Fix: handle reference count overflow
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 19 Jan 2016 20:23:01 +0000 (15:23 -0500)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 19 Jan 2016 20:31:13 +0000 (15:31 -0500)
commit3a03e6f37ee999c96024b8b99ba875a688fa1fe9
tree046fb24aae033044469bd9210eb355097fb8cb80
parente9529b91ce756b476f5ad339512482c93c03c046
Fix: handle reference count overflow

The urcu refcounting API features a look and feel similar to the Linux
kernel reference counting API, which has been the subject of
CVE-2016-0728 (use-after-free). Therefore, improve the urcu refcounting
API by dealing with reference counting overflow.

For urcu_ref_get(), handle this by comparing the prior value with
LONG_MAX before updating it with a cmpxchg. When an overflow would
occur, trigger a abort() rather than allowing the overflow (which is a
use-after-free security concern).

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
urcu/ref.h
This page took 0.025002 seconds and 4 git commands to generate.