEW_BR); } { OPERATOR_NEW_BODY_ALIGN(FROM_NEW_BR, false /*nothrow*/); }
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void *operator new(size_t size, std::align_val_t align, std::nothrow_t const&) void *operator new(size_t size, std::align_val_t align, std::nothrow_t const&)
{ OPERATOR_NEW_BODY_ALIGN(FROM_NEW); } { OPERATOR_NEW_BODY_ALIGN(FROM_NEW, true /*nothrow*/); }
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void *operator new[](size_t size, std::align_val_t align, std::nothrow_t const&) void *operator new[](size_t size, std::align_val_t align, std::nothrow_t const&)
{ OPERATOR_NEW_BODY_ALIGN(FROM_NEW_BR); } { OPERATOR_NEW_BODY_ALIGN(FROM_NEW_BR, true /*nothrow*/); }
#else // SANITIZER_MAC #else // SANITIZER_MAC
INTERCEPTOR(void *, _Znwm, size_t size) { INTERCEPTOR(void *, _Znwm, size_t size) {
OPERATOR_NEW_BODY(FROM_NEW); OPERATOR_NEW_BODY(FROM_NEW, false /*nothrow*/);
} }
INTERCEPTOR(void *, _Znam, size_t size) { INTERCEPTOR(void *, _Znam, size_t size) {
OPERATOR_NEW_BODY(FROM_NEW_BR); OPERATOR_NEW_BODY(FROM_NEW_BR, false /*nothrow*/);
} }
INTERCEPTOR(void *, _ZnwmRKSt9nothrow_t, size_t size, std::nothrow_t const&) { INTERCEPTOR(void *, _ZnwmRKSt9nothrow_t, size_t size, std::nothrow_t const&) {
OPERATOR_NEW_BODY(FROM_NEW); OPERATOR_NEW_BODY(FROM_NEW, true /*nothrow*/);
} }
INTERCEPTOR(void *, _ZnamRKSt9nothrow_t, size_t size, std::nothrow_t const&) { INTERCEPTOR(void *, _ZnamRKSt9nothrow_t, size_t size, std::nothrow_t const&) {
OPERATOR_NEW_BODY(FROM_NEW_BR); OPERATOR_NEW_BODY(FROM_NEW_BR, true /*nothrow*/);
} }
#endif #endif
#define OPERATOR_DELETE_BODY(type) \ #define OPERATOR_DELETE_BODY(type) \
GET_STACK_TRACE_FREE;\ GET_STACK_TRACE_FREE;\
asan_free(ptr, &stack, type); asan_free(ptr, &stack, type);
#if !SANITIZER_MAC #if !SANITIZER_MAC
▲ Show 20 LinesShow All 67 LinesShow Last 20 Lines

lib/lsan/lsan_interceptors.cc

Show First 20 LinesShow All 193 Lines▼ Show 20 LinesINTERCEPTOR(int, mcheck_pedantic, void (*abortfunc)(int mstatus)) {
return 0; return 0;
} }
INTERCEPTOR(int, mprobe, void *ptr) { INTERCEPTOR(int, mprobe, void *ptr) {
return 0; return 0;
} }
#endif // SANITIZER_INTERCEPT_MCHECK_MPROBE #endif // SANITIZER_INTERCEPT_MCHECK_MPROBE
#define OPERATOR_NEW_BODY \ // TODO(alekseys): throw std::bad_alloc instead of dying on OOM.
#define OPERATOR_NEW_BODY(nothrow) \
ENSURE_LSAN_INITED; \ ENSURE_LSAN_INITED; \
GET_STACK_TRACE_MALLOC; \ GET_STACK_TRACE_MALLOC; \
return Allocate(stack, size, 1, kAlwaysClearMemory); void *res = Allocate(stack, size, 1, kAlwaysClearMemory);\
if (!nothrow && UNLIKELY(!res)) DieOnFailure::OnOOM();\
return res;
INTERCEPTOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
void *operator new(size_t size) { OPERATOR_NEW_BODY; } void *operator new(size_t size) { OPERATOR_NEW_BODY(false /*nothrow*/); }
INTERCEPTOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
void *operator new[](size_t size) { OPERATOR_NEW_BODY; } void *operator new[](size_t size) { OPERATOR_NEW_BODY(false /*nothrow*/); }
INTERCEPTOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
void *operator new(size_t size, std::nothrow_t const&) { OPERATOR_NEW_BODY; } void *operator new(size_t size, std::nothrow_t const&) {
OPERATOR_NEW_BODY(true /*nothrow*/);
}
INTERCEPTOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
void *operator new[](size_t size, std::nothrow_t const&) { OPERATOR_NEW_BODY; } void *operator new[](size_t size, std::nothrow_t const&) {
OPERATOR_NEW_BODY(true /*nothrow*/);
}
#define OPERATOR_DELETE_BODY \ #define OPERATOR_DELETE_BODY \
ENSURE_LSAN_INITED; \ ENSURE_LSAN_INITED; \
Deallocate(ptr); Deallocate(ptr);
INTERCEPTOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
void operator delete(void *ptr) NOEXCEPT { OPERATOR_DELETE_BODY; } void operator delete(void *ptr) NOEXCEPT { OPERATOR_DELETE_BODY; }
INTERCEPTOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
▲ Show 20 LinesShow All 124 LinesShow Last 20 Lines

lib/msan/msan_new_delete.cc

//===-- msan_new_delete.cc ------------------------------------------------===// //===-- msan_new_delete.cc ------------------------------------------------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This file is a part of MemorySanitizer. // This file is a part of MemorySanitizer.
// //
// Interceptors for operators new and delete. // Interceptors for operators new and delete.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "msan.h" #include "msan.h"
#include "interception/interception.h" #include "interception/interception.h"
#include "sanitizer_common/sanitizer_allocator.h"
#if MSAN_REPLACE_OPERATORS_NEW_AND_DELETE #if MSAN_REPLACE_OPERATORS_NEW_AND_DELETE
#include <stddef.h> #include <stddef.h>
using namespace __msan; // NOLINT using namespace __msan; // NOLINT
// Fake std::nothrow_t to avoid including <new>. // Fake std::nothrow_t to avoid including <new>.
namespace std { namespace std {
struct nothrow_t {}; struct nothrow_t {};
} // namespace std } // namespace std
#define OPERATOR_NEW_BODY \ // TODO(alekseys): throw std::bad_alloc instead of dying on OOM.
#define OPERATOR_NEW_BODY(nothrow) \
GET_MALLOC_STACK_TRACE; \ GET_MALLOC_STACK_TRACE; \
return MsanReallocate(&stack, 0, size, sizeof(u64), false) void *res = MsanReallocate(&stack, 0, size, sizeof(u64), false);\
if (!nothrow && UNLIKELY(!res)) DieOnFailure::OnOOM();\
return res
INTERCEPTOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
void *operator new(size_t size) { OPERATOR_NEW_BODY; } void *operator new(size_t size) { OPERATOR_NEW_BODY(false /*nothrow*/); }
INTERCEPTOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
void *operator new[](size_t size) { OPERATOR_NEW_BODY; } void *operator new[](size_t size) { OPERATOR_NEW_BODY(false /*nothrow*/); }
INTERCEPTOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
void *operator new(size_t size, std::nothrow_t const&) { OPERATOR_NEW_BODY; } void *operator new(size_t size, std::nothrow_t const&) {
OPERATOR_NEW_BODY(true /*nothrow*/);
}
INTERCEPTOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
void *operator new[](size_t size, std::nothrow_t const&) { OPERATOR_NEW_BODY; } void *operator new[](size_t size, std::nothrow_t const&) {
OPERATOR_NEW_BODY(true /*nothrow*/);
}
#define OPERATOR_DELETE_BODY \ #define OPERATOR_DELETE_BODY \
GET_MALLOC_STACK_TRACE; \ GET_MALLOC_STACK_TRACE; \
if (ptr) MsanDeallocate(&stack, ptr) if (ptr) MsanDeallocate(&stack, ptr)
INTERCEPTOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
void operator delete(void *ptr) NOEXCEPT { OPERATOR_DELETE_BODY; } void operator delete(void *ptr) NOEXCEPT { OPERATOR_DELETE_BODY; }
INTERCEPTOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
Show All 9 Lines

lib/sanitizer_common/sanitizer_allocator.h

Show All 33 Lines
// Implements AllocatorMayReturnNull policy, returns null when the flag is set, // Implements AllocatorMayReturnNull policy, returns null when the flag is set,
// dies otherwise. // dies otherwise.
struct ReturnNullOrDieOnFailure { struct ReturnNullOrDieOnFailure {
static void *OnBadRequest(); static void *OnBadRequest();
static void *OnOOM(); static void *OnOOM();
}; };
// Always dies on the failure. // Always dies on the failure.
struct DieOnFailure { struct DieOnFailure {
static void *OnBadRequest(); static void NORETURN *OnBadRequest();
static void *OnOOM(); static void NORETURN *OnOOM();
}; };
// Returns true if allocator detected OOM condition. Can be used to avoid memory // Returns true if allocator detected OOM condition. Can be used to avoid memory
// hungry operations. Set when AllocatorReturnNullOrDieOnOOM() is called. // hungry operations. Set when AllocatorReturnNullOrDieOnOOM() is called.
bool IsAllocatorOutOfMemory(); bool IsAllocatorOutOfMemory();
// Allocators call these callbacks on mmap/munmap. // Allocators call these callbacks on mmap/munmap.
struct NoOpMapUnmapCallback { struct NoOpMapUnmapCallback {
Show All 22 Lines

lib/sanitizer_common/sanitizer_allocator.cc

Show First 20 LinesShow All 240 Lines▼ Show 20 Lines
void *ReturnNullOrDieOnFailure::OnOOM() { void *ReturnNullOrDieOnFailure::OnOOM() {
atomic_store_relaxed(&allocator_out_of_memory, 1); atomic_store_relaxed(&allocator_out_of_memory, 1);
if (AllocatorMayReturnNull()) if (AllocatorMayReturnNull())
return nullptr; return nullptr;
ReportAllocatorCannotReturnNull(); ReportAllocatorCannotReturnNull();
} }
void *DieOnFailure::OnBadRequest() { void NORETURN *DieOnFailure::OnBadRequest() {
ReportAllocatorCannotReturnNull(); ReportAllocatorCannotReturnNull();
} }
void *DieOnFailure::OnOOM() { void NORETURN *DieOnFailure::OnOOM() {
atomic_store_relaxed(&allocator_out_of_memory, 1); atomic_store_relaxed(&allocator_out_of_memory, 1);
ReportAllocatorCannotReturnNull(); ReportAllocatorCannotReturnNull();
} }
} // namespace __sanitizer } // namespace __sanitizer

lib/scudo/scudo_new_delete.cpp

Show All 20 Lines
#define CXX_OPERATOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE #define CXX_OPERATOR_ATTRIBUTE INTERCEPTOR_ATTRIBUTE
// Fake std::nothrow_t to avoid including <new>. // Fake std::nothrow_t to avoid including <new>.
namespace std { namespace std {
struct nothrow_t {}; struct nothrow_t {};
} // namespace std } // namespace std
// TODO(alekseys): throw std::bad_alloc instead of dying on OOM.
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void *operator new(size_t size) { void *operator new(size_t size) {
return scudoMalloc(size, FromNew); void *res = scudoMalloc(size, FromNew);
if (UNLIKELY(!res)) DieOnFailure::OnOOM();
cryptoadUnsubmitted
Done
ReplyInline Actions

Thanks for doing those changes on Scudo as well.
Would it possible to get mark the failure branches as UNLIKELY? (at least the ones in Scudo).

cryptoad: Thanks for doing those changes on Scudo as well. Would it possible to get mark the failure…
return res;
} }
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void *operator new[](size_t size) { void *operator new[](size_t size) {
return scudoMalloc(size, FromNewArray); void *res = scudoMalloc(size, FromNewArray);
if (UNLIKELY(!res)) DieOnFailure::OnOOM();
return res;
} }
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void *operator new(size_t size, std::nothrow_t const&) { void *operator new(size_t size, std::nothrow_t const&) {
return scudoMalloc(size, FromNew); return scudoMalloc(size, FromNew);
} }
CXX_OPERATOR_ATTRIBUTE CXX_OPERATOR_ATTRIBUTE
void *operator new[](size_t size, std::nothrow_t const&) { void *operator new[](size_t size, std::nothrow_t const&) {
return scudoMalloc(size, FromNewArray); return scudoMalloc(size, FromNewArray);
Show All 26 Lines

lib/tsan/rtl/tsan_new_delete.cc

//===-- tsan_new_delete.cc ----------------------------------------------===// //===-- tsan_new_delete.cc ----------------------------------------------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This file is a part of ThreadSanitizer (TSan), a race detector. // This file is a part of ThreadSanitizer (TSan), a race detector.
// //
// Interceptors for operators new and delete. // Interceptors for operators new and delete.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "interception/interception.h" #include "interception/interception.h"
#include "sanitizer_common/sanitizer_allocator.h"
#include "sanitizer_common/sanitizer_internal_defs.h" #include "sanitizer_common/sanitizer_internal_defs.h"
#include "tsan_interceptors.h" #include "tsan_interceptors.h"
using namespace __tsan; // NOLINT using namespace __tsan; // NOLINT
namespace std { namespace std {
struct nothrow_t {}; struct nothrow_t {};
} // namespace std } // namespace std
DECLARE_REAL(void *, malloc, uptr size) DECLARE_REAL(void *, malloc, uptr size)
DECLARE_REAL(void, free, void *ptr) DECLARE_REAL(void, free, void *ptr)
#define OPERATOR_NEW_BODY(mangled_name) \ // TODO(alekseys): throw std::bad_alloc instead of dying on OOM.
#define OPERATOR_NEW_BODY(mangled_name, nothrow) \
if (cur_thread()->in_symbolizer) \ if (cur_thread()->in_symbolizer) \
return InternalAlloc(size); \ return InternalAlloc(size); \
void *p = 0; \ void *p = 0; \
{ \ { \
SCOPED_INTERCEPTOR_RAW(mangled_name, size); \ SCOPED_INTERCEPTOR_RAW(mangled_name, size); \
p = user_alloc(thr, pc, size); \ p = user_alloc(thr, pc, size); \
if (!nothrow && UNLIKELY(!p)) DieOnFailure::OnOOM(); \
} \ } \
invoke_malloc_hook(p, size); \ invoke_malloc_hook(p, size); \
return p; return p;
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void *operator new(__sanitizer::uptr size); void *operator new(__sanitizer::uptr size);
void *operator new(__sanitizer::uptr size) { void *operator new(__sanitizer::uptr size) {
OPERATOR_NEW_BODY(_Znwm); OPERATOR_NEW_BODY(_Znwm, false /*nothrow*/);
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void *operator new[](__sanitizer::uptr size); void *operator new[](__sanitizer::uptr size);
void *operator new[](__sanitizer::uptr size) { void *operator new[](__sanitizer::uptr size) {
OPERATOR_NEW_BODY(_Znam); OPERATOR_NEW_BODY(_Znam, false /*nothrow*/);
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void *operator new(__sanitizer::uptr size, std::nothrow_t const&); void *operator new(__sanitizer::uptr size, std::nothrow_t const&);
void *operator new(__sanitizer::uptr size, std::nothrow_t const&) { void *operator new(__sanitizer::uptr size, std::nothrow_t const&) {
OPERATOR_NEW_BODY(_ZnwmRKSt9nothrow_t); OPERATOR_NEW_BODY(_ZnwmRKSt9nothrow_t, true /*nothrow*/);
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void *operator new[](__sanitizer::uptr size, std::nothrow_t const&); void *operator new[](__sanitizer::uptr size, std::nothrow_t const&);
void *operator new[](__sanitizer::uptr size, std::nothrow_t const&) { void *operator new[](__sanitizer::uptr size, std::nothrow_t const&) {
OPERATOR_NEW_BODY(_ZnamRKSt9nothrow_t); OPERATOR_NEW_BODY(_ZnamRKSt9nothrow_t, true /*nothrow*/);
} }
#define OPERATOR_DELETE_BODY(mangled_name) \ #define OPERATOR_DELETE_BODY(mangled_name) \
if (ptr == 0) return; \ if (ptr == 0) return; \
if (cur_thread()->in_symbolizer) \ if (cur_thread()->in_symbolizer) \
return InternalFree(ptr); \ return InternalFree(ptr); \
invoke_free_hook(ptr); \ invoke_free_hook(ptr); \
SCOPED_INTERCEPTOR_RAW(mangled_name, ptr); \ SCOPED_INTERCEPTOR_RAW(mangled_name, ptr); \
Show All 25 Lines

test/asan/TestCases/allocator_returns_null.cc

// Test the behavior of malloc/calloc/realloc when the allocation size is huge. // Test the behavior of malloc/calloc/realloc/new when the allocation size is
// more than ASan allocator's max allowed one.
// By default (allocator_may_return_null=0) the process should crash. // By default (allocator_may_return_null=0) the process should crash.
// With allocator_may_return_null=1 the allocator should return 0. // With allocator_may_return_null=1 the allocator should return 0, except the
// operator new(), which should crash anyway (operator new(std::nothrow) should
// return nullptr, indeed).
// //
// RUN: %clangxx_asan -O0 %s -o %t // RUN: %clangxx_asan -O0 %s -o %t
// RUN: not %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH // RUN: not %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH
// RUN: %env_asan_opts=allocator_may_return_null=0 not %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH // RUN: %env_asan_opts=allocator_may_return_null=0 not %run %t malloc 2>&1 \
// RUN: %env_asan_opts=allocator_may_return_null=1 %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mNULL // RUN: | FileCheck %s --check-prefix=CHECK-mCRASH
// RUN: %env_asan_opts=allocator_may_return_null=0 not %run %t calloc 2>&1 | FileCheck %s --check-prefix=CHECK-cCRASH // RUN: %env_asan_opts=allocator_may_return_null=1 %run %t malloc 2>&1 \
// RUN: %env_asan_opts=allocator_may_return_null=1 %run %t calloc 2>&1 | FileCheck %s --check-prefix=CHECK-cNULL // RUN: | FileCheck %s --check-prefix=CHECK-mNULL
// RUN: %env_asan_opts=allocator_may_return_null=0 not %run %t calloc-overflow 2>&1 | FileCheck %s --check-prefix=CHECK-coCRASH // RUN: %env_asan_opts=allocator_may_return_null=0 not %run %t calloc 2>&1 \
// RUN: %env_asan_opts=allocator_may_return_null=1 %run %t calloc-overflow 2>&1 | FileCheck %s --check-prefix=CHECK-coNULL // RUN: | FileCheck %s --check-prefix=CHECK-cCRASH
// RUN: %env_asan_opts=allocator_may_return_null=0 not %run %t realloc 2>&1 | FileCheck %s --check-prefix=CHECK-rCRASH // RUN: %env_asan_opts=allocator_may_return_null=1 %run %t calloc 2>&1 \
// RUN: %env_asan_opts=allocator_may_return_null=1 %run %t realloc 2>&1 | FileCheck %s --check-prefix=CHECK-rNULL // RUN: | FileCheck %s --check-prefix=CHECK-cNULL
// RUN: %env_asan_opts=allocator_may_return_null=0 not %run %t realloc-after-malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mrCRASH // RUN: %env_asan_opts=allocator_may_return_null=0 not %run %t calloc-overflow 2>&1 \
// RUN: %env_asan_opts=allocator_may_return_null=1 %run %t realloc-after-malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mrNULL // RUN: | FileCheck %s --check-prefix=CHECK-coCRASH
// RUN: %env_asan_opts=allocator_may_return_null=1 %run %t calloc-overflow 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-coNULL
// RUN: %env_asan_opts=allocator_may_return_null=0 not %run %t realloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-rCRASH
// RUN: %env_asan_opts=allocator_may_return_null=1 %run %t realloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-rNULL
// RUN: %env_asan_opts=allocator_may_return_null=0 not %run %t realloc-after-malloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-mrCRASH
// RUN: %env_asan_opts=allocator_may_return_null=1 %run %t realloc-after-malloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-mrNULL
// RUN: %env_asan_opts=allocator_may_return_null=0 not %run %t new 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nCRASH
// RUN: %env_asan_opts=allocator_may_return_null=1 not %run %t new 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nCRASH
// RUN: %env_asan_opts=allocator_may_return_null=0 not %run %t new-nothrow 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nnCRASH
// RUN: %env_asan_opts=allocator_may_return_null=1 %run %t new-nothrow 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nnNULL
#include <limits.h> #include <assert.h>
#include <stdlib.h>
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <assert.h> #include <stdlib.h>
#include <limits> #include <limits>
#include <new>
int main(int argc, char **argv) { int main(int argc, char **argv) {
// Disable stderr buffering. Needed on Windows. // Disable stderr buffering. Needed on Windows.
setvbuf(stderr, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0);
volatile size_t size = std::numeric_limits<size_t>::max() - 10000;
assert(argc == 2); assert(argc == 2);
void *x = 0; const char *action = argv[1];
if (!strcmp(argv[1], "malloc")) { fprintf(stderr, "%s:\n", action);
fprintf(stderr, "malloc:\n");
x = malloc(size);
}
if (!strcmp(argv[1], "calloc")) {
fprintf(stderr, "calloc:\n");
x = calloc(size / 4, 4);
}
if (!strcmp(argv[1], "calloc-overflow")) { static const size_t kMaxAllowedMallocSizePlusOne =
fprintf(stderr, "calloc-overflow:\n"); #if __LP64__ || defined(_WIN64)
(1ULL << 40) + 1;
#else
(3UL << 30) + 1;
#endif
void *x = 0;
if (!strcmp(action, "malloc")) {
x = malloc(kMaxAllowedMallocSizePlusOne);
} else if (!strcmp(action, "calloc")) {
x = calloc((kMaxAllowedMallocSizePlusOne / 4) + 1, 4);
} else if (!strcmp(action, "calloc-overflow")) {
volatile size_t kMaxSizeT = std::numeric_limits<size_t>::max(); volatile size_t kMaxSizeT = std::numeric_limits<size_t>::max();
size_t kArraySize = 4096; size_t kArraySize = 4096;
volatile size_t kArraySize2 = kMaxSizeT / kArraySize + 10; volatile size_t kArraySize2 = kMaxSizeT / kArraySize + 10;
x = calloc(kArraySize, kArraySize2); x = calloc(kArraySize, kArraySize2);
} } else if (!strcmp(action, "realloc")) {
x = realloc(0, kMaxAllowedMallocSizePlusOne);
if (!strcmp(argv[1], "realloc")) { } else if (!strcmp(action, "realloc-after-malloc")) {
fprintf(stderr, "realloc:\n");
x = realloc(0, size);
}
if (!strcmp(argv[1], "realloc-after-malloc")) {
fprintf(stderr, "realloc-after-malloc:\n");
char *t = (char*)malloc(100); char *t = (char*)malloc(100);
*t = 42; *t = 42;
x = realloc(t, size); x = realloc(t, kMaxAllowedMallocSizePlusOne);
assert(*t == 42); assert(*t == 42);
free(t); free(t);
} else if (!strcmp(action, "new")) {
x = operator new(kMaxAllowedMallocSizePlusOne);
} else if (!strcmp(action, "new-nothrow")) {
x = operator new(kMaxAllowedMallocSizePlusOne, std::nothrow);
} else {
assert(0);
} }
// The NULL pointer is printed differently on different systems, while (long)0 // The NULL pointer is printed differently on different systems, while (long)0
// is always the same. // is always the same.
fprintf(stderr, "x: %lx\n", (long)x); fprintf(stderr, "x: %lx\n", (long)x);
free(x); free(x);
return x != 0; return x != 0;
} }
// CHECK-mCRASH: malloc: // CHECK-mCRASH: malloc:
// CHECK-mCRASH: AddressSanitizer's allocator is terminating the process // CHECK-mCRASH: AddressSanitizer's allocator is terminating the process
// CHECK-cCRASH: calloc: // CHECK-cCRASH: calloc:
// CHECK-cCRASH: AddressSanitizer's allocator is terminating the process // CHECK-cCRASH: AddressSanitizer's allocator is terminating the process
// CHECK-coCRASH: calloc-overflow: // CHECK-coCRASH: calloc-overflow:
// CHECK-coCRASH: AddressSanitizer's allocator is terminating the process // CHECK-coCRASH: AddressSanitizer's allocator is terminating the process
// CHECK-rCRASH: realloc: // CHECK-rCRASH: realloc:
// CHECK-rCRASH: AddressSanitizer's allocator is terminating the process // CHECK-rCRASH: AddressSanitizer's allocator is terminating the process
// CHECK-mrCRASH: realloc-after-malloc: // CHECK-mrCRASH: realloc-after-malloc:
// CHECK-mrCRASH: AddressSanitizer's allocator is terminating the process // CHECK-mrCRASH: AddressSanitizer's allocator is terminating the process
// CHECK-nCRASH: new:
// CHECK-nCRASH: AddressSanitizer's allocator is terminating the process
// CHECK-nnCRASH: new-nothrow:
// CHECK-nnCRASH: AddressSanitizer's allocator is terminating the process
// CHECK-mNULL: malloc: // CHECK-mNULL: malloc:
// CHECK-mNULL: x: 0 // CHECK-mNULL: x: 0
// CHECK-cNULL: calloc: // CHECK-cNULL: calloc:
// CHECK-cNULL: x: 0 // CHECK-cNULL: x: 0
// CHECK-coNULL: calloc-overflow: // CHECK-coNULL: calloc-overflow:
// CHECK-coNULL: x: 0 // CHECK-coNULL: x: 0
// CHECK-rNULL: realloc: // CHECK-rNULL: realloc:
// CHECK-rNULL: x: 0 // CHECK-rNULL: x: 0
// CHECK-mrNULL: realloc-after-malloc: // CHECK-mrNULL: realloc-after-malloc:
// CHECK-mrNULL: x: 0 // CHECK-mrNULL: x: 0
// CHECK-nnNULL: new-nothrow:
// CHECK-nnNULL: x: 0

test/msan/allocator_returns_null.cc

// Test the behavior of malloc/calloc/realloc when the allocation size is huge. // Test the behavior of malloc/calloc/realloc/new when the allocation size is
// more than MSan allocator's max allowed one.
// By default (allocator_may_return_null=0) the process should crash. // By default (allocator_may_return_null=0) the process should crash.
// With allocator_may_return_null=1 the allocator should return 0. // With allocator_may_return_null=1 the allocator should return 0, except the
// operator new(), which should crash anyway (operator new(std::nothrow) should
// return nullptr, indeed).
// //
// RUN: %clangxx_msan -O0 %s -o %t // RUN: %clangxx_msan -O0 %s -o %t
// RUN: not %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH // RUN: not %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH
// RUN: MSAN_OPTIONS=allocator_may_return_null=0 not %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH // RUN: MSAN_OPTIONS=allocator_may_return_null=0 not %run %t malloc 2>&1 \
// RUN: MSAN_OPTIONS=allocator_may_return_null=1 %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mNULL // RUN: | FileCheck %s --check-prefix=CHECK-mCRASH
// RUN: MSAN_OPTIONS=allocator_may_return_null=0 not %run %t calloc 2>&1 | FileCheck %s --check-prefix=CHECK-cCRASH // RUN: MSAN_OPTIONS=allocator_may_return_null=1 %run %t malloc 2>&1 \
// RUN: MSAN_OPTIONS=allocator_may_return_null=1 %run %t calloc 2>&1 | FileCheck %s --check-prefix=CHECK-cNULL // RUN: | FileCheck %s --check-prefix=CHECK-mNULL
// RUN: MSAN_OPTIONS=allocator_may_return_null=0 not %run %t calloc-overflow 2>&1 | FileCheck %s --check-prefix=CHECK-coCRASH // RUN: MSAN_OPTIONS=allocator_may_return_null=0 not %run %t calloc 2>&1 \
// RUN: MSAN_OPTIONS=allocator_may_return_null=1 %run %t calloc-overflow 2>&1 | FileCheck %s --check-prefix=CHECK-coNULL // RUN: | FileCheck %s --check-prefix=CHECK-cCRASH
// RUN: MSAN_OPTIONS=allocator_may_return_null=0 not %run %t realloc 2>&1 | FileCheck %s --check-prefix=CHECK-rCRASH // RUN: MSAN_OPTIONS=allocator_may_return_null=1 %run %t calloc 2>&1 \
// RUN: MSAN_OPTIONS=allocator_may_return_null=1 %run %t realloc 2>&1 | FileCheck %s --check-prefix=CHECK-rNULL // RUN: | FileCheck %s --check-prefix=CHECK-cNULL
// RUN: MSAN_OPTIONS=allocator_may_return_null=0 not %run %t realloc-after-malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mrCRASH // RUN: MSAN_OPTIONS=allocator_may_return_null=0 not %run %t calloc-overflow 2>&1 \
// RUN: MSAN_OPTIONS=allocator_may_return_null=1 %run %t realloc-after-malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mrNULL // RUN: | FileCheck %s --check-prefix=CHECK-coCRASH
// RUN: MSAN_OPTIONS=allocator_may_return_null=1 %run %t calloc-overflow 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-coNULL
// RUN: MSAN_OPTIONS=allocator_may_return_null=0 not %run %t realloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-rCRASH
// RUN: MSAN_OPTIONS=allocator_may_return_null=1 %run %t realloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-rNULL
// RUN: MSAN_OPTIONS=allocator_may_return_null=0 not %run %t realloc-after-malloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-mrCRASH
// RUN: MSAN_OPTIONS=allocator_may_return_null=1 %run %t realloc-after-malloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-mrNULL
// RUN: MSAN_OPTIONS=allocator_may_return_null=0 not %run %t new 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nCRASH
// RUN: MSAN_OPTIONS=allocator_may_return_null=1 not %run %t new 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nCRASH
// RUN: MSAN_OPTIONS=allocator_may_return_null=0 not %run %t new-nothrow 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nnCRASH
// RUN: MSAN_OPTIONS=allocator_may_return_null=1 %run %t new-nothrow 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nnNULL
#include <limits.h>
#include <stdlib.h> #include <assert.h>
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <assert.h> #include <stdlib.h>
#include <limits> #include <limits>
#include <new>
int main(int argc, char **argv) { int main(int argc, char **argv) {
volatile size_t size = std::numeric_limits<size_t>::max() - 10000; // Disable stderr buffering. Needed on Windows.
setvbuf(stderr, NULL, _IONBF, 0);
assert(argc == 2); assert(argc == 2);
char *x = 0; const char *action = argv[1];
if (!strcmp(argv[1], "malloc")) { fprintf(stderr, "%s:\n", action);
fprintf(stderr, "malloc:\n");
x = (char*)malloc(size); static const size_t kMaxAllowedMallocSizePlusOne =
} #if __LP64__ || defined(_WIN64)
if (!strcmp(argv[1], "calloc")) { (8UL << 30) + 1;
fprintf(stderr, "calloc:\n"); #else
x = (char*)calloc(size / 4, 4); (2UL << 30) + 1;
} #endif
if (!strcmp(argv[1], "calloc-overflow")) { void *x = 0;
fprintf(stderr, "calloc-overflow:\n"); if (!strcmp(action, "malloc")) {
x = malloc(kMaxAllowedMallocSizePlusOne);
} else if (!strcmp(action, "calloc")) {
x = calloc((kMaxAllowedMallocSizePlusOne / 4) + 1, 4);
} else if (!strcmp(action, "calloc-overflow")) {
volatile size_t kMaxSizeT = std::numeric_limits<size_t>::max(); volatile size_t kMaxSizeT = std::numeric_limits<size_t>::max();
size_t kArraySize = 4096; size_t kArraySize = 4096;
volatile size_t kArraySize2 = kMaxSizeT / kArraySize + 10; volatile size_t kArraySize2 = kMaxSizeT / kArraySize + 10;
x = (char*)calloc(kArraySize, kArraySize2); x = calloc(kArraySize, kArraySize2);
} } else if (!strcmp(action, "realloc")) {
x = realloc(0, kMaxAllowedMallocSizePlusOne);
if (!strcmp(argv[1], "realloc")) { } else if (!strcmp(action, "realloc-after-malloc")) {
fprintf(stderr, "realloc:\n");
x = (char*)realloc(0, size);
}
if (!strcmp(argv[1], "realloc-after-malloc")) {
fprintf(stderr, "realloc-after-malloc:\n");
char *t = (char*)malloc(100); char *t = (char*)malloc(100);
*t = 42; *t = 42;
x = (char*)realloc(t, size); x = realloc(t, kMaxAllowedMallocSizePlusOne);
assert(*t == 42); assert(*t == 42);
free(t);
} else if (!strcmp(action, "new")) {
x = operator new(kMaxAllowedMallocSizePlusOne);
} else if (!strcmp(action, "new-nothrow")) {
x = operator new(kMaxAllowedMallocSizePlusOne, std::nothrow);
} else {
assert(0);
} }
// The NULL pointer is printed differently on different systems, while (long)0 // The NULL pointer is printed differently on different systems, while (long)0
// is always the same. // is always the same.
fprintf(stderr, "x: %lx\n", (long)x); fprintf(stderr, "x: %lx\n", (long)x);
free(x);
return x != 0; return x != 0;
} }
// CHECK-mCRASH: malloc: // CHECK-mCRASH: malloc:
// CHECK-mCRASH: MemorySanitizer's allocator is terminating the process // CHECK-mCRASH: MemorySanitizer's allocator is terminating the process
// CHECK-cCRASH: calloc: // CHECK-cCRASH: calloc:
// CHECK-cCRASH: MemorySanitizer's allocator is terminating the process // CHECK-cCRASH: MemorySanitizer's allocator is terminating the process
// CHECK-coCRASH: calloc-overflow: // CHECK-coCRASH: calloc-overflow:
// CHECK-coCRASH: MemorySanitizer's allocator is terminating the process // CHECK-coCRASH: MemorySanitizer's allocator is terminating the process
// CHECK-rCRASH: realloc: // CHECK-rCRASH: realloc:
// CHECK-rCRASH: MemorySanitizer's allocator is terminating the process // CHECK-rCRASH: MemorySanitizer's allocator is terminating the process
// CHECK-mrCRASH: realloc-after-malloc: // CHECK-mrCRASH: realloc-after-malloc:
// CHECK-mrCRASH: MemorySanitizer's allocator is terminating the process // CHECK-mrCRASH: MemorySanitizer's allocator is terminating the process
// CHECK-nCRASH: new:
// CHECK-nCRASH: MemorySanitizer's allocator is terminating the process
// CHECK-nnCRASH: new-nothrow:
// CHECK-nnCRASH: MemorySanitizer's allocator is terminating the process
// CHECK-mNULL: malloc: // CHECK-mNULL: malloc:
// CHECK-mNULL: x: 0 // CHECK-mNULL: x: 0
// CHECK-cNULL: calloc: // CHECK-cNULL: calloc:
// CHECK-cNULL: x: 0 // CHECK-cNULL: x: 0
// CHECK-coNULL: calloc-overflow: // CHECK-coNULL: calloc-overflow:
// CHECK-coNULL: x: 0 // CHECK-coNULL: x: 0
// CHECK-rNULL: realloc: // CHECK-rNULL: realloc:
// CHECK-rNULL: x: 0 // CHECK-rNULL: x: 0
// CHECK-mrNULL: realloc-after-malloc: // CHECK-mrNULL: realloc-after-malloc:
// CHECK-mrNULL: x: 0 // CHECK-mrNULL: x: 0
// CHECK-nnNULL: new-nothrow:
// CHECK-nnNULL: x: 0

test/scudo/sizes.cpp

// RUN: %clang_scudo %s -o %t // RUN: %clang_scudo %s -lstdc++ -o %t
// RUN: SCUDO_OPTIONS=allocator_may_return_null=0 not %run %t malloc 2>&1 | FileCheck %s // RUN: SCUDO_OPTIONS=allocator_may_return_null=0 not %run %t malloc 2>&1 | FileCheck %s
// RUN: SCUDO_OPTIONS=allocator_may_return_null=1 %run %t malloc 2>&1 // RUN: SCUDO_OPTIONS=allocator_may_return_null=1 %run %t malloc 2>&1
// RUN: SCUDO_OPTIONS=allocator_may_return_null=0 not %run %t calloc 2>&1 | FileCheck %s // RUN: SCUDO_OPTIONS=allocator_may_return_null=0 not %run %t calloc 2>&1 | FileCheck %s
// RUN: SCUDO_OPTIONS=allocator_may_return_null=1 %run %t calloc 2>&1 // RUN: SCUDO_OPTIONS=allocator_may_return_null=1 %run %t calloc 2>&1
// RUN: SCUDO_OPTIONS=allocator_may_return_null=0 not %run %t new 2>&1 | FileCheck %s
// RUN: SCUDO_OPTIONS=allocator_may_return_null=1 not %run %t new 2>&1 | FileCheck %s
// RUN: SCUDO_OPTIONS=allocator_may_return_null=0 not %run %t new-nothrow 2>&1 | FileCheck %s
// RUN: SCUDO_OPTIONS=allocator_may_return_null=1 %run %t new-nothrow 2>&1
// RUN: %run %t usable 2>&1 // RUN: %run %t usable 2>&1
// Tests for various edge cases related to sizes, notably the maximum size the // Tests for various edge cases related to sizes, notably the maximum size the
// allocator can allocate. Tests that an integer overflow in the parameters of // allocator can allocate. Tests that an integer overflow in the parameters of
// calloc is caught. // calloc is caught.
#include <assert.h> #include <assert.h>
#include <malloc.h> #include <malloc.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <limits> #include <limits>
#include <new>
int main(int argc, char **argv) int main(int argc, char **argv) {
{
assert(argc == 2); assert(argc == 2);
if (!strcmp(argv[1], "malloc")) { const char *action = argv[1];
// Currently the maximum size the allocator can allocate is 1ULL<<40 bytes. fprintf(stderr, "%s:\n", action);
size_t size = std::numeric_limits<size_t>::max();
void *p = malloc(size); #if __LP64__ || defined(_WIN64)
static const size_t kMaxAllowedMallocSize = 1ULL << 40;
static const size_t kChunkHeaderSize = 16;
#else
static const size_t kMaxAllowedMallocSize = 2UL << 30;
static const size_t kChunkHeaderSize = 8;
#endif
if (!strcmp(action, "malloc")) {
void *p = malloc(kMaxAllowedMallocSize);
assert(!p); assert(!p);
size = (1ULL << 40) - 16; p = malloc(kMaxAllowedMallocSize - kChunkHeaderSize);
p = malloc(size);
assert(!p); assert(!p);
} } else if (!strcmp(action, "calloc")) {
if (!strcmp(argv[1], "calloc")) {
// Trigger an overflow in calloc. // Trigger an overflow in calloc.
size_t size = std::numeric_limits<size_t>::max(); size_t size = std::numeric_limits<size_t>::max();
void *p = calloc((size / 0x1000) + 1, 0x1000); void *p = calloc((size / 0x1000) + 1, 0x1000);
assert(!p); assert(!p);
} } else if (!strcmp(action, "new")) {
if (!strcmp(argv[1], "usable")) { void *p = operator new(kMaxAllowedMallocSize);
assert(!p);
} else if (!strcmp(action, "new-nothrow")) {
void *p = operator new(kMaxAllowedMallocSize, std::nothrow);
assert(!p);
} else if (!strcmp(action, "usable")) {
// Playing with the actual usable size of a chunk. // Playing with the actual usable size of a chunk.
void *p = malloc(1007); void *p = malloc(1007);
assert(p); assert(p);
size_t size = malloc_usable_size(p); size_t size = malloc_usable_size(p);
assert(size >= 1007); assert(size >= 1007);
memset(p, 'A', size); memset(p, 'A', size);
p = realloc(p, 2014); p = realloc(p, 2014);
assert(p); assert(p);
size = malloc_usable_size(p); size = malloc_usable_size(p);
assert(size >= 2014); assert(size >= 2014);
memset(p, 'B', size); memset(p, 'B', size);
free(p); free(p);
} else {
assert(0);
} }
return 0; return 0;
} }
// CHECK: allocator is terminating the process // CHECK: allocator is terminating the process

test/tsan/allocator_returns_null.cc

// Test the behavior of malloc/calloc/realloc when the allocation size is huge. // Test the behavior of malloc/calloc/realloc/new when the allocation size is
// more than TSan allocator's max allowed one.
// By default (allocator_may_return_null=0) the process should crash. // By default (allocator_may_return_null=0) the process should crash.
// With allocator_may_return_null=1 the allocator should return 0. // With allocator_may_return_null=1 the allocator should return 0, except the
// operator new(), which should crash anyway (operator new(std::nothrow) should
// return nullptr, indeed).
// //
// RUN: %clangxx_tsan -O0 %s -o %t // RUN: %clangxx_tsan -O0 %s -o %t
// RUN: not %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH // RUN: not %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH
// RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH // RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t malloc 2>&1 \
// RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t calloc 2>&1 | FileCheck %s --check-prefix=CHECK-cCRASH // RUN: | FileCheck %s --check-prefix=CHECK-mCRASH
// RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t calloc-overflow 2>&1 | FileCheck %s --check-prefix=CHECK-coCRASH // RUN: %env_tsan_opts=allocator_may_return_null=1 %run %t malloc 2>&1 \
// RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t realloc 2>&1 | FileCheck %s --check-prefix=CHECK-rCRASH // RUN: | FileCheck %s --check-prefix=CHECK-mNULL
// RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t realloc-after-malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mrCRASH // RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t calloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-cCRASH
// RUN: %env_tsan_opts=allocator_may_return_null=1 %run %t calloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-cNULL
// RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t calloc-overflow 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-coCRASH
// RUN: %env_tsan_opts=allocator_may_return_null=1 %run %t calloc-overflow 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-coNULL
// RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t realloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-rCRASH
// RUN: %env_tsan_opts=allocator_may_return_null=1 %run %t realloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-rNULL
// RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t realloc-after-malloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-mrCRASH
// RUN: %env_tsan_opts=allocator_may_return_null=1 %run %t realloc-after-malloc 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-mrNULL
// RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t new 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nCRASH
// RUN: %env_tsan_opts=allocator_may_return_null=1 not %run %t new 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nCRASH
// RUN: %env_tsan_opts=allocator_may_return_null=0 not %run %t new-nothrow 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nnCRASH
// RUN: %env_tsan_opts=allocator_may_return_null=1 %run %t new-nothrow 2>&1 \
// RUN: | FileCheck %s --check-prefix=CHECK-nnNULL
#include <limits.h> #include <assert.h>
#include <stdlib.h>
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <assert.h> #include <stdlib.h>
#include <limits> #include <limits>
#include <new>
int main(int argc, char **argv) { int main(int argc, char **argv) {
volatile size_t size = std::numeric_limits<size_t>::max() - 10000; // Disable stderr buffering. Needed on Windows.
setvbuf(stderr, NULL, _IONBF, 0);
assert(argc == 2); assert(argc == 2);
char *x = 0; const char *action = argv[1];
if (!strcmp(argv[1], "malloc")) { fprintf(stderr, "%s:\n", action);
fprintf(stderr, "malloc:\n");
x = (char*)malloc(size); static const size_t kMaxAllowedMallocSizePlusOne = (1ULL << 40) + 1;
}
if (!strcmp(argv[1], "calloc")) {
fprintf(stderr, "calloc:\n");
x = (char*)calloc(size / 4, 4);
}
if (!strcmp(argv[1], "calloc-overflow")) { void *x = 0;
fprintf(stderr, "calloc-overflow:\n"); if (!strcmp(action, "malloc")) {
x = malloc(kMaxAllowedMallocSizePlusOne);
} else if (!strcmp(action, "calloc")) {
x = calloc((kMaxAllowedMallocSizePlusOne / 4) + 1, 4);
} else if (!strcmp(action, "calloc-overflow")) {
volatile size_t kMaxSizeT = std::numeric_limits<size_t>::max(); volatile size_t kMaxSizeT = std::numeric_limits<size_t>::max();
size_t kArraySize = 4096; size_t kArraySize = 4096;
volatile size_t kArraySize2 = kMaxSizeT / kArraySize + 10; volatile size_t kArraySize2 = kMaxSizeT / kArraySize + 10;
x = (char*)calloc(kArraySize, kArraySize2); x = calloc(kArraySize, kArraySize2);
} } else if (!strcmp(action, "realloc")) {
x = realloc(0, kMaxAllowedMallocSizePlusOne);
if (!strcmp(argv[1], "realloc")) { } else if (!strcmp(action, "realloc-after-malloc")) {
fprintf(stderr, "realloc:\n");
x = (char*)realloc(0, size);
}
if (!strcmp(argv[1], "realloc-after-malloc")) {
fprintf(stderr, "realloc-after-malloc:\n");
char *t = (char*)malloc(100); char *t = (char*)malloc(100);
*t = 42; *t = 42;
x = (char*)realloc(t, size); x = realloc(t, kMaxAllowedMallocSizePlusOne);
assert(*t == 42); assert(*t == 42);
} else if (!strcmp(action, "new")) {
x = operator new(kMaxAllowedMallocSizePlusOne);
} else if (!strcmp(action, "new-nothrow")) {
x = operator new(kMaxAllowedMallocSizePlusOne, std::nothrow);
} else {
assert(0);
} }
fprintf(stderr, "x: %p\n", x);
// The NULL pointer is printed differently on different systems, while (long)0
// is always the same.
fprintf(stderr, "x: %lx\n", (long)x);
free(x);
return x != 0; return x != 0;
} }
// CHECK-mCRASH: malloc: // CHECK-mCRASH: malloc:
// CHECK-mCRASH: ThreadSanitizer's allocator is terminating the process // CHECK-mCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-cCRASH: calloc: // CHECK-cCRASH: calloc:
// CHECK-cCRASH: ThreadSanitizer's allocator is terminating the process // CHECK-cCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-coCRASH: calloc-overflow: // CHECK-coCRASH: calloc-overflow:
// CHECK-coCRASH: ThreadSanitizer's allocator is terminating the process // CHECK-coCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-rCRASH: realloc: // CHECK-rCRASH: realloc:
// CHECK-rCRASH: ThreadSanitizer's allocator is terminating the process // CHECK-rCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-mrCRASH: realloc-after-malloc: // CHECK-mrCRASH: realloc-after-malloc:
// CHECK-mrCRASH: ThreadSanitizer's allocator is terminating the process // CHECK-mrCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-nCRASH: new:
// CHECK-nCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-nnCRASH: new-nothrow:
// CHECK-nnCRASH: ThreadSanitizer's allocator is terminating the process
// CHECK-mNULL: malloc:
// CHECK-mNULL: x: 0
// CHECK-cNULL: calloc:
// CHECK-cNULL: x: 0
// CHECK-coNULL: calloc-overflow:
// CHECK-coNULL: x: 0
// CHECK-rNULL: realloc:
// CHECK-rNULL: x: 0
// CHECK-mrNULL: realloc-after-malloc:
// CHECK-mrNULL: x: 0
// CHECK-nnNULL: new-nothrow:
// CHECK-nnNULL: x: 0