[compiler-rt] [scudo] Fix stack depot validation. (PR #87024)
via llvm-commits
llvm-commits at lists.llvm.org
Thu Mar 28 16:58:35 PDT 2024
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-compiler-rt-sanitizer
Author: Christopher Ferris (cferris1000)
<details>
<summary>Changes</summary>
In the StackDepot::isValid function, there is work to validate the TabMask variable. Unfortunately, if TabMask is set to the maximum allowed value, TabSize = TabMask + 1 becomes zero and validation passes.
Disallow that case to prevent invalid reads into the Tab structure.
---
Full diff: https://github.com/llvm/llvm-project/pull/87024.diff
1 Files Affected:
- (modified) compiler-rt/lib/scudo/standalone/stack_depot.h (+1-1)
``````````diff
diff --git a/compiler-rt/lib/scudo/standalone/stack_depot.h b/compiler-rt/lib/scudo/standalone/stack_depot.h
index cf3cabf7085b60..98cd9707a64613 100644
--- a/compiler-rt/lib/scudo/standalone/stack_depot.h
+++ b/compiler-rt/lib/scudo/standalone/stack_depot.h
@@ -112,7 +112,7 @@ class alignas(atomic_u64) StackDepot {
if (TabMask == 0)
return false;
uptr TabSize = TabMask + 1;
- if (!isPowerOfTwo(TabSize))
+ if (TabSize == 0 || !isPowerOfTwo(TabSize))
return false;
uptr TabBytes = sizeof(atomic_u32) * TabSize;
``````````
</details>
https://github.com/llvm/llvm-project/pull/87024
More information about the llvm-commits
mailing list