Snippets Groups Projects

Commit 39cc88e7 authored 3 years ago by Moritz Angermann Committed by Ben Gamari 3 years ago

[rts] Untag bq->bh prior to reading the info table

In `checkBlockingQueues` we must always untag the `bh` field of an `StgBlockingQueue`.
While at first glance it might seem a sensible assumption that `bh` will
always be a blackhole and therefore never be tagged, the GC could
shortcut the indirection and put a tagged pointer into the indirection.

This blew up on aarch64-darwin with a misaligned access. `bh` pointed
to an address that always ended in 0xa. On architectures that
are a little less strict about alignment, this would have read
a garbage info table pointer, which very, very unlikely would have been equal to
`stg_BLACKHOLE_info` and therefore things accidentally worked. However,
on AArch64, the read of the info table pointer resulted in a SIGBUS due
to misaligned read.

Fixes #20093.

(cherry picked from commit 1832676a)

parent 8848c398

2 merge requests!7224Draft: Don't panic in Parser.rs,!6293Backports for 9.2.1

Hide whitespace changes

Inline Side-by-side

Showing with 12 additions and 1 deletion

Ben Gamari @bgamari
mentioned in issue #20093 (closed)
· 3 years ago

mentioned in issue #20093 (closed)

mentioned in issue #20093

Toggle commit list
Ben Gamari @bgamari
mentioned in issue #20129
· 3 years ago

mentioned in issue #20129

mentioned in issue #20129

Toggle commit list

Please register or to comment