-
Notifications
You must be signed in to change notification settings - Fork 5.3k
Fixed some potential null derefs in coreclr #123939
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
tpa95
wants to merge
18
commits into
dotnet:main
Choose a base branch
from
tpa95:fix/coreclr-null-derefs
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
18 commits
Select commit
Hold shift + click to select a range
0072cc2
A potential null deref has been fixed.
tpa95 6af8682
Fixed a potential null deref.
tpa95 7f638f0
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 2521671
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 5eb983c
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 583d586
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 975cf57
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 875ef59
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 ba52dd0
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 d77d402
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 8c99425
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 abbc516
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 96c5d6f
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 e0bfb00
Revert "Fixed a potential null deref."
tpa95 99174b2
Fixed a potential null deref.
tpa95 0049e89
Merge branch 'fix/coreclr-null-derefs' of https://github.com/tpa95/ru…
tpa95 5654a4e
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 210648a
Merge branch 'main' into fix/coreclr-null-derefs
tpa95 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is affecting the
munmapcall inerrorbranch.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. If
mprotectfails, we jump to error beforepRetValis assigned, somunmap(pRetVal, MemSize)ends up being called with NULL.Also, I can instead call
munmap((void*)StartBoundary, MemSize)in the error branch.But in the previous version of the code, before commit 435bff2,
pRetValwas initialized before callingmprotect.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fyi @janvorli
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Its not clear to me that calling munmap(NULL, ...) would cause a NULL-deref but it did seem like the intent of the code was to unmap the memory on error. Calling munmap(StartBoundary, ...) might be a clearer way to write that but I'll let @janvorli decide.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the munmap would likely fail with EINVAL and would not dereference NULL. But maybe that if the size is large enough to reach memory mapped by some other mapping, it could cause it to be unmapped. The doc doesn't explicitly specify the behavior.
Also, the memory reserved in this case would leak.
So the fix looks good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @janvorli . Would you prefer moving
pRetVal = (void*)StartBoundary;beforemprotect, or changing the error-path cleanup to callmunmap((void*)StartBoundary, MemSize)instead? I can update the PR accordingly.