Skip to content

Simple memory corruption fix #2273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 22, 2016
Merged

Simple memory corruption fix #2273

merged 1 commit into from
Dec 22, 2016

Conversation

@pleath
Copy link
Contributor

@pleath pleath commented Dec 22, 2016

ByteCodeGenerator::StartBindFunction uses a union in a way that allows a ParseableFunctionInfo to be accessed as though it were a FunctionBody. This led to memory corruption when redeferral changed the meaning of a flag that was meant to protect the accesses. Fixed by removing the union and the flag and using IsFunctionBody/GetFunctionBody to guard against illegal access.

@pleath
Simple memory corruption fix: ByteCodeGenerator::StartBindFunction us…
7225686 
…es a union in a way that allows a ParseableFunctionInfo to be accessed as though it were a FunctionBody. This led to memory corruption when redeferral changed the meaning of a flag that was meant to protect the accesses. Fixed by removing the union and the flag and using IsFunctionBody/GetFunctionBody to guard against illegal access.
@pleath
Copy link
Contributor Author

pleath commented Dec 22, 2016

@dotnet-bot please test Windows x86_debug

@pleath
Copy link
Contributor Author

pleath commented Dec 22, 2016

@rajatd, @digitalinfinity can either of you look at this one? (Thanks.)

@chakrabot chakrabot merged commit 7225686 into chakra-core:release/1.4 Dec 22, 2016
chakrabot pushed a commit that referenced this pull request Dec 22, 2016
@pleath
[MERGE #2273 @pleath] Simple memory corruption fix
1a51b81 
Merge pull request #2273 from pleath:startbindfunction

ByteCodeGenerator::StartBindFunction uses a union in a way that allows a ParseableFunctionInfo to be accessed as though it were a FunctionBody. This led to memory corruption when redeferral changed the meaning of a flag that was meant to protect the accesses. Fixed by removing the union and the flag and using IsFunctionBody/GetFunctionBody to guard against illegal access.
chakrabot pushed a commit that referenced this pull request Dec 22, 2016
@pleath
[1.4>master] [MERGE #2273 @pleath] Simple memory corruption fix
d2a2282 
Merge pull request #2273 from pleath:startbindfunction

ByteCodeGenerator::StartBindFunction uses a union in a way that allows a ParseableFunctionInfo to be accessed as though it were a FunctionBody. This led to memory corruption when redeferral changed the meaning of a flag that was meant to protect the accesses. Fixed by removing the union and the flag and using IsFunctionBody/GetFunctionBody to guard against illegal access.
@digitalinfinity
Copy link
Contributor

digitalinfinity commented Dec 27, 2016

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@digitalinfinity digitalinfinity digitalinfinity approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pleath @digitalinfinity @msftclas @chakrabot