From 6c04b48477b9db8a54cf4c1292a5202e9ed0cff1 Mon Sep 17 00:00:00 2001 From: Jan Kotas Date: Thu, 18 Jan 2024 19:09:19 -0800 Subject: [PATCH] Ensure syncblock is cleared with GC_ALLOC_ZEROING_OPTIONAL (#97174) Fixes #96790 --- src/coreclr/vm/gchelpers.cpp | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/coreclr/vm/gchelpers.cpp b/src/coreclr/vm/gchelpers.cpp index 5bffc9a00ad4d4..ecbf8f09ce293d 100644 --- a/src/coreclr/vm/gchelpers.cpp +++ b/src/coreclr/vm/gchelpers.cpp @@ -434,7 +434,8 @@ OBJECTREF AllocateSzArray(MethodTable* pArrayMT, INT32 cElements, GC_ALLOC_FLAGS // dummy object. // If the GC gives us a 8 byte aligned address, we use it for the array and place the dummy // object after the array, otherwise we put the dummy object first, shifting the base of - // the array to an 8 byte aligned address. + // the array to an 8 byte aligned address. Also, we need to make sure that the syncblock of the + // second object is zeroed. GC won't take care of zeroing it out with GC_ALLOC_ZEROING_OPTIONAL. // // Note: on 64 bit platforms, the GC always returns 8 byte aligned addresses, and we don't // execute this code because DATA_ALIGNMENT < sizeof(double) is false. @@ -447,14 +448,24 @@ OBJECTREF AllocateSzArray(MethodTable* pArrayMT, INT32 cElements, GC_ALLOC_FLAGS orArray = (ArrayBase*)Alloc(totalSize + MIN_OBJECT_SIZE, flags); Object* orDummyObject; - if ((size_t)orArray % sizeof(double)) + if (((size_t)orArray % sizeof(double)) != 0) { orDummyObject = orArray; orArray = (ArrayBase*)((size_t)orArray + MIN_OBJECT_SIZE); + if (flags & GC_ALLOC_ZEROING_OPTIONAL) + { + // clean the syncblock of the aligned array. + *(((void**)orArray)-1) = 0; + } } else { orDummyObject = (Object*)((size_t)orArray + totalSize); + if (flags & GC_ALLOC_ZEROING_OPTIONAL) + { + // clean the syncblock of the dummy object. + *(((void**)orDummyObject)-1) = 0; + } } _ASSERTE(((size_t)orArray % sizeof(double)) == 0); orDummyObject->SetMethodTable(g_pObjectClass);