[scudo] Fix stack depot validation. (#87024)
In the StackDepot::isValid function, there is work to validate the
TabMask variable. Unfortunately, if TabMask is set to the maximum
allowed value, TabSize = TabMask + 1 becomes zero and validation passes.
Disallow that case to prevent invalid reads into the Tab structure.
GitOrigin-RevId: 7a87902684b5e15644f037401e88b1f0c2c5fc6f
diff --git a/lib/scudo/standalone/stack_depot.h b/lib/scudo/standalone/stack_depot.h
index cf3cabf..98cd970 100644
--- a/lib/scudo/standalone/stack_depot.h
+++ b/lib/scudo/standalone/stack_depot.h
@@ -112,7 +112,7 @@
if (TabMask == 0)
return false;
uptr TabSize = TabMask + 1;
- if (!isPowerOfTwo(TabSize))
+ if (TabSize == 0 || !isPowerOfTwo(TabSize))
return false;
uptr TabBytes = sizeof(atomic_u32) * TabSize;