diff options
author | Vitaly Buka <vitalybuka@google.com> | 2021-06-30 20:22:41 -0700 |
---|---|---|
committer | Evgenii Stepanov <eugenis@google.com> | 2021-11-17 23:02:00 +0000 |
commit | 946c79ac5e769462e41e8eb5fc5ce07967068e31 (patch) | |
tree | a0f5373b4a9e78628dae030771cbd16f8e50e532 | |
parent | 4599a19cb002a5483ae969530b5a4d5bc06cf7cd (diff) | |
download | scudo-android12-qpr3-s2-release.tar.gz |
[scudo] Untag BlockEnd in reallocateandroid-12.1.0_r9android-12.1.0_r8android-12.1.0_r7android-12.1.0_r22android-12.1.0_r21android-12.1.0_r20android-12.1.0_r19android-12.1.0_r11android-12.1.0_r10android12L-devandroid12-qpr3-s7-releaseandroid12-qpr3-s6-releaseandroid12-qpr3-s5-releaseandroid12-qpr3-s4-releaseandroid12-qpr3-s3-releaseandroid12-qpr3-s2-releaseandroid12-qpr3-s1-releaseandroid12-qpr3-release
If we get here from reallocate, BlockEnd is tagged. Then we
will storeTag(UntaggedEnd) into the header of the next chunk.
Luckily header tag is 0 so unpatched code still works.
Reviewed By: pcc
Differential Revision: https://reviews.llvm.org/D105261
Bug: 206701345
Test: CtsBionicTestCases
GitOrigin-RevId: fe30963600ea579d4046c9a92c6e38cc2be0e9a2
Merged-In: Idfbf127080f09a2a111741f60efa5422414c2009
Change-Id: Idfbf127080f09a2a111741f60efa5422414c2009
(cherry picked from commit 5df4673efd351b357998c1007b5a2360ab3b67e0)
-rw-r--r-- | standalone/combined.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/standalone/combined.h b/standalone/combined.h index 8080d677d7b..5eac56dc933 100644 --- a/standalone/combined.h +++ b/standalone/combined.h @@ -643,7 +643,7 @@ public: if (ClassId) { resizeTaggedChunk(reinterpret_cast<uptr>(OldTaggedPtr) + OldSize, reinterpret_cast<uptr>(OldTaggedPtr) + NewSize, - NewSize, BlockEnd); + NewSize, untagPointer(BlockEnd)); storePrimaryAllocationStackMaybe(Options, OldPtr); } else { storeSecondaryAllocationStackMaybe(Options, OldPtr, NewSize); @@ -1156,6 +1156,7 @@ private: // address tags against chunks. To allow matching in this case we store the // address tag in the first byte of the chunk. void storeEndMarker(uptr End, uptr Size, uptr BlockEnd) { + DCHECK_EQ(BlockEnd, untagPointer(BlockEnd)); uptr UntaggedEnd = untagPointer(End); if (UntaggedEnd != BlockEnd) { storeTag(UntaggedEnd); |