Fix issue 5741, use after free

2020-06-28 14:33:41 -06:00 · 2020-06-28 14:33:41 -06:00 · c2eead9629
commit c2eead9629
parent 374e3e42e0
2 changed files with 5 additions and 3 deletions
--- a/lib/std/heap.zig
+++ b/lib/std/heap.zig
@ -714,6 +714,11 @@ test "PageAllocator" {
        slice[127] = 0x34;
        allocator.free(slice);
    }
+    {
+        var buf = try allocator.alloc(u8, mem.page_size + 1);
+        defer allocator.free(buf);
+        buf = try allocator.realloc(buf, 1); // shrink past the page boundary
+    }
 }

 test "HeapAllocator" {
--- a/lib/std/mem.zig
+++ b/lib/std/mem.zig
@ -116,9 +116,6 @@ pub const Allocator = struct {
        if (isAligned(@ptrToInt(old_mem.ptr), new_alignment)) {
            if (new_byte_count <= old_mem.len) {
                const shrunk_len = self.shrinkBytes(old_mem, new_byte_count, len_align);
-                if (shrunk_len < old_mem.len) {
-                    @memset(old_mem.ptr + shrunk_len, undefined, old_mem.len - shrunk_len);
-                }
                return old_mem.ptr[0..shrunk_len];
            }
            if (self.callResizeFn(old_mem, new_byte_count, len_align)) |resized_len| {