diff options
author | Ricky Zhou <ricky@rzhou.org> | 2024-05-27 16:32:57 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-27 16:32:57 -0700 |
commit | 21a39dfb17a4931d99d9a6d561d596c841d9197a (patch) | |
tree | 1eb1eb3d821b564ee71b54f8bcd96345f43bced5 /compiler-rt | |
parent | 1708de1abd512696cec383fee9381c3b498014dc (diff) | |
download | llvm-21a39dfb17a4931d99d9a6d561d596c841d9197a.zip llvm-21a39dfb17a4931d99d9a6d561d596c841d9197a.tar.gz llvm-21a39dfb17a4931d99d9a6d561d596c841d9197a.tar.bz2 |
[XRay][compiler-rt] Fix oob memory access in FDR BufferQueue iterator (#90940)
Before this change, the FDR BufferQueue iterator could access oob memory
due to checks of the form `!Buffers[Offset].Used && Offset != Max`. This
allows access to `Buffers[Max]`, which is past the end of the `Buffers`
array. This can lead to crashes when that memory is not mapped. Fix this
by testing `Offset != Max` first.
Diffstat (limited to 'compiler-rt')
-rw-r--r-- | compiler-rt/lib/xray/xray_buffer_queue.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/compiler-rt/lib/xray/xray_buffer_queue.h b/compiler-rt/lib/xray/xray_buffer_queue.h index e1739d0..8d33f73 100644 --- a/compiler-rt/lib/xray/xray_buffer_queue.h +++ b/compiler-rt/lib/xray/xray_buffer_queue.h @@ -87,7 +87,7 @@ private: DCHECK_NE(Offset, Max); do { ++Offset; - } while (!Buffers[Offset].Used && Offset != Max); + } while (Offset != Max && !Buffers[Offset].Used); return *this; } @@ -107,7 +107,7 @@ private: Max(M) { // We want to advance to the first Offset where the 'Used' property is // true, or to the end of the list/queue. - while (!Buffers[Offset].Used && Offset != Max) { + while (Offset != Max && !Buffers[Offset].Used) { ++Offset; } } |