[PATCH] D70762: scudo: Add initial memory tagging support.
Evgenii Stepanov via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Nov 27 12:56:34 PST 2019
eugenis added a comment.
> The granules either side of the allocation are tagged with tag 0
But only if the granule on the right is within the current chunk, right?
This patch does not retag memory on free, so it would not catch use-after-free. Unless I'm missing something.
It looks like a better strategy would be tagging memory _only_ on free (and realloc, and when new memory is requested from the system, too).
================
Comment at: compiler-rt/lib/scudo/standalone/combined.h:293
+ Ptr = maybeUntagPointer(Ptr);
+
----------------
Do we want to touch memory with the tagged pointer first to catch double-free & invalid-free bugs?
================
Comment at: compiler-rt/lib/scudo/standalone/combined.h:373
Chunk::compareExchangeHeader(Cookie, OldPtr, &NewHeader, &OldHeader);
- return OldPtr;
+ if (ClassId && useMemoryTagging())
+ resizeTaggedChunk(OldTaggedPtr, OldSize, NewSize, BlockEnd);
----------------
UNLIKELY?
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D70762/new/
https://reviews.llvm.org/D70762
More information about the llvm-commits
mailing list