[TSan][Darwin] Make malloc_size interceptor more robust

Previously we would crash in the TSan runtime if the user program passes
a pointer to `malloc_size()` that doesn't point into app memory.

In these cases, `malloc_size()` should return 0.

For ASan, we fixed a similar issue here:
https://reviews.llvm.org/D15008

Radar-Id: rdar://problem/86213149

Differential Revision: https://reviews.llvm.org/D115947

compiler-rt/lib/tsan/rtl/tsan_mman.cpp

@@ -364,7 +364,7 @@ void *user_pvalloc(ThreadState *thr, uptr pc, uptr sz) {
 }
 
 uptr user_alloc_usable_size(const void *p) {
-  if (p == 0)
+  if (p == 0 || !IsAppMem((uptr)p))
     return 0;
   MBlock *b = ctx->metamap.GetBlock((uptr)p);
   if (!b)

compiler-rt/test/tsan/Darwin/malloc_size.mm

@@ -1,4 +1,5 @@
 // Test that malloc_zone_from_ptr returns a valid zone for a 0-sized allocation.
+// Test that malloc_size does not crash for an invalid pointer.
 
 // RUN: %clang_tsan %s -o %t -framework Foundation
 // RUN: %run %t 2>&1 | FileCheck %s
@@ -54,4 +55,13 @@ int main() {
   // CHECK: size = 0x0
   describe_zone(p);
   // CHECK: zone = no zone
+
+  p = (void *)0x42;  // invalid pointer
+  s = malloc_size(p);
+  fprintf(stderr, "size = 0x%zx\n", s);
+  // CHECK: size = 0x0
+  describe_zone(p);
+  // CHECK: zone = no zone
+
+  return 0;
 }