Skip to content

[compiler-rt] [sanitizer] avoid UB in allocator #126977

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 12, 2025
Merged

[compiler-rt] [sanitizer] avoid UB in allocator #126977

merged 3 commits into from
Feb 12, 2025

Conversation

fmayer
Copy link
Contributor

@fmayer fmayer commented Feb 12, 2025

No description provided.

@fmayer
[𝘀𝗽𝗿] initial version
b8a0b70 
Created using spr 1.3.4
@llvmbot
Copy link
Member

llvmbot commented Feb 12, 2025

@llvm/pr-subscribers-compiler-rt-sanitizer

Author: Florian Mayer (fmayer)

Changes

Full diff: https://github.com/llvm/llvm-project/pull/126977.diff

1 Files Affected:

  • (modified) compiler-rt/lib/sanitizer_common/sanitizer_allocator_local_cache.h (+4-1)
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_allocator_local_cache.h b/compiler-rt/lib/sanitizer_common/sanitizer_allocator_local_cache.h
index e495c56f03775..b67529fdeb5ff 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_allocator_local_cache.h
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_allocator_local_cache.h
@@ -166,7 +166,10 @@ struct SizeClassAllocator32LocalCache {
       DCHECK_GT(c->count, 0);
     }
     void *res = c->batch[--c->count];
-    PREFETCH(c->batch[c->count - 1]);
+    // By not doing pointer arithmetic, we avoid the OOB if c->count = 0.
+    // We just prefetch the previous member of the PerClass struct, which
+    // doesn't do harm.
+    PREFETCH(reinterpret_cast<uptr>(c->batch) + sizeof(c->batch[0])* (c->count - 1));
     stats_.Add(AllocatorStatAllocated, c->class_size);
     return res;
   }

@fmayer
fmt
5286206 
Created using spr 1.3.4
@fmayer fmayer requested a review from vitalybuka February 12, 2025 21:50
@fmayer fmayer marked this pull request as draft February 12, 2025 21:51
@fmayer fmayer marked this pull request as ready for review February 12, 2025 21:52
@fmayer
be less fancy
9fe1aff 
Created using spr 1.3.4
@fmayer fmayer merged commit 6936fad into main Feb 12, 2025
7 checks passed
@fmayer fmayer deleted the users/fmayer/spr/compiler-rt-sanitizer-avoid-ub-in-allocator branch February 12, 2025 23:49
flovent pushed a commit to flovent/llvm-project that referenced this pull request Feb 13, 2025
@fmayer @flovent
[compiler-rt] [sanitizer] avoid UB in allocator (llvm#126977)
0850676
joaosaffran pushed a commit to joaosaffran/llvm-project that referenced this pull request Feb 14, 2025
@fmayer
[compiler-rt] [sanitizer] avoid UB in allocator (llvm#126977)
9be2c46
sivan-shani pushed a commit to sivan-shani/llvm-project that referenced this pull request Feb 24, 2025
@fmayer @sivan-shani
[compiler-rt] [sanitizer] avoid UB in allocator (llvm#126977)
26c8dab
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vitalybuka vitalybuka vitalybuka approved these changes

Assignees
No one assigned
Labels
compiler-rt:sanitizer compiler-rt
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fmayer @llvmbot @vitalybuka