[前][次][番号順一覧][スレッド一覧]

ruby-changes:68742

From: Mike <ko1@a...>
Date: Thu, 21 Oct 2021 08:13:15 +0900 (JST)
Subject: [ruby-changes:68742] 99d285a75c (master): fix: ensure add_incoming allocates the proper length memory

https://git.ruby-lang.org/ruby.git/commit/?id=99d285a75c

From 99d285a75c8fd1c3b5662982286d4026f9bed190 Mon Sep 17 00:00:00 2001
From: Mike Dalessio <mike.dalessio@g...>
Date: Wed, 10 Feb 2021 09:24:04 -0500
Subject: fix: ensure add_incoming allocates the proper length memory

Without this fix, valgrind reports for zero-length blocks:

==149294== Invalid write of size 4
==149294==    at 0x408121: add_incoming (ujit_core.c:173)
==149294==    by 0x408121: gen_block_version (ujit_core.c:286)
==149294==    by 0x40873C: gen_entry_point (ujit_core.c:303)
==149294==    by 0x3609DF: rb_ujit_compile_iseq (ujit_iface.c:319)
==149294==    by 0x33BD2F: mjit_exec (mjit.h:158)
==149294==    by 0x33BD2F: rb_vm_exec (vm.c:2167)
...
==149294==  Address 0x11278850 is 0 bytes inside a block of size 1 alloc'd
==149294==    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==149294==    by 0x40811B: add_incoming (ujit_core.c:171)
==149294==    by 0x40811B: gen_block_version (ujit_core.c:286)
==149294==    by 0x40873C: gen_entry_point (ujit_core.c:303)
==149294==    by 0x3609DF: rb_ujit_compile_iseq (ujit_iface.c:319)
==149294==    by 0x33BD2F: mjit_exec (mjit.h:158)
==149294==    by 0x33BD2F: rb_vm_exec (vm.c:2167)
---
 ujit_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ujit_core.c b/ujit_core.c
index 105769955c..63a482aefe 100644
--- a/ujit_core.c
+++ b/ujit_core.c
@@ -175,7 +175,7 @@ static void add_block_version(blockid_t blockid, block_t* block) https://github.com/ruby/ruby/blob/trunk/ujit_core.c#L175
 static void add_incoming(block_t* p_block, uint32_t branch_idx)
 {
     // Add this branch to the list of incoming branches for the target
-    uint32_t* new_list = malloc(sizeof(uint32_t) * p_block->num_incoming + 1);
+    uint32_t* new_list = malloc(sizeof(uint32_t) * (p_block->num_incoming + 1));
     memcpy(new_list, p_block->incoming, p_block->num_incoming);
     new_list[p_block->num_incoming] = branch_idx;
     p_block->incoming = new_list;
-- 
cgit v1.2.1


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]