[compiler-rt] 7a87902 - [scudo] Fix stack depot validation. (#87024)
via llvm-commits
llvm-commits at lists.llvm.org
Thu Mar 28 17:35:50 PDT 2024
Author: Christopher Ferris
Date: 2024-03-28T17:35:46-07:00
New Revision: 7a87902684b5e15644f037401e88b1f0c2c5fc6f
URL: https://github.com/llvm/llvm-project/commit/7a87902684b5e15644f037401e88b1f0c2c5fc6f
DIFF: https://github.com/llvm/llvm-project/commit/7a87902684b5e15644f037401e88b1f0c2c5fc6f.diff
LOG: [scudo] Fix stack depot validation. (#87024)
In the StackDepot::isValid function, there is work to validate the
TabMask variable. Unfortunately, if TabMask is set to the maximum
allowed value, TabSize = TabMask + 1 becomes zero and validation passes.
Disallow that case to prevent invalid reads into the Tab structure.
Added:
Modified:
compiler-rt/lib/scudo/standalone/stack_depot.h
Removed:
################################################################################
diff --git a/compiler-rt/lib/scudo/standalone/stack_depot.h b/compiler-rt/lib/scudo/standalone/stack_depot.h
index cf3cabf7085b60..98cd9707a64613 100644
--- a/compiler-rt/lib/scudo/standalone/stack_depot.h
+++ b/compiler-rt/lib/scudo/standalone/stack_depot.h
@@ -112,7 +112,7 @@ class alignas(atomic_u64) StackDepot {
if (TabMask == 0)
return false;
uptr TabSize = TabMask + 1;
- if (!isPowerOfTwo(TabSize))
+ if (TabSize == 0 || !isPowerOfTwo(TabSize))
return false;
uptr TabBytes = sizeof(atomic_u32) * TabSize;
More information about the llvm-commits
mailing list