Fix subtraction of unrelated pointers and integer overflow in FreeStackWinding.
In rare cases "i" would non-deterministically be between 0 and 2 even though the
pointers were in unrelated addresses, which caused a spurious free of one of
the three windings - eventually the real free would happen, be detected as a
double free and an exit(1) would ensue.
Example contents of w and stack->windings that triggered this in a test: 0xa9251c0 0x7f440a924f78
TTimo
commented
6 years ago
Fix subtraction of unrelated pointers and integer overflow in FreeStackWinding.
In rare cases "i" would non-deterministically be between 0 and 2 even though the pointers were in unrelated addresses, which caused a spurious free of one of the three windings - eventually the real free would happen, be detected as a double free and an exit(1) would ensue.
Example contents of w and stack->windings that triggered this in a test: 0xa9251c0 0x7f440a924f78
Checking for pointer equality makes the behavior defined and correct: http://port70.net/~nsz/c/c99/n1256.html#6.5.9