Skip to content

Invalid use of madvise #7609

New issue
New issue
Closed
#8795
Closed
Invalid use of madvise#7609
#8795
Labels
bugObserved behavior contradicts documented or intended behaviorstandard libraryThis issue involves writing Zig code for the standard library.
Milestone
 
0.8.0
@LemonBoy

Description

@LemonBoy
LemonBoy
opened on Dec 30, 2020

In tlsCsprngFill:

    switch (wipe_me.init_state) {
        .uninitialized => {
            if (want_fork_safety) {
                if (maybe_have_wipe_on_fork) {
                    if (std.os.madvise(
                        @ptrCast([*]align(mem.page_size) u8, &wipe_me),
                        @sizeOf(@TypeOf(wipe_me)),
                        std.os.MADV_WIPEONFORK,
                    ))

Where @sizeOf(@TypeOf(wipe_me)) is 0x40 here.

But madvise doesn't give a damn about your 0x40 bytes, as you can see it will happily round it to something much bigger than 0x40.

The end result is that MADV_WIPEONFORK ends up wiping much more than wipe_me, every time you spawn a fresh thread or a child process you're actually zeroing a random page somewhere in memory.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugObserved behavior contradicts documented or intended behaviorstandard libraryThis issue involves writing Zig code for the standard library.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions