From eaafec446137544986b682dcb2c0d64fb5a2b52a Mon Sep 17 00:00:00 2001
From: gfelber <34159565+gfelber@users.noreply.github.com>
Date: Sun, 27 Oct 2024 10:59:56 +0100
Subject: [PATCH] enforce first null byte in CANARY

+ added MI_CANARY_MASK to enforce the LSB is 0
---
 include/mimalloc/types.h | 1 +
 src/alloc.c              | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/mimalloc/types.h b/include/mimalloc/types.h
index d1e6e5d8..4e783e7f 100644
--- a/include/mimalloc/types.h
+++ b/include/mimalloc/types.h
@@ -472,6 +472,7 @@ typedef struct mi_padding_s {
   uint32_t canary; // encoded block value to check validity of the padding (in case of overflow)
   uint32_t delta;  // padding bytes before the block. (mi_usable_size(p) - delta == exact allocated bytes)
 } mi_padding_t;
+#define MI_CANARY_MASK    (0xffffff00)
 #define MI_PADDING_SIZE   (sizeof(mi_padding_t))
 #define MI_PADDING_WSIZE  ((MI_PADDING_SIZE + MI_INTPTR_SIZE - 1) / MI_INTPTR_SIZE)
 #else
diff --git a/src/alloc.c b/src/alloc.c
index ca60c11a..aa60251c 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -99,7 +99,7 @@ extern inline void* _mi_page_malloc_zero(mi_heap_t* heap, mi_page_t* page, size_
     mi_assert_internal(delta >= 0 && mi_page_usable_block_size(page) >= (size - MI_PADDING_SIZE + delta));
     #endif
     mi_track_mem_defined(padding,sizeof(mi_padding_t));  // note: re-enable since mi_page_usable_block_size may set noaccess
-    padding->canary = (uint32_t)(mi_ptr_encode(page,block,page->keys));
+    padding->canary = (uint32_t)(mi_ptr_encode(page,block,page->keys)) & MI_CANARY_MASK;
     padding->delta  = (uint32_t)(delta);
     #if MI_PADDING_CHECK
     if (!mi_page_is_huge(page)) {