beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-21 23:20:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

AK: Align last bump allocated chunk's end offset to the type size too

Browse source 
Otherwise we can end up freeing garbage memory with some type sizes.
This commit is contained in:
Ali Mohammad Pur 2022-11-03 10:25:11 +03:30 committed by Ali Mohammad Pur
parent cfcd6e770c
commit bee9412ae4
Notes: sideshowbarker 2024-07-17 05:13:53 +09:00 
Author: https://github.com/alimpfard
Commit: https://github.com/SerenityOS/serenity/commit/bee9412ae4
Pull-request: https://github.com/SerenityOS/serenity/pull/15994
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
AK/BumpAllocator.h
View file

@ -91,7 +91,7 @@ protected:
if (head_chunk == m_current_chunk)
VERIFY(chunk_header.next_chunk == 0);
auto next_chunk = chunk_header.next_chunk;
fn(head_chunk);
fn(head_chunk + sizeof(ChunkHeader));
head_chunk = next_chunk;
}
}
@ -179,13 +179,13 @@ public:
void destroy_all()
{
this->for_each_chunk([&](auto chunk) {
auto base_ptr = align_up_to(chunk + sizeof(typename Allocator::ChunkHeader), alignof(T));
auto base_ptr = align_up_to(chunk, alignof(T));
// Compute the offset of the first byte *after* this chunk:
FlatPtr end_offset = base_ptr + this->m_chunk_size - chunk;
if (chunk == this->m_current_chunk + sizeof(typename Allocator::ChunkHeader))
end_offset = this->m_byte_offset_into_current_chunk;
// Compute the offset of the first byte *after* the last valid object, in case the end of the chunk does not align with the end of an object:
end_offset = (end_offset / sizeof(T)) * sizeof(T);
if (chunk == this->m_current_chunk)
end_offset = this->m_byte_offset_into_current_chunk;
for (; base_ptr - chunk < end_offset; base_ptr += sizeof(T))
reinterpret_cast<T*>(base_ptr)->~T();
});