Extern/Beef
1
0
Fork 0
mirror of https://github.com/beefytech/Beef.git synced 2025-06-08 19:48:20 +02:00
Code Activity

Fixed some edge cases in write-past-end detection

Browse source
This commit is contained in:
Brian Fiete 2022-06-02 15:01:02 -07:00
parent fd92b4ba93
commit 53376f3861
2 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
BeefRT/dbg/gc.cpp
View file

@ -599,6 +599,7 @@ void* BfObjectAllocate(intptr size, bf::System::Type* objType)
result = BF_do_malloc_pages(ThreadCache::GetCache(), totalSize); result = BF_do_malloc_pages(ThreadCache::GetCache(), totalSize);
} }
BF_ASSERT(totalSize - size <= kPageSize);
*(uint16*)((uint8*)result + size) = 0xBFBF; *(uint16*)((uint8*)result + size) = 0xBFBF;
*(uint16*)((uint8*)result + totalSize - 2) = totalSize - size; *(uint16*)((uint8*)result + totalSize - 2) = totalSize - size;
@ -974,7 +975,7 @@ void BFGC::ObjectDeleteRequested(bf::System::Object* obj)
int sizeOffset = *(uint16*)((uint8*)obj + allocSize - 2); int sizeOffset = *(uint16*)((uint8*)obj + allocSize - 2);
int requestedSize = allocSize - sizeOffset; int requestedSize = allocSize - sizeOffset;
if ((sizeOffset < 4) || (sizeOffset >= allocSize) || (sizeOffset >= kPageSize) || if ((sizeOffset < 4) || (sizeOffset >= allocSize) || (sizeOffset > kPageSize) ||
(*(uint16*)((uint8*)obj + requestedSize) != 0xBFBF)) (*(uint16*)((uint8*)obj + requestedSize) != 0xBFBF))
{ {
Beefy::String err = Beefy::StrFormat("Memory deallocation detected write-past-end error in %d-byte object allocation at 0x%@", requestedSize, obj); Beefy::String err = Beefy::StrFormat("Memory deallocation detected write-past-end error in %d-byte object allocation at 0x%@", requestedSize, obj);

2
BeefRT/dbg/gc_raw.cpp
View file

@ -632,7 +632,7 @@ void BfRawFree(void* ptr)
} }
int markOffset = *markOffsetPtr; int markOffset = *markOffsetPtr;
if ((markOffset < 2) || (markOffset >= allocSize) || (markOffset >= kPageSize) || if ((markOffset < 2) || (markOffset >= allocSize) || (markOffset > kPageSize + 2) ||
(*(uint16*)((uint8*)markOffsetPtr - markOffset) != 0xBFBF)) (*(uint16*)((uint8*)markOffsetPtr - markOffset) != 0xBFBF))
{ {
int requestedSize = (uint8*)markOffsetPtr - (uint8*)ptr - markOffset; int requestedSize = (uint8*)markOffsetPtr - (uint8*)ptr - markOffset;