diff options
| author | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-25 01:10:52 +0000 |
|---|---|---|
| committer | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-25 01:10:52 +0000 |
| commit | f89228077b6b9a918910aefc8d6caf4108d8e2c1 (patch) | |
| tree | 635e8d9bcd2aa7ca27579ef5cf3525e5ab240c9d /third_party | |
| parent | 3d70c63252c064722c1ab7355a8ed395832b7ce3 (diff) | |
| download | chromium_src-f89228077b6b9a918910aefc8d6caf4108d8e2c1.zip chromium_src-f89228077b6b9a918910aefc8d6caf4108d8e2c1.tar.gz chromium_src-f89228077b6b9a918910aefc8d6caf4108d8e2c1.tar.bz2 | |
Ensure we mask freelist pointers properly on 32-bit Linux
Review URL: https://chromiumcodereview.appspot.com/10957067
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@158485 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'third_party')
| -rw-r--r-- | third_party/tcmalloc/chromium/src/free_list.cc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/third_party/tcmalloc/chromium/src/free_list.cc b/third_party/tcmalloc/chromium/src/free_list.cc index 25159de..578b732 100644 --- a/third_party/tcmalloc/chromium/src/free_list.cc +++ b/third_party/tcmalloc/chromium/src/free_list.cc @@ -82,10 +82,11 @@ void EnsureNonLoop(void* node, void* next) { inline void* MaskPtr(void* p) { // Maximize ASLR entropy and guarantee the result is an invalid address. - const uintptr_t q = ~(reinterpret_cast<intptr_t>(TCMalloc_SystemAlloc) >> 13); + const uintptr_t mask = ~(reinterpret_cast<uintptr_t>(TCMalloc_SystemAlloc) + >> 13) | 1; // Do not mask NULL pointers, otherwise we could leak address state. if (p) - return reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(p) ^ q); + return reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(p) ^ mask); return p; } |