From ad8494c021d711779900bf63f01423f615b413a4 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer@google.com>
Date: Mon, 28 Jun 2021 14:19:43 +0100
Subject: [PATCH] [hwasan] Make sure we retag with a new tag on free.

Reviewed By: eugenis

Differential Revision: https://reviews.llvm.org/D105021
---
 compiler-rt/lib/hwasan/hwasan_allocator.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/compiler-rt/lib/hwasan/hwasan_allocator.cpp b/compiler-rt/lib/hwasan/hwasan_allocator.cpp
index 21563be36ebe..e53de53e46d5 100644
--- a/compiler-rt/lib/hwasan/hwasan_allocator.cpp
+++ b/compiler-rt/lib/hwasan/hwasan_allocator.cpp
@@ -196,6 +196,7 @@ static void HwasanDeallocate(StackTrace *stack, void *tagged_ptr) {
                            : tagged_ptr;
   void *aligned_ptr = reinterpret_cast<void *>(
       RoundDownTo(reinterpret_cast<uptr>(untagged_ptr), kShadowAlignment));
+  tag_t pointer_tag = GetTagFromPointer(reinterpret_cast<uptr>(tagged_ptr));
   Metadata *meta =
       reinterpret_cast<Metadata *>(allocator.GetMetaData(aligned_ptr));
   uptr orig_size = meta->get_requested_size();
@@ -236,7 +237,8 @@ static void HwasanDeallocate(StackTrace *stack, void *tagged_ptr) {
       // The tag can be zero if tagging is disabled on this thread.
       do {
         tag = t->GenerateRandomTag(/*num_bits=*/8);
-      } while (UNLIKELY(tag < kShadowAlignment && tag != 0));
+      } while (
+          UNLIKELY((tag < kShadowAlignment || tag == pointer_tag) && tag != 0));
     } else {
       static_assert(kFallbackFreeTag >= kShadowAlignment,
                     "fallback tag must not be a short granule tag.");