3party/crashpad
0
0
Fork 0
mirror of https://github.com/chromium/crashpad.git synced 2024-12-26 06:31:50 +08:00
Code Issues Projects Releases Wiki Activity

[MSan] "Fix" use-after-dtor in InitializationState.InitializationState

Browse Source 
Since the test is specifically trying to exercise UB by testing the
state of an object it is already destroyed, unpoison the memory to
suppress MSan errors.

Bug: 40222690
Change-Id: I840e944f5e8b39668ac05d8d641fdd5f2e3db5ac
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5716150
Reviewed-by: Mark Mentovai <mark@chromium.org>
This commit is contained in:
Daniel Cheng 2024-07-17 04:27:51 +00:00 committed by Mark Mentovai
parent a1fc5d728b
commit aef7de4e93
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
util/misc/initialization_state_test.cc
View File

@ -18,6 +18,7 @@
#include <memory> #include <memory>
#include "base/compiler_specific.h"
#include "base/memory/free_deleter.h" #include "base/memory/free_deleter.h"
#include "gtest/gtest.h" #include "gtest/gtest.h"
@ -59,6 +60,10 @@ TEST(InitializationState, InitializationState) {
// buffer thats still valid and its destructor was called directly, this // buffer thats still valid and its destructor was called directly, this
// approximates use-after-free without risking that the memory formerly used // approximates use-after-free without risking that the memory formerly used
// for the InitializationState object has been repurposed. // for the InitializationState object has been repurposed.
// (Though this is still UB and MSan does not like this)
MSAN_UNPOISON(initialization_state, sizeof(*initialization_state));
EXPECT_FALSE(initialization_state->is_uninitialized()); EXPECT_FALSE(initialization_state->is_uninitialized());
EXPECT_FALSE(initialization_state->is_valid()); EXPECT_FALSE(initialization_state->is_valid());
} }