diff options
| author | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-11-06 22:00:46 +0000 |
|---|---|---|
| committer | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-11-06 22:00:46 +0000 |
| commit | 6e3edb411fbcccc3df4f92138029603ddf46950e (patch) | |
| tree | bf0b0d6fbb7d22aa25f2beb91695de377faa9bbf /third_party | |
| parent | 4c699b5136e8637b28ecd7ad624c14e6582cf783 (diff) | |
| download | chromium_src-6e3edb411fbcccc3df4f92138029603ddf46950e.zip chromium_src-6e3edb411fbcccc3df4f92138029603ddf46950e.tar.gz chromium_src-6e3edb411fbcccc3df4f92138029603ddf46950e.tar.bz2 | |
Tweak TCMalloc freelist pointer masking
Previously I wasn't masking NULL freelist pointers because I didn't want to potentially leak address information. However, the branch for this is a hot point, and the leakage risk is still there for non-NULL known values.
Review URL: https://chromiumcodereview.appspot.com/11362046
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@166277 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'third_party')
| -rw-r--r-- | third_party/tcmalloc/chromium/src/free_list.cc | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/third_party/tcmalloc/chromium/src/free_list.cc b/third_party/tcmalloc/chromium/src/free_list.cc index 578b732..eef5f15 100644 --- a/third_party/tcmalloc/chromium/src/free_list.cc +++ b/third_party/tcmalloc/chromium/src/free_list.cc @@ -83,11 +83,8 @@ void EnsureNonLoop(void* node, void* next) { inline void* MaskPtr(void* p) { // Maximize ASLR entropy and guarantee the result is an invalid address. const uintptr_t mask = ~(reinterpret_cast<uintptr_t>(TCMalloc_SystemAlloc) - >> 13) | 1; - // Do not mask NULL pointers, otherwise we could leak address state. - if (p) - return reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(p) ^ mask); - return p; + >> 13); + return reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(p) ^ mask); } inline void* UnmaskPtr(void* p) { |