From 8f68c464676a87c8e8c664af0e35998bc33f3acd Mon Sep 17 00:00:00 2001
From: Feoramund <161657516+Feoramund@users.noreply.github.com>
Date: Sat, 14 Jun 2025 12:03:53 -0400
Subject: [PATCH] mem: Don't unpoison the header of a `Small_Stack` allocation

---
 core/mem/allocators.odin | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/core/mem/allocators.odin b/core/mem/allocators.odin
index 3fafde730..09072f905 100644
--- a/core/mem/allocators.odin
+++ b/core/mem/allocators.odin
@@ -1329,7 +1329,7 @@ This procedure allocates `size` bytes of memory aligned to a boundary specified
 by `alignment`. The allocated memory is not explicitly zero-initialized. This
 procedure returns a slice of the allocated memory region.
 */
-@(require_results)
+@(require_results, no_sanitize_address)
 small_stack_alloc_bytes_non_zeroed :: proc(
 	s:    ^Small_Stack,
 	size: int,
@@ -1349,8 +1349,10 @@ small_stack_alloc_bytes_non_zeroed :: proc(
 	s.offset += padding
 	next_addr := curr_addr + uintptr(padding)
 	header := (^Small_Stack_Allocation_Header)(next_addr - size_of(Small_Stack_Allocation_Header))
-	sanitizer.address_unpoison(header)
 	header.padding = auto_cast padding
+	// We must poison the header, no matter what its state is, because there
+	// may have been an out-of-order free before this point.
+	sanitizer.address_poison(header)
 	s.offset += size
 	s.peak_used = max(s.peak_used, s.offset)
 	result := byte_slice(rawptr(next_addr), size)