From 9779f26dd1aef57473953118ecb6c0f4395e3221 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Thu, 10 Feb 2022 16:32:34 +0100 Subject: [PATCH] Reproducer for mi_slice_to out of bounds ``` $ CC=clang CXX=clang++ cmake ../../ -DCMAKE_BUILD_TYPE=Debug -DMI_DEBUG_UBSAN=on $ make $ ./mimalloc-test-api test: malloc-zero... ok. test: malloc-nomem1... mimalloc: error: allocation request is too large (9223372036854775808 bytes) mimalloc: error: allocation request is too large (9223372036854775808 bytes) mimalloc: error: unable to allocate memory (9223372036854775808 bytes) ok. test: malloc-null... ok. test: malloc-large... .../src/segment.c:750:23: runtime error: index 1089 out of bounds for type 'mi_slice_t [1024]' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior .../src/segment.c:750:23 in ``` See: https://github.com/microsoft/mimalloc/issues/543 Signed-off-by: Christian Heimes --- CMakeLists.txt | 3 ++- test/test-api.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 580e38cb..fc3d0d3b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -150,8 +150,9 @@ if(MI_DEBUG_UBSAN) if(CMAKE_BUILD_TYPE MATCHES "Debug") if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") message(STATUS "Build with undefined-behavior sanitizer (MI_DEBUG_UBSAN=ON)") - list(APPEND mi_cflags -fsanitize=undefined -g) + list(APPEND mi_cflags -fsanitize=undefined -g -fno-sanitize-recover=undefined) list(APPEND CMAKE_EXE_LINKER_FLAGS -fsanitize=undefined) + list(APPEND mi_libraries ubsan) if (NOT MI_USE_CXX) message(STATUS "(switch to use C++ due to MI_DEBUG_UBSAN)") set(MI_USE_CXX "ON") diff --git a/test/test-api.c b/test/test-api.c index 8ddbf7cf..9a2c06ab 100644 --- a/test/test-api.c +++ b/test/test-api.c @@ -91,6 +91,10 @@ int main(void) { CHECK_BODY("malloc-null",{ mi_free(NULL); }); + CHECK_BODY("malloc-large",{ + void *p = mi_malloc(67108872); + mi_free(p); + }); CHECK_BODY("calloc-overflow",{ // use (size_t)&mi_calloc to get some number without triggering compiler warnings result = (mi_calloc((size_t)&mi_calloc,SIZE_MAX/1000) == NULL);