diff options
| author | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-25 18:37:32 +0000 |
|---|---|---|
| committer | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-25 18:37:32 +0000 |
| commit | 6a9d620ead6a9d5e49665dfd41cd816c1c8db8ba (patch) | |
| tree | 06dfabfd018e78f821b3f457c2e658d0afc1d3f7 | |
| parent | 9c561784b3fd74b59e47a54f816bc7af9faa033a (diff) | |
| download | chromium_src-6a9d620ead6a9d5e49665dfd41cd816c1c8db8ba.zip chromium_src-6a9d620ead6a9d5e49665dfd41cd816c1c8db8ba.tar.gz chromium_src-6a9d620ead6a9d5e49665dfd41cd816c1c8db8ba.tar.bz2 | |
Merge 158485 - Ensure we mask freelist pointers properly on 32-bit Linux
Review URL: https://chromiumcodereview.appspot.com/10957067
TBR=jschuh@chromium.org
Review URL: http://codereview.chromium.org/10985025
git-svn-id: svn://svn.chromium.org/chrome/branches/1271/src@158622 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | third_party/tcmalloc/chromium/src/free_list.cc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/third_party/tcmalloc/chromium/src/free_list.cc b/third_party/tcmalloc/chromium/src/free_list.cc index 25159de..578b732 100644 --- a/third_party/tcmalloc/chromium/src/free_list.cc +++ b/third_party/tcmalloc/chromium/src/free_list.cc @@ -82,10 +82,11 @@ void EnsureNonLoop(void* node, void* next) { inline void* MaskPtr(void* p) { // Maximize ASLR entropy and guarantee the result is an invalid address. - const uintptr_t q = ~(reinterpret_cast<intptr_t>(TCMalloc_SystemAlloc) >> 13); + const uintptr_t mask = ~(reinterpret_cast<uintptr_t>(TCMalloc_SystemAlloc) + >> 13) | 1; // Do not mask NULL pointers, otherwise we could leak address state. if (p) - return reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(p) ^ q); + return reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(p) ^ mask); return p; } |