[PATCH] D102376: scudo: Require fault address to be in bounds for UAF.
Peter Collingbourne via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed May 12 16:47:32 PDT 2021
pcc added inline comments.
================
Comment at: compiler-rt/lib/scudo/standalone/combined.h:1350
+ } else {
+ if (FaultAddr < EntryPtr - getPageSizeCached() ||
+ FaultAddr >= EntryPtr + EntrySize + getPageSizeCached())
----------------
eugenis wrote:
> getPageSizeCached is an arbitrary threshold for reporting secondary oob, right? That could use a comment. In general, it would be great to list the assumption reporting code makes about the buffer contents - ex. the fact that allocation-without-deallocation entries are only possible for secondary.
>
It's based on the size of the guard region on either side of the allocation, which is guaranteed to be at least a page (guard page on the right, guard page + tagged region on the left). I'll add some comments here.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D102376/new/
https://reviews.llvm.org/D102376
More information about the llvm-commits
mailing list