[all-commits] [llvm/llvm-project] 4db680: [lsan][fuchsia] Add extra check for allocator cach...
PiJoules via All-commits
all-commits at lists.llvm.org
Thu Sep 14 16:05:07 PDT 2023
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 4db6803dc799ae79bccef0d24484528b6bb0dcbc
https://github.com/llvm/llvm-project/commit/4db6803dc799ae79bccef0d24484528b6bb0dcbc
Author: Leonard Chan <leonardchan at google.com>
Date: 2023-09-14 (Thu, 14 Sep 2023)
Changed paths:
M compiler-rt/lib/lsan/lsan_common_fuchsia.cpp
Log Message:
-----------
[lsan][fuchsia] Add extra check for allocator cache to avoid overflow
Prior to this, we would check if the end of the allocator cache was located
before the end of the chunk passed to the tls check. However, if the actual
allocator cache comes after the end of the chunk, then the sub in the
`end - params->allocator_caches[i]` bit overflows. Since the resulting type
is an unsigned uptr, this is not UB, but if the signed result would be a
negative value (ie. `end < params->allocator_caches[i]`) then this will
actually result in a very large unsigned value much bigger than the compared
`sizeof(AllocatorCache)` which will almost always be true. This can cause
ScanRangeForPointers to accept incorrect values: a begin pointing to some
address, and `params->allocator_caches[i]` pointing to some much larger
address way past the end of the chunk which can result in a page fault/stack overflow.
Differential Revision: https://reviews.llvm.org/D159518
More information about the All-commits
mailing list