Bug 1932412 - Invalid read in IsValidAllocKind (debug only). r=jonco.

In debug builds, in js::gc::Arena::allocated, valgrind complains about the access to `allocKind` even though it is legitimate, as a result of earlier client requests to mark the area as no-access. This patch makes those errors disappear by temporarily disabling reporting of addressing errors in that range. Differential Revision: https://phabricator.services.mozilla.com/D247038
2025-05-07 04:25:54 +00:00
parent 28d37a5b05
commit b7064a9f1d
1 changed files with 14 additions and 0 deletions
--- a/js/src/gc/Heap.cpp
+++ b/js/src/gc/Heap.cpp
@@ -94,6 +94,15 @@ const uint8_t Arena::ThingsPerArena[] = {
 };

 bool Arena::allocated() const {
+#if defined(DEBUG) && defined(MOZ_VALGRIND)
+  // In debug builds, valgrind complains about the access to `allocKind` even
+  // though it is legitimate, so temporarily disable reporting of addressing
+  // errors in that range.  Note this doesn't change the state of the address
+  // range, as tracked by valgrind, so subsequent checking against its state is
+  // unaffected.  See bug 1932412.
+  VALGRIND_DISABLE_ADDR_ERROR_REPORTING_IN_RANGE(&allocKind, sizeof(void*));
+#endif
+
  size_t arenaIndex = ArenaChunk::arenaIndex(this);
  size_t pageIndex = ArenaChunk::arenaToPageIndex(arenaIndex);
  bool result = !chunk()->decommittedPages[pageIndex] &&
@@ -101,6 +110,11 @@ bool Arena::allocated() const {
                IsValidAllocKind(allocKind);
  MOZ_ASSERT_IF(result, zone_);
  MOZ_ASSERT_IF(result, (uintptr_t(zone_) & 7) == 0);
+
+#if defined(DEBUG) && defined(MOZ_VALGRIND)
+  // Reenable error reporting for the range we just said to ignore.
+  VALGRIND_ENABLE_ADDR_ERROR_REPORTING_IN_RANGE(&allocKind, sizeof(void*));
+#endif
  return result;
 }