[cfi] Fix __cfi_check address calculation. The current code is incorrect when the target address is 18 bit aligned. Test: stops random (and extremely rare) crashes in media.extractor Bug: 63400743 Bug: 65590288 Change-Id: I65b45ff0c4b57a7ff08d3f5b3d80f41167d3c0f8

commit: ded4524cb0a2ad931468409ff0f4817f9c0a8925 [log] [tgz]
author: Evgenii Stepanov <eugenis@google.com> Fri Sep 15 13:58:58 2017 -0700
committer: Evgenii Stepanov <eugenis@google.com> Fri Sep 15 14:15:54 2017 -0700
tree: b29a6087860266b044a54cb19e38605167362ebb
parent: 3b64f8ecb3db49574cc5b7c6030be98c159be4d4 [diff] [blame]
diff --git a/libdl/libdl_cfi.cpp b/libdl/libdl_cfi.cpp
index 483364f..1dd5b21 100644
--- a/libdl/libdl_cfi.cpp
+++ b/libdl/libdl_cfi.cpp

@@ -52,7 +52,10 @@
 
 static uintptr_t cfi_check_addr(uint16_t v, void* Ptr) {
   uintptr_t addr = reinterpret_cast<uintptr_t>(Ptr);
-  uintptr_t aligned_addr = align_up(addr, CFIShadow::kShadowAlign);
+  // The aligned range of [0, kShadowAlign) uses a single shadow element, therefore all pointers in
+  // this range must get the same aligned_addr below. This matches CFIShadowWriter::Add; not the
+  // same as align_up().
+  uintptr_t aligned_addr = align_down(addr, CFIShadow::kShadowAlign) + CFIShadow::kShadowAlign;
   uintptr_t p = aligned_addr - (static_cast<uintptr_t>(v - CFIShadow::kRegularShadowMin)
                                 << CFIShadow::kCfiCheckGranularity);
 #ifdef __arm__
commit	ded4524cb0a2ad931468409ff0f4817f9c0a8925	[log] [tgz]
author	Evgenii Stepanov <eugenis@google.com>	Fri Sep 15 13:58:58 2017 -0700
committer	Evgenii Stepanov <eugenis@google.com>	Fri Sep 15 14:15:54 2017 -0700
tree	b29a6087860266b044a54cb19e38605167362ebb
parent	3b64f8ecb3db49574cc5b7c6030be98c159be4d4 [diff] [blame]