From: W. Felix Handte <w@felixhandte.com>
Date: Wed, 16 Aug 2023 16:09:12 +0000 (-0400)
Subject: Unpoison Workspace Memory Before Freeing to Custom Free
X-Git-Tag: v1.5.6^2~135^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9987d2f5942a7701b388eec4307be71a121e5652;p=thirdparty%2Fzstd.git

Unpoison Workspace Memory Before Freeing to Custom Free

MSAN is hooked into the system malloc, but when the user provides a custom
allocator, it may not provide the same cleansing behavior. So if we leave
memory poisoned and return it to the user's allocator, where it is re-used
elsewhere, our poisoning can blow up in some other context.
---

diff --git a/lib/compress/zstd_cwksp.h b/lib/compress/zstd_cwksp.h
index 9aeed1943..a3efc56e5 100644
--- a/lib/compress/zstd_cwksp.h
+++ b/lib/compress/zstd_cwksp.h
@@ -676,6 +676,11 @@ MEM_STATIC size_t ZSTD_cwksp_create(ZSTD_cwksp* ws, size_t size, ZSTD_customMem
 MEM_STATIC void ZSTD_cwksp_free(ZSTD_cwksp* ws, ZSTD_customMem customMem) {
     void *ptr = ws->workspace;
     DEBUGLOG(4, "cwksp: freeing workspace");
+#if ZSTD_MEMORY_SANITIZER && !defined(ZSTD_MSAN_DONT_POISON_WORKSPACE)
+    if (ptr != NULL && customMem.customFree != NULL) {
+        __msan_unpoison(ptr, ZSTD_cwksp_sizeof(ws));
+    }
+#endif
     ZSTD_memset(ws, 0, sizeof(ZSTD_cwksp));
     ZSTD_customFree(ptr, customMem);
 }