commit 5049b86b4a27013962b3ab859c3b6d2f74ddb93a
author Evgenii Stepanov <eugenis@google.com> Mon Nov 21 16:56:53 2022 -0800
committer Copybara-Service <copybara-worker@google.com> Mon Nov 21 17:00:40 2022 -0800
tree 46cb9800ef69d42677a7a64210cdf190d28b6553
parent c27b0c2e40a604f44fa3a970af0c516837d2394d

Revert "[scudo] Detect double free when running with MTE."

Mysterious failures on the x86_64-linux-qemu, to be debugged.

This reverts commit 1dd54691b20d8bf65156cdf35d241cfcd684cb54.

GitOrigin-RevId: 8add770417cad13f7fb4f5bbb6212d6cf2a3249b

lib/scudo/standalone/combined.h

diff --git a/lib/scudo/standalone/combined.h b/lib/scudo/standalone/combined.h
index 6b0cf87..365720d 100644
--- a/lib/scudo/standalone/combined.h
+++ b/lib/scudo/standalone/combined.h
@@ -560,16 +560,7 @@
       }
     }
 
-    // Try to detect deallocation with a wrong MTE tag by touching the first
-    // byte with a correctly tagged pointer. Skip zero-sized allocations that do
-    // not always store the correct tag value anywhere (for example, a zero
-    // size, 32 byte aligned allocation in a 32-byte size class will end up with
-    // header at offset 16 in the block, payload at offset 32, and no space to
-    // store the tag).
     const uptr Size = getSize(Ptr, &Header);
-    if (useMemoryTagging<Params>(Options) && Size != 0)
-      *reinterpret_cast<volatile char *>(TaggedPtr);
-
     if (DeleteSize && Options.get(OptionBit::DeleteSizeMismatch)) {
       if (UNLIKELY(DeleteSize != Size))
         reportDeleteSizeMismatch(Ptr, DeleteSize, Size);

lib/scudo/standalone/tests/combined_test.cpp

diff --git a/lib/scudo/standalone/tests/combined_test.cpp b/lib/scudo/standalone/tests/combined_test.cpp
index 58d444d..7d5cacd 100644
--- a/lib/scudo/standalone/tests/combined_test.cpp
+++ b/lib/scudo/standalone/tests/combined_test.cpp
@@ -395,27 +395,6 @@
   }
 }
 
-SCUDO_TYPED_TEST(ScudoCombinedDeathTest, FreeWithTagMismatch) {
-  auto *Allocator = this->Allocator.get();
-
-  if (!Allocator->useMemoryTaggingTestOnly())
-    return;
-
-  // Check that double free is detected.
-  for (scudo::uptr SizeLog = 0U; SizeLog <= 20U; SizeLog++) {
-    const scudo::uptr Size = 1U << SizeLog;
-    EXPECT_DEATH(
-        {
-          disableDebuggerdMaybe();
-          void *P = Allocator->allocate(Size, Origin);
-          scudo::uptr NewTag = (scudo::extractTag(reinterpret_cast<scudo::uptr>(P)) + 1) % 16;
-          void *Q = scudo::addFixedTag(scudo::untagPointer(P), NewTag);
-          Allocator->deallocate(Q, Origin);
-        },
-        "");
-  }
-}
-
 SCUDO_TYPED_TEST(ScudoCombinedDeathTest, DisableMemoryTagging) {
   auto *Allocator = this->Allocator.get();