scudo: Fix quarantine allocation when MTE enabled.

Quarantines have always been broken when MTE is enabled because the quarantine batch allocator fails to reset tags that may have been left behind by a user allocation. This was only noticed when running the Scudo unit tests with Scudo as the system allocator because quarantines are turned off by default on Android and the test binary turns them on by defining __scudo_default_options, which affects the system allocator as well. Differential Revision: https://reviews.llvm.org/D92881
2024-12-04 12:15:46 +00:00 · 2020-12-05 00:22:33 -08:00 · 2020-12-05 00:22:33 -08:00 · e5a28e1261
commit e5a28e1261
parent 9f8aeb0602
1 changed files with 6 additions and 0 deletions
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@ -98,6 +98,12 @@ public:
      Header.State = Chunk::State::Allocated;
      Chunk::storeHeader(Allocator.Cookie, Ptr, &Header);

+      // Reset tag to 0 as this chunk may have been previously used for a tagged
+      // user allocation.
+      if (UNLIKELY(Allocator.useMemoryTagging()))
+        storeTags(reinterpret_cast<uptr>(Ptr),
+                  reinterpret_cast<uptr>(Ptr) + sizeof(QuarantineBatch));
+
      return Ptr;
    }