It has been discovered that AddressSanitizer does not keep a 1:1 mapping
of which bytes are poisoned and which are not. This can cause issues for
allocations less than 8 bytes and where addresses straddle 8-byte
boundaries.
See the following link for more information:
https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm#mapping
Changed the check from `bytes` to `err` for safety's sake, too.
This will prevent the potential bug of allocating non-zero memory, then
doing a zeroed resize, which will result in having garbage data in the
initial half.
The backup allocator is set at `init` and must stay the same for the
lifetime of the Scratch allocator, as this allocator is used to free all
`leaked_allocations`. Changing it could lead to a situation where the
wrong allocator is used to free a leaked allocation.
This will cause an error if the memory being resized was not the last
allocation, as should be expected according to the description that this
"acts just like stack_free."
1. The size was being adjusted for the alignment which does not make any
sense without the context of the base pointer. Now we just add the
`alignment - 1` to the size if needed then adjust the pointer.
2. The root pointer of the last allocation is now stored in order to
make the free operation more useful (and to cover the right memory
region for ASan).
3. Resizing now only works on the last allocation instead of any address
in a valid range, which resulted in overwriting allocations that had
just been made.
4. `old_memory` is now re-poisoned entirely before the resized range is
returned with the new range unpoisoned. This will guarantee that
there are no unpoisoned gaps.
Fixes#2694
This test harness ensures consistent non-blocking semantics and
validates that we have solved the toctou condition.
The __global_context_for_test is a bit of a hack to fuse together the
test supplied proc and the executing logic in packaage chan.
This is necessary because we need to allow the test guarantee against a
rare condition: where a third-party thread steals a value between the
validity checks can_{send,recv} and the channel operation
try_{send,recv}.
Fixes a TOCTOU where the channel could be used between the call to
can_{recv,send} and {recv,send} causing an unexpected blocking
operation.
To do this we use the non-blocking try_{recv,send} and retry the check
in a loop. This guarantees non-blocking select behaviour, at the cost of
spinning if the input channels are highly contended.
Signed-off-by: Jack Mordaunt <jackmordaunt.dev@gmail.com>
