From 793f4723aaaa832e174dcbe23f74de529ec03fd2 Mon Sep 17 00:00:00 2001 From: Thurston Dang Date: Thu, 28 Aug 2025 22:19:35 +0000 Subject: [PATCH 1/3] [msan] Add test for deferencing zero-sized malloc/calloc MSan fails to catch this, because 0-byte allocations are converted into 1-byte allocations. Bug originally reported by dvyukov --- compiler-rt/test/msan/zero_alloc.cpp | 37 ++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 compiler-rt/test/msan/zero_alloc.cpp diff --git a/compiler-rt/test/msan/zero_alloc.cpp b/compiler-rt/test/msan/zero_alloc.cpp new file mode 100644 index 0000000000000..4b60c161efb36 --- /dev/null +++ b/compiler-rt/test/msan/zero_alloc.cpp @@ -0,0 +1,37 @@ +// RUN: %clang_msan -Wno-alloc-size -fsanitize-recover=memory %s -o %t && not %run %t 2>&1 | FileCheck %s + +// XFAIL: * + +#include +#include + +int main(int argc, char **argv) { + { + char* p1 = (char*)calloc(1, 0); + printf ("p1 is %p\n", p1); + printf ("Content of p1 is: %d\n", *p1); + // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value + // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]] + free(p1); + } + + { + char* p2 = (char*)calloc(0, 1); + printf ("p2 is %p\n", p2); + printf ("Content of p2 is: %d\n", *p2); + // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value + // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]] + free(p2); + } + + { + char* p3 = (char*)malloc(0); + printf ("p3 is %p\n", p3); + printf ("Content of p2 is: %d\n", *p3); + // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value + // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]] + free(p3); + } + + return 0; +} From 6276e55954d2c84cd68e68e9819b3216acc9be7b Mon Sep 17 00:00:00 2001 From: Thurston Dang Date: Thu, 28 Aug 2025 22:22:23 +0000 Subject: [PATCH 2/3] clang-format --- compiler-rt/test/msan/zero_alloc.cpp | 36 ++++++++++++++-------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/compiler-rt/test/msan/zero_alloc.cpp b/compiler-rt/test/msan/zero_alloc.cpp index 4b60c161efb36..6a3ce26e256b7 100644 --- a/compiler-rt/test/msan/zero_alloc.cpp +++ b/compiler-rt/test/msan/zero_alloc.cpp @@ -7,30 +7,30 @@ int main(int argc, char **argv) { { - char* p1 = (char*)calloc(1, 0); - printf ("p1 is %p\n", p1); - printf ("Content of p1 is: %d\n", *p1); - // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value - // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]] - free(p1); + char *p1 = (char *)calloc(1, 0); + printf("p1 is %p\n", p1); + printf("Content of p1 is: %d\n", *p1); + // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value + // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]] + free(p1); } { - char* p2 = (char*)calloc(0, 1); - printf ("p2 is %p\n", p2); - printf ("Content of p2 is: %d\n", *p2); - // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value - // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]] - free(p2); + char *p2 = (char *)calloc(0, 1); + printf("p2 is %p\n", p2); + printf("Content of p2 is: %d\n", *p2); + // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value + // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]] + free(p2); } { - char* p3 = (char*)malloc(0); - printf ("p3 is %p\n", p3); - printf ("Content of p2 is: %d\n", *p3); - // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value - // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]] - free(p3); + char *p3 = (char *)malloc(0); + printf("p3 is %p\n", p3); + printf("Content of p2 is: %d\n", *p3); + // CHECK: WARNING: MemorySanitizer: use-of-uninitialized-value + // CHECK: {{#0 0x.* in main .*zero_alloc.cpp:}}[[@LINE-2]] + free(p3); } return 0; From 89e196e1c57d94fb9143db3dc7840e9b0ba211db Mon Sep 17 00:00:00 2001 From: Thurston Dang Date: Thu, 28 Aug 2025 22:24:15 +0000 Subject: [PATCH 3/3] Add note on bad compilers --- compiler-rt/test/msan/zero_alloc.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/compiler-rt/test/msan/zero_alloc.cpp b/compiler-rt/test/msan/zero_alloc.cpp index 6a3ce26e256b7..e60051872eba2 100644 --- a/compiler-rt/test/msan/zero_alloc.cpp +++ b/compiler-rt/test/msan/zero_alloc.cpp @@ -1,5 +1,7 @@ // RUN: %clang_msan -Wno-alloc-size -fsanitize-recover=memory %s -o %t && not %run %t 2>&1 | FileCheck %s +// MSan doesn't catch this because internally it translates 0-byte allocations +// into 1-byte // XFAIL: * #include