project-base/server-skynet-source-3rd-jemalloc
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix read of uninitialized data in prof_free

Browse Source 
In #2433, I inadvertently introduced a regression which causes the use of
uninitialized data. Namely, the control path I added for the safety
check in `arena_prof_info_get` neglected to set `prof_info->alloc_tctx`
when the check fails, resulting in `prof_info.alloc_tctx` being
uninitialized [when it is read at the end of
`prof_free`](90176f8a87/include/jemalloc/internal/prof_inlines.h (L272)).
This commit is contained in:
Kevin Svetlitski 2023-06-15 14:47:20 -07:00 committed by Qi Wang
parent 90176f8a87
commit 210f0d0b2b
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/jemalloc/internal/arena_inlines_b.h
View File

@ -96,6 +96,7 @@ arena_prof_info_get(tsd_t *tsd, const void *ptr, emap_alloc_ctx_t *alloc_ctx,
if (reset_recent && if (reset_recent &&
large_dalloc_safety_checks(edata, ptr, large_dalloc_safety_checks(edata, ptr,
edata_szind_get(edata))) { edata_szind_get(edata))) {
prof_info->alloc_tctx = (prof_tctx_t *)(uintptr_t)1U;
return; return;
} }
large_prof_info_get(tsd, edata, prof_info, reset_recent); large_prof_info_get(tsd, edata, prof_info, reset_recent);