From: Andi McClure <andi.mcclure@xamarin.com>
Date: Wed, 30 Mar 2016 21:09:08 +0000 (-0400)
Subject: Improve a safety check when writing data into StatBuffer
X-Git-Url: http://wien.tomnetworks.com/gitweb/?a=commitdiff_plain;h=a80b7cc0a3d22dc13f29ddc4858092d998c43c18;p=mono.git

Improve a safety check when writing data into StatBuffer

The safety check should occur such that if the new value for
StatBuffer::cursor is beyond the bounds of the StatBuffer, the cursor
is not updated.
---

diff --git a/mono/profiler/proflog.c b/mono/profiler/proflog.c
index 7d4a3acc3ae..99d6ad4bbe5 100644
--- a/mono/profiler/proflog.c
+++ b/mono/profiler/proflog.c
@@ -2074,10 +2074,11 @@ mono_sample_hit (MonoProfiler *profiler, unsigned char *ip, void *context)
 	do {
 		old_data = sbuf->cursor;
 		new_data = old_data + SAMPLE_EVENT_SIZE_IN_SLOTS (bt_data.count);
+		if (new_data > sbuf->buf_end)
+			return; /* Not enough room in buf to hold this event-- lost event */
 		data = (uintptr_t *)InterlockedCompareExchangePointer ((void * volatile*)&sbuf->cursor, new_data, old_data);
 	} while (data != old_data);
-	if (old_data >= sbuf->buf_end)
-		return; /* lost event */
+
 	old_data [0] = 1 | (sample_type << 16) | (bt_data.count << 8);
 	old_data [1] = thread_id ();
 	old_data [2] = elapsed;