The bounds check in storeEndMarker incorrectly compares tagged against
untagged address in the in-place realloc case. This can cause the tag
store to go into an unmapped page to the right of the region mapping.
Details
Details
Diff Detail
Diff Detail
- Repository
- rG LLVM Github Monorepo
Event Timeline
| compiler-rt/lib/scudo/standalone/combined.h | ||
|---|---|---|
| 1167 ↗ | (On Diff #387732) | this invariant no longer relevant? | 
| compiler-rt/lib/scudo/standalone/combined.h | ||
|---|---|---|
| 1169 ↗ | (On Diff #387732) | Can we fix the caller to untag BlockEnd instead? | 
Comment Actions
Remove the fix, keep the test.
| compiler-rt/lib/scudo/standalone/combined.h | ||
|---|---|---|
| 1169 ↗ | (On Diff #387732) | Oh right. I hacked this on an older version of the code :( |