[commit: ghc] master: Fix segfault due to reading non-existent memory (2624298)

git at git.haskell.org git at git.haskell.org
Fri Oct 30 19:20:11 UTC 2015 

Repository : ssh://git@git.haskell.org/ghc

On branch  : master
Link       : http://ghc.haskell.org/trac/ghc/changeset/2624298a0d81e348b879c521b9fae3f389ebab08/ghc

>---------------------------------------------------------------

commit 2624298a0d81e348b879c521b9fae3f389ebab08
Author: Simon Marlow <marlowsd at gmail.com>
Date:   Fri Oct 30 19:53:44 2015 +0100

    Fix segfault due to reading non-existent memory
    
    It was possible to read non-existent memory, if we try to read the
    srt_offset field of an info table when there is no SRT, and the info
    table is right at the start of the text section.
    
    This actually happened to me, I'm not sure why it never happened
    before.
    
    Test Plan: validate
    
    Reviewers: rwbarton, ezyang, austin, bgamari
    
    Reviewed By: austin, bgamari
    
    Subscribers: thomie
    
    Differential Revision: https://phabricator.haskell.org/D1401


>---------------------------------------------------------------

2624298a0d81e348b879c521b9fae3f389ebab08
 rts/sm/Scav.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/rts/sm/Scav.c b/rts/sm/Scav.c
index c441a3d..a28d842 100644
--- a/rts/sm/Scav.c
+++ b/rts/sm/Scav.c
@@ -359,22 +359,34 @@ STATIC_INLINE GNUC_ATTR_HOT void
 scavenge_thunk_srt(const StgInfoTable *info)
 {
     StgThunkInfoTable *thunk_info;
+    nat bitmap;
 
     if (!major_gc) return;
 
     thunk_info = itbl_to_thunk_itbl(info);
-    scavenge_srt((StgClosure **)GET_SRT(thunk_info), thunk_info->i.srt_bitmap);
+    bitmap = thunk_info->i.srt_bitmap;
+    if (bitmap) {
+        // don't read srt_offset if bitmap==0, because it doesn't exist
+        // and so the memory might not be readable.
+        scavenge_srt((StgClosure **)GET_SRT(thunk_info), bitmap);
+    }
 }
 
 STATIC_INLINE GNUC_ATTR_HOT void
 scavenge_fun_srt(const StgInfoTable *info)
 {
     StgFunInfoTable *fun_info;
+    nat bitmap;
 
     if (!major_gc) return;
 
     fun_info = itbl_to_fun_itbl(info);
-    scavenge_srt((StgClosure **)GET_FUN_SRT(fun_info), fun_info->i.srt_bitmap);
+    bitmap = fun_info->i.srt_bitmap;
+    if (bitmap) {
+        // don't read srt_offset if bitmap==0, because it doesn't exist
+        // and so the memory might not be readable.
+        scavenge_srt((StgClosure **)GET_FUN_SRT(fun_info), bitmap);
+    }
 }
 
 /* -----------------------------------------------------------------------------

More information about the ghc-commits mailing list