commit ef0f2327c5ffa59da19af48e30e0eb3f3c3af720
author Vitaly Buka <vitalybuka@google.com> Wed Jun 30 20:22:41 2021 -0700
committer Copybara-Service <copybara-worker@google.com> Thu Jul 15 20:04:12 2021 -0700
tree ca6249b1acbd533a997b91dc87f0b3f5c9c6a3fc
parent 73abfb421a37aac019eb278e8f07aba9345c5224

[scudo] Untag BlockEnd in reallocate

If we get here from reallocate, BlockEnd is tagged. Then we
will storeTag(UntaggedEnd) into the header of the next chunk.

Luckily header tag is 0 so unpatched code still works.

Reviewed By: pcc

Differential Revision: https://reviews.llvm.org/D105261

GitOrigin-RevId: fe30963600ea579d4046c9a92c6e38cc2be0e9a2

combined.h

diff --git a/combined.h b/combined.h
index e8bb8bf..fd5360c 100644
--- a/combined.h
+++ b/combined.h
@@ -639,7 +639,7 @@
           if (ClassId) {
             resizeTaggedChunk(reinterpret_cast<uptr>(OldTaggedPtr) + OldSize,
                               reinterpret_cast<uptr>(OldTaggedPtr) + NewSize,
-                              NewSize, BlockEnd);
+                              NewSize, untagPointer(BlockEnd));
             storePrimaryAllocationStackMaybe(Options, OldPtr);
           } else {
             storeSecondaryAllocationStackMaybe(Options, OldPtr, NewSize);
@@ -1154,6 +1154,7 @@
   // address tags against chunks. To allow matching in this case we store the
   // address tag in the first byte of the chunk.
   void storeEndMarker(uptr End, uptr Size, uptr BlockEnd) {
+    DCHECK_EQ(BlockEnd, untagPointer(BlockEnd));
     uptr UntaggedEnd = untagPointer(End);
     if (UntaggedEnd != BlockEnd) {
       storeTag(UntaggedEnd);