From e8466b091ae1b86f1fb5ce5028ea2eb5ec3ee465 Mon Sep 17 00:00:00 2001 From: Vedant Ravindra Dhoke <66007382+vedant713@users.noreply.github.com> Date: Sat, 17 May 2025 14:24:30 -0400 Subject: [PATCH 1/7] Fix: Prevent out-of-bounds read in mi_clz32 and mi_ctz32 (#134070) --- Include/internal/mimalloc/mimalloc/internal.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Include/internal/mimalloc/mimalloc/internal.h b/Include/internal/mimalloc/mimalloc/internal.h index d97f51b8eefbe5..107d3be1c2b820 100644 --- a/Include/internal/mimalloc/mimalloc/internal.h +++ b/Include/internal/mimalloc/mimalloc/internal.h @@ -851,7 +851,8 @@ static inline size_t mi_ctz32(uint32_t x) { 31, 27, 13, 23, 21, 19, 16, 7, 26, 12, 18, 6, 11, 5, 10, 9 }; if (x==0) return 32; - return debruijn[((x & -(int32_t)x) * 0x077CB531UL) >> 27]; + return debruijn[(uint32_t)(((x & -(int32_t)x) * 0x077CB531UL) >> 27) & 31]; + } static inline size_t mi_clz32(uint32_t x) { // de Bruijn multiplication, see @@ -865,7 +866,8 @@ static inline size_t mi_clz32(uint32_t x) { x |= x >> 4; x |= x >> 8; x |= x >> 16; - return debruijn[(uint32_t)(x * 0x07C4ACDDUL) >> 27]; + return debruijn[(uint32_t)(x * 0x07C4ACDDUL >> 27) & 31]; + } static inline size_t mi_clz(uintptr_t x) { From 64e971888fb4ca81feac9597b24c91a2b0710047 Mon Sep 17 00:00:00 2001 From: vedant713 <66007382+vedant713@users.noreply.github.com> Date: Sat, 17 May 2025 17:15:23 -0400 Subject: [PATCH 2/7] gh-134070: Add news entry for mimalloc out-of-bounds fix --- .../2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst b/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst new file mode 100644 index 00000000000000..267bcef668f339 --- /dev/null +++ b/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst @@ -0,0 +1,4 @@ +.. gh-issue: 134070 +.. section: Core and Builtins + +Fixed an out-of-bounds read in the generic implementation of `mi_clz32` and `mi_ctz32` in the integrated mimalloc allocator. This bug could occur on platforms with 64-bit `unsigned long` values. Based on upstream fix from microsoft/mimalloc. From c961fa0786daaaabac51b5afb511ce68845a46d6 Mon Sep 17 00:00:00 2001 From: vedant713 <66007382+vedant713@users.noreply.github.com> Date: Sat, 17 May 2025 17:18:08 -0400 Subject: [PATCH 3/7] gh-134070: Add news entry for mimalloc out-of-bounds fix --- .../2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst b/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst index 267bcef668f339..03c5c0a0e5f05a 100644 --- a/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst +++ b/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst @@ -1,4 +1,4 @@ .. gh-issue: 134070 .. section: Core and Builtins -Fixed an out-of-bounds read in the generic implementation of `mi_clz32` and `mi_ctz32` in the integrated mimalloc allocator. This bug could occur on platforms with 64-bit `unsigned long` values. Based on upstream fix from microsoft/mimalloc. +Fixed an out-of-bounds read in the generic implementation of ``mi_clz32`` and ``mi_ctz32`` in the integrated mimalloc allocator. This bug could occur on platforms with 64-bit `unsigned long` values. Based on upstream fix from microsoft/mimalloc. From 911c128a510940518982881d175c0aad1019bea5 Mon Sep 17 00:00:00 2001 From: vedant713 <66007382+vedant713@users.noreply.github.com> Date: Sat, 17 May 2025 17:20:15 -0400 Subject: [PATCH 4/7] gh-134070: Add news entry for mimalloc out-of-bounds fix --- .../2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst | 3 --- 1 file changed, 3 deletions(-) diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst b/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst index 03c5c0a0e5f05a..18c3732f626b22 100644 --- a/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst +++ b/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst @@ -1,4 +1 @@ -.. gh-issue: 134070 -.. section: Core and Builtins - Fixed an out-of-bounds read in the generic implementation of ``mi_clz32`` and ``mi_ctz32`` in the integrated mimalloc allocator. This bug could occur on platforms with 64-bit `unsigned long` values. Based on upstream fix from microsoft/mimalloc. From bce07b258c07fac78e52392729b1c111cfb35f68 Mon Sep 17 00:00:00 2001 From: vedant713 <66007382+vedant713@users.noreply.github.com> Date: Sat, 17 May 2025 17:22:40 -0400 Subject: [PATCH 5/7] gh-134070: Add news entry for mimalloc out-of-bounds fix --- .../2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst b/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst index 18c3732f626b22..9fc40d2020215c 100644 --- a/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst +++ b/Misc/NEWS.d/next/Core_and_Builtins/2025-05-17-16-45-00.gh-issue-134070.vdhoke.rst @@ -1 +1 @@ -Fixed an out-of-bounds read in the generic implementation of ``mi_clz32`` and ``mi_ctz32`` in the integrated mimalloc allocator. This bug could occur on platforms with 64-bit `unsigned long` values. Based on upstream fix from microsoft/mimalloc. +Fixed an out-of-bounds read in the generic implementation of ``mi_clz32`` and ``mi_ctz32`` in the integrated mimalloc allocator. This bug could occur on platforms with 64-bit ``unsigned long`` values. Based on upstream fix from microsoft/mimalloc. From bd186c9452409b8776f9629577033eb4db609e17 Mon Sep 17 00:00:00 2001 From: Vedant Ravindra Dhoke <66007382+vedant713@users.noreply.github.com> Date: Sun, 13 Jul 2025 19:33:40 -0400 Subject: [PATCH 6/7] Update internal.h --- Include/internal/mimalloc/mimalloc/internal.h | 46 +++++++++++++++---- 1 file changed, 36 insertions(+), 10 deletions(-) diff --git a/Include/internal/mimalloc/mimalloc/internal.h b/Include/internal/mimalloc/mimalloc/internal.h index 107d3be1c2b820..2de1892c34c360 100644 --- a/Include/internal/mimalloc/mimalloc/internal.h +++ b/Include/internal/mimalloc/mimalloc/internal.h @@ -844,32 +844,58 @@ static inline size_t mi_ctz(uintptr_t x) { } #else -static inline size_t mi_ctz32(uint32_t x) { - // de Bruijn multiplication, see - static const unsigned char debruijn[32] = { +static inline size_t mi_ctz_generic32(uint32_t x) { + static const uint8_t debruijn[32] = { 0, 1, 28, 2, 29, 14, 24, 3, 30, 22, 20, 15, 25, 17, 4, 8, 31, 27, 13, 23, 21, 19, 16, 7, 26, 12, 18, 6, 11, 5, 10, 9 }; - if (x==0) return 32; - return debruijn[(uint32_t)(((x & -(int32_t)x) * 0x077CB531UL) >> 27) & 31]; - + if (x == 0) return 32; + return debruijn[(uint32_t)((x & -(int32_t)x) * (uint32_t)(0x077CB531U)) >> 27]; } -static inline size_t mi_clz32(uint32_t x) { - // de Bruijn multiplication, see + +static inline size_t mi_clz_generic32(uint32_t x) { static const uint8_t debruijn[32] = { 31, 22, 30, 21, 18, 10, 29, 2, 20, 17, 15, 13, 9, 6, 28, 1, 23, 19, 11, 3, 16, 14, 7, 24, 12, 4, 8, 25, 5, 26, 27, 0 }; - if (x==0) return 32; + if (x == 0) return 32; x |= x >> 1; x |= x >> 2; x |= x >> 4; x |= x >> 8; x |= x >> 16; - return debruijn[(uint32_t)(x * 0x07C4ACDDUL >> 27) & 31]; + return debruijn[(uint32_t)(x * (uint32_t)(0x07C4ACDDU)) >> 27]; +} +static inline size_t mi_ctz(size_t x) { + if (x == 0) return MI_SIZE_BITS; +#if (MI_SIZE_BITS <= 32) + return mi_ctz_generic32((uint32_t)x); +#else + const uint32_t lo = (uint32_t)x; + if (lo != 0) { + return mi_ctz_generic32(lo); + } else { + return 32 + mi_ctz_generic32((uint32_t)(x >> 32)); + } +#endif } +static inline size_t mi_clz(size_t x) { + if (x == 0) return MI_SIZE_BITS; +#if (MI_SIZE_BITS <= 32) + return mi_clz_generic32((uint32_t)x); +#else + const uint32_t hi = (uint32_t)(x >> 32); + if (hi != 0) { + return mi_clz_generic32(hi); + } else { + return 32 + mi_clz_generic32((uint32_t)x); + } +#endif +} + + static inline size_t mi_clz(uintptr_t x) { if (x==0) return MI_INTPTR_BITS; #if (MI_INTPTR_BITS <= 32) From 796a17637ef4efc60865461c8415e76144fa016e Mon Sep 17 00:00:00 2001 From: Vedant Ravindra Dhoke <66007382+vedant713@users.noreply.github.com> Date: Sun, 13 Jul 2025 19:42:51 -0400 Subject: [PATCH 7/7] Update internal.h --- Include/internal/mimalloc/mimalloc/internal.h | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/Include/internal/mimalloc/mimalloc/internal.h b/Include/internal/mimalloc/mimalloc/internal.h index 2de1892c34c360..f3581570c29a6d 100644 --- a/Include/internal/mimalloc/mimalloc/internal.h +++ b/Include/internal/mimalloc/mimalloc/internal.h @@ -895,28 +895,6 @@ static inline size_t mi_clz(size_t x) { #endif } - -static inline size_t mi_clz(uintptr_t x) { - if (x==0) return MI_INTPTR_BITS; -#if (MI_INTPTR_BITS <= 32) - return mi_clz32((uint32_t)x); -#else - size_t count = mi_clz32((uint32_t)(x >> 32)); - if (count < 32) return count; - return (32 + mi_clz32((uint32_t)x)); -#endif -} -static inline size_t mi_ctz(uintptr_t x) { - if (x==0) return MI_INTPTR_BITS; -#if (MI_INTPTR_BITS <= 32) - return mi_ctz32((uint32_t)x); -#else - size_t count = mi_ctz32((uint32_t)x); - if (count < 32) return count; - return (32 + mi_ctz32((uint32_t)(x>>32))); -#endif -} - #endif // "bit scan reverse": Return index of the highest bit (or MI_INTPTR_BITS if `x` is zero) pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy