Commits on Jul 16, 2015

1. Fix decode realloc bitmap segfault …

   When using an instance with k + m parameter more than 32
   (e.g. k=30, m=20), decoding process might free invalid fragments
   memory passed from an upper application and it might cause double
   free corruption on upper application layer. That is because some
   of realloc_bm calculation like as follows might make invalid handling
   to free memory.
   
   e.g. (for reproducing):
   - k=30, m=20
   - available fragments 0, 1~49 (i.e. fragment 1 dropped) passed in.
   
   and then after decoding...
   
   - liberasurecode frees the realloc memory for fragment 1 *AND 33 (1 + 32)*!
   
   When realloc_bm = 2 (i.e. wants to free only data[1]),
   that if-condition results in as folows:
   
   The result of (realloc_bm & 1 << i):
   
   i = 0 -> 0
   i = 1  -> 2
   i = 2~32 -> 0
   i = 33 -> 2 (overflowing!!!)
   
   This overflowing makes liberasurecode to free the memory for fragment
   33, though the memory must not be freed.
   
   To prevent this corruption, this patch makes the base integer
   as 64bit and liberasurecode to raise an Exception when k + m > 64
   at initialization. (i.e. we cannot use more than 64 fragments with
   current realloc_bm because it is an instance based on int64)

   

   bloodeagle40234 committed Jul 16, 2015
   Configuration menu

   • View commit details
   • Copy full SHA for 453beb5
   • Browse repository at this point

   Copy the full SHA

   453beb5 View commit details

   Browse the repository at this point in the history