scudo: Fix quarantine allocation when MTE enabled.

pcc · pcc · commit e5a28e1261a0 · 2020-12-09T11:48:41.000-08:00
Quarantines have always been broken when MTE is enabled because the quarantine batch allocator fails to reset tags that may have been left behind by a user allocation. This was only noticed when running the Scudo unit tests with Scudo as the system allocator because quarantines are turned off by default on Android and the test binary turns them on by defining __scudo_default_options, which affects the system allocator as well. Differential Revision: https://reviews.llvm.org/D92881
diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
@@ -98,6 +98,12 @@ class Allocator {
       Header.State = Chunk::State::Allocated;
       Chunk::storeHeader(Allocator.Cookie, Ptr, &Header);
 
+      // Reset tag to 0 as this chunk may have been previously used for a tagged
+      // user allocation.
+      if (UNLIKELY(Allocator.useMemoryTagging()))
+        storeTags(reinterpret_cast<uptr>(Ptr),
+                  reinterpret_cast<uptr>(Ptr) + sizeof(QuarantineBatch));
+
       return Ptr;
     }
 
