RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-10 13:30:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF

Browse Source 
Commit 158fa75 ("MINOR: pools: implement DEBUG_UAF to detect use after free")
implemented pool use-after-free detection, but the mmap() return value isn't
properly checked, preventing the call to pool_alloc_area() from returning
NULL. So on out-of-memory a mangled pointer is returned, causing a crash on
the pool_alloc() site instead of forcing a GC. It doesn't affect regular
operations however, just complicates complex bug investigations.

This fix should be backported to 1.8 and to 1.7.
This commit is contained in:
Willy Tarreau 2018-02-22 11:39:23 +01:00
parent f161d0f51e
commit 5a9cce4653
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/common/memory.h
View File

@ -303,8 +303,10 @@ static inline void pool_free_area(void *area, size_t __maybe_unused size)
static inline void *pool_alloc_area(size_t size) static inline void *pool_alloc_area(size_t size)
{ {
size_t pad = (4096 - size) & 0xFF0; size_t pad = (4096 - size) & 0xFF0;
void *ret;
return mmap(NULL, (size + 4095) & -4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0) + pad; ret = mmap(NULL, (size + 4095) & -4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
return ret == MAP_FAILED ? NULL : ret + pad;
} }
/* frees an area <area> of size <size> allocated by pool_alloc_area(). The /* frees an area <area> of size <size> allocated by pool_alloc_area(). The