Skip to content

Fix GC heap corruption on ARM #1389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 8, 2020
Merged

Fix GC heap corruption on ARM #1389

merged 1 commit into from
Jan 8, 2020

Conversation

AntonLapounov
Copy link
Member

The allocate_in_free code path in the allocate_in_expanded_heap function would incorrectly calculate the large (double) alignment padding size when limiting the plug size (SHORT_PLUGS) if set_padding_on_saved_p was true:

set_padding_in_expand (old_loc, set_padding_on_saved_p, pinned_plug_entry); // Sets the padding flag on the saved plug
...
pad += switch_alignment_size (is_plug_padded (old_loc)); // Reads the padding flag from the old (different!) plug

That caused access violation during a later heap walk since the g_gc_pFreeObjectMethodTable pointer marking the gap was not placed at the right address.

@AntonLapounov
Fix GC heap corruption on ARM.
d7f7d72 
The allocate_in_free code path in allocate_in_expanded_heap incorrectly calculated the large (double) alignment padding size when limiting the plug size (SHORT_PLUGS) if set_padding_on_saved_p was true:

    set_padding_in_expand (old_loc, set_padding_on_saved_p, pinned_plug_entry); // Sets the padding flag on the saved plug
    ...
    pad += switch_alignment_size (is_plug_padded (old_loc)); // Reads the padding flag from the old (different!) plug

That caused access violation during a later heap walk since the g_gc_pFreeObjectMethodTable pointer marking the gap was not placed at the right address.
@AntonLapounov AntonLapounov requested a review from Maoni0 January 7, 2020 23:25
@AntonLapounov AntonLapounov self-assigned this Jan 7, 2020
@AntonLapounov AntonLapounov merged commit 7c24ebc into dotnet:master Jan 8, 2020
@AntonLapounov AntonLapounov deleted the FixGCHeapCorruptionOnARM2 branch January 8, 2020 10:12
AntonLapounov added a commit to AntonLapounov/coreclr that referenced this pull request Jan 10, 2020
@AntonLapounov
Fix GC heap corruption on ARM.
efe5e14 
Port of dotnet/runtime#1389.
@AntonLapounov AntonLapounov mentioned this pull request Jan 10, 2020
Merged
Anipik pushed a commit to dotnet/coreclr that referenced this pull request Feb 13, 2020
@AntonLapounov
Fix GC heap corruption on ARM. (#27985)
75d2c46 
Port of dotnet/runtime#1389.
@ghost ghost locked as resolved and limited conversation to collaborators Dec 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Maoni0 Maoni0 Maoni0 approved these changes

Assignees

@AntonLapounov AntonLapounov

Labels
arch-arm32 area-GC-coreclr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AntonLapounov @Maoni0