diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc --- a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc +++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc @@ -9665,6 +9665,15 @@ qsort_compar_f compar) { void *ctx; COMMON_INTERCEPTOR_ENTER(ctx, qsort, base, nmemb, size, compar); + // Run the comparator over all array elements to detect any memory issues. + for (SIZE_T i = 0; i < nmemb; ++i) { + void *p = (void *)((char *)base + i * size); + COMMON_INTERCEPTOR_UNPOISON_PARAM(2); + // Compare each element with itself to trigger an equality check, which + // typically requires the comparator to look as many of the object fields as + // possible. + compar(p, p); + } qsort_compar_f old_compar = qsort_compar; qsort_compar = compar; SIZE_T old_size = qsort_size; @@ -9694,6 +9703,15 @@ qsort_r_compar_f compar, void *arg) { void *ctx; COMMON_INTERCEPTOR_ENTER(ctx, qsort_r, base, nmemb, size, compar, arg); + // Run the comparator over all array elements to detect any memory issues. + for (SIZE_T i = 0; i < nmemb; ++i) { + void *p = (void *)((char *)base + i * size); + COMMON_INTERCEPTOR_UNPOISON_PARAM(3); + // Compare each element with itself to trigger an equality check, which + // typically requires the comparator to look as many of the object fields as + // possible. + compar(p, p, arg); + } qsort_r_compar_f old_compar = qsort_r_compar; qsort_r_compar = compar; SIZE_T old_size = qsort_r_size; diff --git a/compiler-rt/test/msan/qsort.cpp b/compiler-rt/test/msan/qsort.cpp --- a/compiler-rt/test/msan/qsort.cpp +++ b/compiler-rt/test/msan/qsort.cpp @@ -1,4 +1,5 @@ // RUN: %clangxx_msan -O0 -g %s -o %t && %run %t +// RUN: %clangxx_msan -DPOISON -O0 -g %s -o %t && not %run %t 2>&1 | FileCheck %s #include #include @@ -65,6 +66,10 @@ for (int i = 0; i < kSize1; ++i) p[i] = i * 2 + (i % 3 - 1) * 3; poison_stack_and_param(); +#ifdef POISON + __msan_poison(p + 1, sizeof(long)); + // CHECK: Uninitialized bytes in __msan_check_mem_is_initialized at offset 0 inside [{{.*}}, 8) +#endif qsort(p, kSize1, sizeof(long), compar1); __msan_check_mem_is_initialized(p, sizeof(long) * kSize1); assert(seen2);