Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix jl_gc_internal_obj_base_ptr #50231

Merged
merged 1 commit into from
Jun 22, 2023
Merged

Fix jl_gc_internal_obj_base_ptr #50231

merged 1 commit into from
Jun 22, 2023

Conversation

fingolfin
Copy link
Contributor

The function jl_gc_internal_obj_base_ptr takes a pointer and tries to determine if it is a valid object pointer. As such it has to carefully validate all data it reads, and abort whenever there are obvious inconsistencies.

This patch adds a check which aborts when meta->osize is zero, just before we perform a division-with-remainder by this value, thus avoiding a potential division-by-zero exception. This fixes a crash we are seeing in our code.

The crash did not happen before PR #49644 was merged because back then there was a check for meta->ages not being zero, which apparently was enough to detect invalid values for meta (e.g. when meta points into a null page).

All credits for finding this should go to @benlorenz (see also the discussion at and after oscar-system/GAP.jl#901 (comment)), all misrepresentations are my fault.

Also CC @ThomasBreuer

@fingolfin
Fix jl_gc_internal_obj_base_ptr
ece7c42 
The function `jl_gc_internal_obj_base_ptr` takes a pointer and tries to
determine if it is a valid object pointer. As such it has to carefully
validate all data it reads, and abort whenever there are obvious
inconsistencies.

This patch adds a check which aborts when `meta->osize` is zero, just
before we perform a division-with-remainder by this value, thus avoiding
a potential division-by-zero exception. This fixes a crash we are seeing
in our code.

The crash did not happen before PR JuliaLang#49644 was merged because back then
there was a check for `meta->ages` not being zero, which apparently was
enough to detect invalid values for `meta` (e.g. when `meta` points into
a null page).
@oscardssmith oscardssmith added GC Garbage collector kind:bugfix This change fixes an existing bug labels Jun 20, 2023
@giordano giordano requested a review from d-netto June 20, 2023 21:35
@vtjnash vtjnash merged commit ad120f4 into JuliaLang:master Jun 22, 2023
5 of 8 checks passed
@benlorenz benlorenz mentioned this pull request Jun 23, 2023
Closed
@fingolfin fingolfin deleted the mh/fix-jl_gc_internal_obj_base_ptr branch January 26, 2024 07:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@d-netto d-netto Awaiting requested review from d-netto

Assignees
No one assigned
Labels
GC Garbage collector kind:bugfix This change fixes an existing bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@fingolfin @vtjnash @oscardssmith