[PATCH] D100911: scudo: Make prepareTaggedChunk() and resizeTaggedChunk() generic.
Evgenii Stepanov via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Apr 21 10:56:04 PDT 2021
eugenis added inline comments.
================
Comment at: compiler-rt/lib/scudo/standalone/combined.h:1146
+ uptr UntaggedNewPtr = untagPointer(RoundNewPtr);
+ if (UntaggedNewPtr != BlockEnd)
+ storeTag(UntaggedNewPtr);
----------------
vitalybuka wrote:
> pcc wrote:
> > vitalybuka wrote:
> > > Why we don't tag entire unused tail? It may detect UseAfterFree.
> > We detect UAF by retagging on free. So from that perspective there's no advantage to retagging the tail here.
> then why do we need to remove a tag on a single granule here?
> To distinguish UAF and out of bounds?
For guaranteed linear overflow detection.
In fact, by not retagging the tail, we have guaranteed false negative for overflow by 16 bytes, right? Should we change this? It should be pretty cheap in the primary allocator.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D100911/new/
https://reviews.llvm.org/D100911
More information about the llvm-commits
mailing list