From: Yonatan Komornik <yoniko@gmail.com>
Date: Tue, 24 Jan 2023 20:54:43 +0000 (-0800)
Subject: Bug fix redzones by unpoisoning only the intended buffer and not the followup redzone.
X-Git-Tag: v1.5.4^2~30^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F3451%2Fhead;p=thirdparty%2Fzstd.git

Bug fix redzones by unpoisoning only the intended buffer and not the followup redzone.
---

diff --git a/lib/compress/zstd_cwksp.h b/lib/compress/zstd_cwksp.h
index 70a359a27..97676693b 100644
--- a/lib/compress/zstd_cwksp.h
+++ b/lib/compress/zstd_cwksp.h
@@ -348,7 +348,9 @@ ZSTD_cwksp_reserve_internal(ZSTD_cwksp* ws, size_t bytes, ZSTD_cwksp_alloc_phase
     if (alloc) {
         alloc = (BYTE *)alloc + ZSTD_CWKSP_ASAN_REDZONE_SIZE;
         if (ws->isStatic == ZSTD_cwksp_dynamic_alloc) {
-            __asan_unpoison_memory_region(alloc, bytes);
+            /* We need to keep the redzone poisoned while unpoisoning the bytes that
+             * are actually allocated. */
+            __asan_unpoison_memory_region(alloc, bytes - 2 * ZSTD_CWKSP_ASAN_REDZONE_SIZE);
         }
     }
 #endif