commit c2eead9629b60a394aa61e6f96b89647eddce1ea (tree)
parent 374e3e42e0de10d21406c077599cfc4a6a813497
Author: Jonathan Marler <johnnymarler@gmail.com>
Date: Sun, 28 Jun 2020 14:33:41 -0600
Fix issue 5741, use after free
Diffstat:
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/lib/std/heap.zig b/lib/std/heap.zig
@@ -714,6 +714,11 @@ test "PageAllocator" {
slice[127] = 0x34;
allocator.free(slice);
}
+ {
+ var buf = try allocator.alloc(u8, mem.page_size + 1);
+ defer allocator.free(buf);
+ buf = try allocator.realloc(buf, 1); // shrink past the page boundary
+ }
}
test "HeapAllocator" {
diff --git a/lib/std/mem.zig b/lib/std/mem.zig
@@ -116,9 +116,6 @@ pub const Allocator = struct {
if (isAligned(@ptrToInt(old_mem.ptr), new_alignment)) {
if (new_byte_count <= old_mem.len) {
const shrunk_len = self.shrinkBytes(old_mem, new_byte_count, len_align);
- if (shrunk_len < old_mem.len) {
- @memset(old_mem.ptr + shrunk_len, undefined, old_mem.len - shrunk_len);
- }
return old_mem.ptr[0..shrunk_len];
}
if (self.callResizeFn(old_mem, new_byte_count, len_align)) |resized_len| {
