| Issue |
75761
|
| Summary |
scudo/CHECK_GE failed
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
chericc
|
# scudo/CHECK_GE failed
## Crash outputs
```bash
...((Sci->Stats.PoppedBlocks)) >= ((Sci->Stats.PushedBlocks)) (252, 4294966864)...
```
## Location
**file**: primary32.h
**lines**:
```c++
NOINLINE uptr releaseToOSMaybe(SizeClassInfo *Sci, uptr ClassId,
bool Force = false) {
const uptr BlockSize = getSizeByClassId(ClassId);
const uptr PageSize = getPageSizeCached();
CHECK_GE(Sci->Stats.PoppedBlocks, Sci->Stats.PushedBlocks);
const uptr BytesInFreeList =
Sci->AllocatedUser -
(Sci->Stats.PoppedBlocks - Sci->Stats.PushedBlocks) * BlockSize;
```
Line `CHECK_GE(Sci->Stats.PoppedBlocks, Sci->Stats.PushedBlocks);`may **FAIL** when PoppedBlocks crosses `UINT32_MAX` while `PushedBlocks` not.
## Problem reproduction
```c++
std::list<void*> g_list;
while (true)
{
g_list.clear();
for (int i = 0; i < 10000; ++i)
{
void *p = malloc(1600);
g_list.push_back(p);
}
for (auto i : g_list)
{
free(i);
}
}
```
If `malloc` executes for about `UINT32_MAX` times, then `CHECK_GE` will fail.
## Version
This problem occurs with scudo version in 2019(the specific version number not known).
The newest version(2023.12.18) has change `CHECK_GE` to `DCHECK_GE`, but this problem still exists.
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
