[scudo] Fix stack depot validation. (#87024)

In the StackDepot::isValid function, there is work to validate the TabMask variable. Unfortunately, if TabMask is set to the maximum allowed value, TabSize = TabMask + 1 becomes zero and validation passes. Disallow that case to prevent invalid reads into the Tab structure.
author: Christopher Ferris <cferris1000@users.noreply.github.com> 2024-03-28 17:35:46 -0700
committer: GitHub <noreply@github.com> 2024-03-28 17:35:46 -0700
commit: 7a87902684b5e15644f037401e88b1f0c2c5fc6f (patch)
tree: 66703b1b1ed3b60443b66a11db15e7758dfce9d1
parent: 07a1fbe91a4fb7df986eedd52ca90f78bc19c657 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/compiler-rt/lib/scudo/standalone/stack_depot.h b/compiler-rt/lib/scudo/standalone/stack_depot.h
index cf3cabf7085b..98cd9707a646 100644
--- a/compiler-rt/lib/scudo/standalone/stack_depot.h
+++ b/compiler-rt/lib/scudo/standalone/stack_depot.h
@@ -112,7 +112,7 @@ public:
     if (TabMask == 0)
       return false;
     uptr TabSize = TabMask + 1;
-    if (!isPowerOfTwo(TabSize))
+    if (TabSize == 0 || !isPowerOfTwo(TabSize))
       return false;
     uptr TabBytes = sizeof(atomic_u32) * TabSize;
author	Christopher Ferris <cferris1000@users.noreply.github.com>	2024-03-28 17:35:46 -0700
committer	GitHub <noreply@github.com>	2024-03-28 17:35:46 -0700
commit	7a87902684b5e15644f037401e88b1f0c2c5fc6f (patch)
tree	66703b1b1ed3b60443b66a11db15e7758dfce9d1
parent	07a1fbe91a4fb7df986eedd52ca90f78bc19c657 (diff)