https://github.com/stepanof updated https://github.com/llvm/llvm-project/pull/198323
>From 5995d3fa8afa145074015bb4feffe9a78a19b69c Mon Sep 17 00:00:00 2001 From: stepanof <[email protected]> Date: Mon, 18 May 2026 07:03:24 -0700 Subject: [PATCH] [libunwind] DwarfFDECache::add: bail out if malloc() returns NULL DwarfFDECache::add() did not check the result of malloc(). On allocation failure the subsequent memcpy() and pointer arithmetic operate on a NULL _buffer, which is undefined behavior and, in low-memory embedded environments where .text is mapped starting at address 0, can silently corrupt code at low addresses. Skip caching the entry on allocation failure instead, releasing the lock first. The cache then degrades gracefully -- subsequent FDE lookups remain correct, just slower for repeated queries. --- libunwind/src/UnwindCursor.hpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libunwind/src/UnwindCursor.hpp b/libunwind/src/UnwindCursor.hpp index ff92c9e0a844a..301a6c996c764 100644 --- a/libunwind/src/UnwindCursor.hpp +++ b/libunwind/src/UnwindCursor.hpp @@ -203,6 +203,12 @@ void DwarfFDECache<A>::add(pint_t mh, pint_t ip_start, pint_t ip_end, size_t newSize = oldSize * 4; // Can't use operator new (we are below it). entry *newBuffer = (entry *)malloc(newSize * sizeof(entry)); + if (newBuffer == NULL) { + // Out of memory: skip caching this entry rather than corrupting + // memory by writing through a NULL _buffer. + _LIBUNWIND_LOG_IF_FALSE(_lock.unlock()); + return; + } memcpy(newBuffer, _buffer, oldSize * sizeof(entry)); if (_buffer != _initialBuffer) free(_buffer); _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
