Skip to content

fix(allocator): fix soundness hole in Allocator::alloc_bytes_start#13141

Merged
graphite-app[bot] merged 1 commit intomainfrom
08-16-fix_allocator_fix_soundness_hole_in_allocator_alloc_bytes_start_
Aug 19, 2025
Merged

fix(allocator): fix soundness hole in Allocator::alloc_bytes_start#13141
graphite-app[bot] merged 1 commit intomainfrom
08-16-fix_allocator_fix_soundness_hole_in_allocator_alloc_bytes_start_

Conversation

@overlookmotel
Copy link
Member

@overlookmotel overlookmotel commented Aug 16, 2025
edited
Loading

Fix a bug in Allocator::alloc_bytes_start which could have resulted in UB.

Previously, if called with size: usize::MAX, the rounding up calculation would wrap around so it would not allocate any space in the arena. This PR makes sure such a large size causes a panic as it should.

In practice I don't think there was a real risk of alloc_bytes_start being called with such an absurdly large size, but regardless, we need to handle the edge cases.

@overlookmotel Graphite App
Copy link
Member Author

overlookmotel commented Aug 16, 2025

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

  • 0-merge - adds this PR to the back of the merge queue
  • hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@github-actions github-actions bot added the C-bug Category - Bug label Aug 16, 2025
@codspeed-hq
Copy link

codspeed-hq bot commented Aug 16, 2025
edited
Loading

CodSpeed Instrumentation Performance Report

Merging #13141 will not alter performance

Comparing 08-16-fix_allocator_fix_soundness_hole_in_allocator_alloc_bytes_start_ (8264664) with main (3f92fa8)1

Summary

✅ 34 untouched benchmarks

Footnotes

  1. No successful run was found on main (8264664) during the generation of this report, so 3f92fa8 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report.

@overlookmotel overlookmotel marked this pull request as ready for review August 16, 2025 13:58
Copilot AI review requested due to automatic review settings August 16, 2025 13:58
Copilot AI reviewed Aug 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes a soundness hole in Allocator::alloc_bytes_start that could lead to undefined behavior when called with extremely large size values. The fix prevents integer overflow during alignment calculations that could result in insufficient memory allocation.

  • Replaces potentially overflowing addition with saturating_add to handle edge cases safely
  • Adds comprehensive documentation explaining the overflow prevention strategy
  • Ensures that oversized allocation requests will be properly rejected by downstream capacity checks

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@overlookmotel overlookmotel force-pushed the 08-16-fix_allocator_fix_soundness_hole_in_allocator_alloc_bytes_start_ branch from 475f1ac to baf116e Compare August 18, 2025 19:14
@overlookmotel
Copy link
Member Author

overlookmotel commented Aug 19, 2025

I don't think anyone has time to review, and I'm the one who knows this code best, so merging.

@overlookmotel overlookmotel added the 0-merge Merge with Graphite Merge Queue label Aug 19, 2025
@overlookmotel Graphite App
Copy link
Member Author

overlookmotel commented Aug 19, 2025
edited by graphite-app bot
Loading

Merge activity

@overlookmotel
fix(allocator): fix soundness hole in Allocator::alloc_bytes_start (#…
8264664 
…13141)

Fix a bug in `Allocator::alloc_bytes_start` which could have resulted in UB.

Previously, if called with `size: usize::MAX`, the rounding up calculation would wrap around so it would not allocate any space in the arena. This PR makes sure such a large `size` causes a panic as it should.

In practice I don't think there was a real risk of `alloc_bytes_start` being called with such an absurdly large `size`, but regardless, we need to handle the edge cases.
@graphite-app graphite-app bot force-pushed the 08-16-fix_allocator_fix_soundness_hole_in_allocator_alloc_bytes_start_ branch from baf116e to 8264664 Compare August 19, 2025 15:13
@graphite-app graphite-app bot merged commit 8264664 into main Aug 19, 2025
25 checks passed
@graphite-app graphite-app bot deleted the 08-16-fix_allocator_fix_soundness_hole_in_allocator_alloc_bytes_start_ branch August 19, 2025 15:19
@graphite-app graphite-app bot removed the 0-merge Merge with Graphite Merge Queue label Aug 19, 2025
@oxc-bot oxc-bot mentioned this pull request Aug 20, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

C-bug Category - Bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@overlookmotel