diff options
author | Christopher Ferris <cferris1000@users.noreply.github.com> | 2024-03-28 17:35:46 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-28 17:35:46 -0700 |
commit | 7a87902684b5e15644f037401e88b1f0c2c5fc6f (patch) | |
tree | 66703b1b1ed3b60443b66a11db15e7758dfce9d1 | |
parent | 07a1fbe91a4fb7df986eedd52ca90f78bc19c657 (diff) |
[scudo] Fix stack depot validation. (#87024)
In the StackDepot::isValid function, there is work to validate the
TabMask variable. Unfortunately, if TabMask is set to the maximum
allowed value, TabSize = TabMask + 1 becomes zero and validation passes.
Disallow that case to prevent invalid reads into the Tab structure.
-rw-r--r-- | compiler-rt/lib/scudo/standalone/stack_depot.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/compiler-rt/lib/scudo/standalone/stack_depot.h b/compiler-rt/lib/scudo/standalone/stack_depot.h index cf3cabf7085b..98cd9707a646 100644 --- a/compiler-rt/lib/scudo/standalone/stack_depot.h +++ b/compiler-rt/lib/scudo/standalone/stack_depot.h @@ -112,7 +112,7 @@ public: if (TabMask == 0) return false; uptr TabSize = TabMask + 1; - if (!isPowerOfTwo(TabSize)) + if (TabSize == 0 || !isPowerOfTwo(TabSize)) return false; uptr TabBytes = sizeof(atomic_u32) * TabSize; |