summaryrefslogtreecommitdiff
path: root/rts
diff options
context:
space:
mode:
authorPhuong Trinh <lolotp@fb.com>2019-04-25 18:44:02 +0100
committerMarge Bot <ben+marge-bot@smart-cactus.org>2019-06-13 02:48:50 -0400
commitfc6b23be509e290f8d27775a1c637284a335ed81 (patch)
treee977d63250a03296011b58434034cb2c471bf43f /rts
parent5ffc266e9c5ec8ed6010835165a65bd1f6b56dd4 (diff)
downloadhaskell-fc6b23be509e290f8d27775a1c637284a335ed81.tar.gz
Fix #16525: ObjectCode freed wrongly because of lack of info header check
`checkUnload` currently doesn't check the info header of static objects. Thus, it may free an `ObjectCode` struct wrongly even if there's still a live static object whose info header lies in a mapped section of that `ObjectCode`. This fixes the issue by adding an appropriate check.
Diffstat (limited to 'rts')
-rw-r--r--rts/CheckUnload.c1
-rw-r--r--rts/Linker.c6
-rw-r--r--rts/linker/M32Alloc.c2
3 files changed, 8 insertions, 1 deletions
diff --git a/rts/CheckUnload.c b/rts/CheckUnload.c
index 0af9f464a1..f658d2c73d 100644
--- a/rts/CheckUnload.c
+++ b/rts/CheckUnload.c
@@ -404,6 +404,7 @@ void checkUnload (StgClosure *static_objects)
p = UNTAG_STATIC_LIST_PTR(p);
checkAddress(addrs, p, s_indices);
info = get_itbl(p);
+ checkAddress(addrs, info, s_indices);
link = *STATIC_LINK(info, p);
}
diff --git a/rts/Linker.c b/rts/Linker.c
index 6f0ba58abb..9fb91bf3ca 100644
--- a/rts/Linker.c
+++ b/rts/Linker.c
@@ -1185,11 +1185,17 @@ void freeObjectCode (ObjectCode *oc)
oc->sections[i].mapped_size);
break;
case SECTION_M32:
+ IF_DEBUG(sanity,
+ memset(oc->sections[i].start,
+ 0x00, oc->sections[i].size));
m32_free(oc->sections[i].start,
oc->sections[i].size);
break;
#endif
case SECTION_MALLOC:
+ IF_DEBUG(sanity,
+ memset(oc->sections[i].start,
+ 0x00, oc->sections[i].size));
stgFree(oc->sections[i].start);
break;
default:
diff --git a/rts/linker/M32Alloc.c b/rts/linker/M32Alloc.c
index 52b182e54d..33c4335286 100644
--- a/rts/linker/M32Alloc.c
+++ b/rts/linker/M32Alloc.c
@@ -24,7 +24,7 @@ Note [Compile Time Trickery]
This file implements two versions of each of the `m32_*` functions. At the top
of the file there is the real implementation (compiled in when
`RTS_LINKER_USE_MMAP` is true) and a dummy implementation that exists only to
-satisfy the compiler and which hould never be called. If any of these dummy
+satisfy the compiler and which should never be called. If any of these dummy
implementations are called the program will abort.
The rationale for this is to allow the calling code to be written without using