[hwasan] do not check if freed pointer belonged to allocator.

fmayer · fmayer · commit 023f18bbaf67 · 2021-08-25T09:31:01.000+01:00
In that case it is very likely that there will be a tag mismatch anyway. We handle the case that the pointer belongs to neither of the allocators by getting a nullptr from allocator.GetBlockBegin. Reviewed By: hctim, eugenis Differential Revision: https://reviews.llvm.org/D108383
diff --git a/compiler-rt/lib/hwasan/hwasan_allocator.cpp b/compiler-rt/lib/hwasan/hwasan_allocator.cpp
@@ -211,7 +211,7 @@ static bool PointerAndMemoryTagsMatch(void *tagged_ptr) {
 static bool CheckInvalidFree(StackTrace *stack, void *untagged_ptr,
                              void *tagged_ptr) {
   // This function can return true if halt_on_error is false.
-  if (!allocator.PointerIsMine(untagged_ptr) ||
+  if (!MemIsApp(reinterpret_cast<uptr>(untagged_ptr)) ||
       !PointerAndMemoryTagsMatch(tagged_ptr)) {
     ReportInvalidFree(stack, reinterpret_cast<uptr>(tagged_ptr));
     return true;
diff --git a/compiler-rt/lib/hwasan/hwasan_linux.cpp b/compiler-rt/lib/hwasan/hwasan_linux.cpp
@@ -241,7 +241,8 @@ bool MemIsApp(uptr p) {
   CHECK(GetTagFromPointer(p) == 0);
 #  endif
 
-  return p >= kHighMemStart || (p >= kLowMemStart && p <= kLowMemEnd);
+  return (p >= kHighMemStart && p <= kHighMemEnd) ||
+         (p >= kLowMemStart && p <= kLowMemEnd);
 }
 
 void InstallAtExitHandler() { atexit(HwasanAtExit); }
diff --git a/compiler-rt/test/hwasan/TestCases/wild-free-realloc.c b/compiler-rt/test/hwasan/TestCases/wild-free-realloc.c
@@ -1,8 +1,10 @@
 // RUN: %clang_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s
 
+#include <sanitizer/hwasan_interface.h>
 #include <stdlib.h>
 
 int main() {
+  __hwasan_enable_allocator_tagging();
   char *p = (char *)malloc(1);
   realloc(p + 0x10000000000, 2);
   // CHECK: ERROR: HWAddressSanitizer: invalid-free on address {{.*}} at pc {{[0x]+}}[[PC:.*]] on thread T{{[0-9]+}}
diff --git a/compiler-rt/test/hwasan/TestCases/wild-free.c b/compiler-rt/test/hwasan/TestCases/wild-free.c
@@ -1,8 +1,10 @@
 // RUN: %clang_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s
 
+#include <sanitizer/hwasan_interface.h>
 #include <stdlib.h>
 
 int main() {
+  __hwasan_enable_allocator_tagging();
   char *p = (char *)malloc(1);
   free(p + 0x10000000000);
   // CHECK: ERROR: HWAddressSanitizer: invalid-free on address {{.*}} at pc {{[0x]+}}[[PC:.*]] on thread T{{[0-9]+}}

Original file line number	Diff line number	Diff line change
`@@ -241,7 +241,8 @@ bool MemIsApp(uptr p) {`
`241`	`241`	`CHECK(GetTagFromPointer(p) == 0);`
`242`	`242`	`# endif`
`243`	`243`
`244`		`- return p >= kHighMemStart \|\| (p >= kLowMemStart && p <= kLowMemEnd);`
	`244`	`+ return (p >= kHighMemStart && p <= kHighMemEnd) \|\|`
	`245`	`+ (p >= kLowMemStart && p <= kLowMemEnd);`
`245`	`246`	`}`
`246`	`247`
`247`	`248`	`void InstallAtExitHandler() { atexit(HwasanAtExit); }`