diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2021-11-19 00:00:40 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2021-11-19 00:00:40 +0000 |
commit | 54eea1c83c6678b6e8a96d1fd682012c86d13f6c (patch) | |
tree | 9d0fa3e8914b318787dc8e2f87a09fe56c2489f0 | |
parent | 0cae8bfd6946d400ffe7f278bb23154b829a4e07 (diff) | |
parent | 1ec0946834b56d44fe69256ad6bbbe72f551b991 (diff) | |
download | bionic-android12L-d2-s2-release.tar.gz |
Snap for 7929330 from 1ec0946834b56d44fe69256ad6bbbe72f551b991 to sc-d2-releaseandroid-12.1.0_r26android-12.1.0_r25android-12.1.0_r24android-12.1.0_r23android-12.1.0_r18android-12.1.0_r17android-12.1.0_r16android-12.1.0_r15android-12.1.0_r14android-12.1.0_r13android-12.1.0_r12android12L-d2-s8-releaseandroid12L-d2-s7-releaseandroid12L-d2-s6-releaseandroid12L-d2-s5-releaseandroid12L-d2-s4-releaseandroid12L-d2-s3-releaseandroid12L-d2-s2-releaseandroid12L-d2-s1-releaseandroid12L-d2-release
Change-Id: Ie6b332afb6ba18eddebd155973b6d83d892acc6c
-rw-r--r-- | tests/malloc_test.cpp | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/tests/malloc_test.cpp b/tests/malloc_test.cpp index d73f2436d..f4a1c0d30 100644 --- a/tests/malloc_test.cpp +++ b/tests/malloc_test.cpp @@ -1371,3 +1371,25 @@ TEST(malloc, allocation_slack) { GTEST_SKIP() << "bionic extension"; #endif } + +// Regression test for b/206701345 -- scudo bug, MTE only. +// Fix: https://reviews.llvm.org/D105261 +// Fix: https://android-review.googlesource.com/c/platform/external/scudo/+/1763655 +TEST(malloc, realloc_mte_crash_b206701345) { + // We want to hit in-place realloc at the very end of an mmap-ed region. Not + // all size classes allow such placement - mmap size has to be divisible by + // the block size. At the time of writing this could only be reproduced with + // 64 byte size class (i.e. 48 byte allocations), but that may change in the + // future. Try several different classes at the lower end. + std::vector<void*> ptrs(10000); + for (int i = 1; i < 32; ++i) { + size_t sz = 16 * i - 1; + for (void*& p : ptrs) { + p = realloc(malloc(sz), sz + 1); + } + + for (void* p : ptrs) { + free(p); + } + } +} |