Page MenuHomePhabricator

Fix out-of-bounds write in case of failing mmap(...) in PosixLockedPageAllocator::AllocateLocked
ClosedPublic

Authored by PiRK on Nov 10 2020, 15:34.

Details

Summary

PR description:

mmap(...) returns MAP_FAILED ((void *) -1) in case of allocation failure.

PosixLockedPageAllocator::AllocateLocked(...) did not check for allocation failures prior to this PR.

Instead the invalid memory address (void *) -1 (0xffffffffffffffff) was passed to the caller as if it was a valid address.

After some operations the address is wrapped around from 0xffffffffffffffff to 0x00000003ffdf (0xffffffffffffffff + 262112 == 0x00000003ffdf);

The resulting address 0x00000003ffdf is then written to.

Before this patch (with failing mmap call):

$ src/bitcoind

2019-01-06T16:28:14Z Using the 'sse4(1way),sse41(4way)' SHA256 implementation
2019-01-06T16:28:14Z Using RdRand as an additional entropy source
Segmentation fault (core dumped)

After this patch (with failing mmap call):

$ src/bitcoind

2019-01-06T15:50:18Z Using the 'sse4(1way),sse41(4way)' SHA256 implementation
2019-01-06T15:50:18Z Using RdRand as an additional entropy source
2019-01-06T15:50:18Z

************************
EXCEPTION: St9bad_alloc
std::bad_alloc
bitcoin in AppInit()



************************
EXCEPTION: St9bad_alloc
std::bad_alloc
bitcoin in AppInit()

2019-01-06T15:50:18Z Shutdown: In progress...
2019-01-06T15:50:18Z Shutdown: done

This is a backport of Core PR15117

Test Plan

ninja all check-all

Diff Detail