[RFC] Linux bots should set MALLOC_PERTURB_


glibc has a lightweight use-after-free detector which can be used by setting MALLOC_PERTURB_ [0]. Thanks to this flag I found a possible use-after-free bug in clang code. See http://llvm.org/bugs/show_bug.cgi?id=20228

I suggest Linux bots make use of this flag to find possible use-after-free bugs.

[0] http://udrepper.livejournal.com/11429.html

Gentle ping.

I guess noone is interested in discovering double frees? This is just a one line change for the buildbots and it will at least uncover one real double-free now. See http://llvm.org/bugs/show_bug.cgi?id=20228

At least Asan folks should be interested in this.

IIUC this flag does not make glibc invalidate the _pointers_ to freed
memory, it just overwrites the contents of the freed memory with
Picking different flag values results in different garbage values,
which may affect the behavior of buggy programs and thus help detect
the presence of a read-after-free (not a write-after-free or
double-free - the latter is handled by MALLOC_CHECK_).
This flag can't be used together with ASan, because ASan replaces the
libc allocator with its own one. ASan's use-after-free/double-free
detection is far more reliable.

Yet it might be a good idea to turn this flag on the regular Linux
bots to harden them a bit if this doesn't impact the performance much
(it actually may). CCing Galina as I've no idea who is in charge of
the Linux buildbots.



of course...

Does the attached testcase belong to the LLVM test suite? If it does
not, have you tried to run asanified Clang on that?


I've updated your bug with an ASan report.
That said, this isn't something that the existing ASan buildbots have
missed, it's just a new testcase.
So it doesn't prove MALLOC_PERTURB_ finding anything that ASan does not.