Reproducer for mi_slice_to out of bounds

``` $ CC=clang CXX=clang++ cmake ../../ -DCMAKE_BUILD_TYPE=Debug -DMI_DEBUG_UBSAN=on $ make $ ./mimalloc-test-api test: malloc-zero... ok. test: malloc-nomem1... mimalloc: error: allocation request is too large (9223372036854775808 bytes) mimalloc: error: allocation request is too large (9223372036854775808 bytes) mimalloc: error: unable to allocate memory (9223372036854775808 bytes) ok. test: malloc-null... ok. test: malloc-large... .../src/segment.c:750:23: runtime error: index 1089 out of bounds for type 'mi_slice_t [1024]' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior .../src/segment.c:750:23 in ``` See: https://github.com/microsoft/mimalloc/issues/543 Signed-off-by: Christian Heimes <christian@python.org>
2025-05-21 06:19:31 +03:00 · 2022-02-10 16:32:34 +01:00 · 2022-02-10 16:32:34 +01:00 · 9779f26dd1
commit 9779f26dd1
parent f412df7a2b
2 changed files with 6 additions and 1 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -150,8 +150,9 @@ if(MI_DEBUG_UBSAN)
  if(CMAKE_BUILD_TYPE MATCHES "Debug")    
    if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
      message(STATUS "Build with undefined-behavior sanitizer (MI_DEBUG_UBSAN=ON)")
-      list(APPEND mi_cflags -fsanitize=undefined -g)
+      list(APPEND mi_cflags -fsanitize=undefined -g -fno-sanitize-recover=undefined)
      list(APPEND CMAKE_EXE_LINKER_FLAGS -fsanitize=undefined)
+      list(APPEND mi_libraries ubsan)
      if (NOT MI_USE_CXX)
        message(STATUS "(switch to use C++ due to MI_DEBUG_UBSAN)")
        set(MI_USE_CXX "ON")
--- a/test/test-api.c
+++ b/test/test-api.c
@ -91,6 +91,10 @@ int main(void) {
  CHECK_BODY("malloc-null",{
    mi_free(NULL);
  });
+  CHECK_BODY("malloc-large",{
+    void *p = mi_malloc(67108872);
+    mi_free(p);
+  });
  CHECK_BODY("calloc-overflow",{
    // use (size_t)&mi_calloc to get some number without triggering compiler warnings
    result = (mi_calloc((size_t)&mi_calloc,SIZE_MAX/1000) == NULL);