From 081dbbe25d20a87e7f15d1820822e45676bcab57 Mon Sep 17 00:00:00 2001 From: Christopher Ferris Date: Thu, 10 Jul 2025 14:51:26 -0700 Subject: [PATCH] [scudo] Fix c wrappers double free test. The previous test simply tried to double free the pointer in the EXPECT_DEATH macro. Unfortunately, the gtest infrastructure can allocate a pointer that happens to be the previously freed pointer. Thus the free doesn't fail since the spawned process does not attempt to free all of the pointers allocated in the original test. NOTE: Scudo should be checked to make sure that the TSD is not always returning pointers in the same order they are freed. Although this appears to be a problem with a program that only does a small number of allocations. --- .../lib/scudo/standalone/tests/wrappers_c_test.cpp | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/compiler-rt/lib/scudo/standalone/tests/wrappers_c_test.cpp b/compiler-rt/lib/scudo/standalone/tests/wrappers_c_test.cpp index f5e17d7214863..05065444a70c5 100644 --- a/compiler-rt/lib/scudo/standalone/tests/wrappers_c_test.cpp +++ b/compiler-rt/lib/scudo/standalone/tests/wrappers_c_test.cpp @@ -175,7 +175,19 @@ TEST_F(ScudoWrappersCDeathTest, Malloc) { free(P); verifyDeallocHookPtr(P); - EXPECT_DEATH(free(P), ""); + + // Verify a double free causes an abort. + // Don't simply free(P) since EXPECT_DEATH will do a number of + // allocations before creating a new process. There is a possibility + // that the previously freed P is reused, therefore, in the new + // process doing free(P) is not a double free. + EXPECT_DEATH( + { + void *Ptr = malloc(Size); + free(Ptr); + free(Ptr); + }, + ""); P = malloc(0U); EXPECT_NE(P, nullptr);