[scudo] Avoid accessing inaccessible pages in unmap() in secondary (#102367)

ChiaHungDuan · web-flow · commit e9c9fde3b766 · 2024-08-07T15:42:11.000-07:00
diff --git a/compiler-rt/lib/scudo/standalone/secondary.h b/compiler-rt/lib/scudo/standalone/secondary.h
@@ -823,7 +823,11 @@ void MapAllocator<Config>::deallocate(const Options &Options, void *Ptr)
     Cache.store(Options, H->CommitBase, H->CommitSize,
                 reinterpret_cast<uptr>(H + 1), H->MemMap);
   } else {
-    unmap(H->MemMap);
+    // Note that the `H->MemMap` is stored on the pages managed by itself. Take
+    // over the ownership before unmap() so that any operation along with
+    // unmap() won't touch inaccessible pages.
+    MemMapT MemMap = H->MemMap;
+    unmap(MemMap);
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -823,7 +823,11 @@ void MapAllocator<Config>::deallocate(const Options &Options, void *Ptr)`
`823`	`823`	`Cache.store(Options, H->CommitBase, H->CommitSize,`
`824`	`824`	`reinterpret_cast<uptr>(H + 1), H->MemMap);`
`825`	`825`	`} else {`
`826`		`- unmap(H->MemMap);`
	`826`	+ // Note that the `H->MemMap` is stored on the pages managed by itself. Take
	`827`	`+ // over the ownership before unmap() so that any operation along with`
	`828`	`+ // unmap() won't touch inaccessible pages.`
	`829`	`+ MemMapT MemMap = H->MemMap;`
	`830`	`+ unmap(MemMap);`
`827`	`831`	`}`
`828`	`832`	`}`
`829`	`833`