romenskiy2012/jemalloc
1
0
Fork 0
mirror of https://github.com/jemalloc/jemalloc.git synced 2026-04-22 10:52:12 +03:00
Code Issues Projects Releases Packages Wiki Activity

Fix read of uninitialized data in prof_free

Browse source 
In #2433, I inadvertently introduced a regression which causes the use of
uninitialized data. Namely, the control path I added for the safety
check in `arena_prof_info_get` neglected to set `prof_info->alloc_tctx`
when the check fails, resulting in `prof_info.alloc_tctx` being
uninitialized [when it is read at the end of
`prof_free`](90176f8a87/include/jemalloc/internal/prof_inlines.h (L272)).
This commit is contained in:
Kevin Svetlitski 2023-06-15 14:47:20 -07:00 committed by Qi Wang
parent 90176f8a87
commit 210f0d0b2b
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
include/jemalloc/internal/arena_inlines_b.h
View file

@ -96,6 +96,7 @@ arena_prof_info_get(tsd_t *tsd, const void *ptr, emap_alloc_ctx_t *alloc_ctx,
if (reset_recent &&
large_dalloc_safety_checks(edata, ptr,
edata_szind_get(edata))) {
prof_info->alloc_tctx = (prof_tctx_t *)(uintptr_t)1U;
return;
}
large_prof_info_get(tsd, edata, prof_info, reset_recent);