kshareddatacache: Length-checking for memcpy.
Previous commits added exception support if we tried to read from or write to individual pages that were invalid. This doesn't fully cover the cases where memcpy is used across page boundaries (when reading an entry or writing an entry to the cache), which requires verifying the length. It also missed checking the return value of page() in defragment, where the returned pointer was used inline in memcpy(). Now we throw a corrupt-cache exception if we would violate the boundaries established in mmap(). Passes the relevant unit tests and limited fuzz tests mentioned in my last commit. Hopefully this should fix the majority of extant "cache is corrupt" crashers. BUG:255233,293954,281217 FIXED-IN:4.8.4
parent
7f0aaa22
Please register or sign in to comment